Tag
#llm-security
9 posts tagged llm-security.
- LLM Security
OWASP LLM Top 10 2026 Changes: What's New, What's Gone, and What's Coming
A practitioner breakdown of the OWASP LLM Top 10 2026 changes — two new threat categories dropped, three proposed additions for 2026, and a companion
- LLM Security
LLM Prompt Injection Attack Examples: Direct, Indirect, and Agentic Exploits
A practitioner-level breakdown of LLM prompt injection attack examples — from basic instruction overrides to CVE-rated zero-click exploits in production
- news
AI Sec Weekly: Friday, May 22, 2026
This week's digest: SSRF through agent tool-use, the model supply-chain class and why safetensors matters, and model extraction as a business risk.
- news
AI on the Offense: Google's Zero-Day Warning, Reasoning-Model Jailbreaks, and Government Testing
Google says it caught an attacker using an LLM to find a zero-day, peer-reviewed research shows reasoning models can autonomously jailbreak other models
- news
How LLM Chatbots Leak Data Through Their Own Rendered Output
A recurring AI-security finding: an injected instruction makes the model emit a markdown image whose URL carries the user's data to an attacker server.
- news
AI Sec Weekly: Friday, May 15, 2026
This week's digest: indirect injection becomes the agent-era default, the markdown-rendering data-exfiltration class, and why system-prompt secrecy keeps
- news
The LiteLLM SQL Injection (CVE-2026-42208) and Why AI Gateways Are Crown Jewels
A pre-auth SQL injection in the LiteLLM proxy landed in CISA's KEV catalog and was exploited within roughly 36 hours of disclosure.
- news
Indirect Prompt Injection: The Agent Era's Default Vulnerability
As LLM agents gained tools and memory, the dangerous injection stopped coming from the user and started coming from the data the agent reads.
- news
The OWASP LLM Top 10 (2025) Changed More Than the Numbering
The 2025 revision of the OWASP Top 10 for LLM Applications added system-prompt leakage and vector/embedding weaknesses, and reframed the supply-chain