Risk Assessment and Security Analysis of Large Language Models
Xiaoyan Zhang, Dongyang Lyu, Xiaoqi Li
TL;DR
The paper tackles systemic security risks in LLMs—privacy leakage, bias amplification, and malicious abuse—by proposing a dynamic risk assessment framework and a hierarchical three-layer defence. It combines static and dynamic indicators using entropy-weighted fusion, real-time Prometheus monitoring, and NSFOCUS Risk Matrix thresholds to rapidly detect evolving threats such as jailbreaking and role escapes. The authors implement input filtering, adversarial training with differential privacy, and output watermarking in a cohesive closed-loop system, achieving improved interception rates and lower latency while preserving generation quality. Experimental validation across privacy, bias, and abuse scenarios demonstrates practical viability for secure LLM deployment in finance, healthcare, and other high-stakes settings.
Abstract
As large language models (LLMs) expose systemic security challenges in high risk applications, including privacy leaks, bias amplification, and malicious abuse, there is an urgent need for a dynamic risk assessment and collaborative defence framework that covers their entire life cycle. This paper focuses on the security problems of large language models (LLMs) in critical application scenarios, such as the possibility of disclosure of user data, the deliberate input of harmful instructions, or the models bias. To solve these problems, we describe the design of a system for dynamic risk assessment and a hierarchical defence system that allows different levels of protection to cooperate. This paper presents a risk assessment system capable of evaluating both static and dynamic indicators simultaneously. It uses entropy weighting to calculate essential data, such as the frequency of sensitive words, whether the API call is typical, the realtime risk entropy value is significant, and the degree of context deviation. The experimental results show that the system is capable of identifying concealed attacks, such as role escape, and can perform rapid risk evaluation. The paper uses a hybrid model called BERT-CRF (Bidirectional Encoder Representation from Transformers) at the input layer to identify and filter malicious commands. The model layer uses dynamic adversarial training and differential privacy noise injection technology together. The output layer also has a neural watermarking system that can track the source of the content. In practice, the quality of this method, especially important in terms of customer service in the financial industry.