#llm-security

[ follow ]
#prompt-injection #mitigation #social-engineering #data-exfiltration #shadow-ai #data-leakage #privacy
fromTechRepublic
5 days ago

Viral AI Caricatures Highlight Shadow AI Dangers

"While many have been discussing the privacy risks of people following the ChatGPT caricature trend, the prompt reveals something else alarming - people are talking to their LLMs about work," said Josh Davies, principal market strategist at Fortra, in an email to eSecurityPlanet. He added, "If they are not using a sanctioned ChatGPT instance, they may be inputting sensitive work information into a public LLM. Those who publicly share these images may be putting a target on their back for social engineering attempts, and malicious actors have millions of entries to select attractive targets from."
Information security
Information security
fromTheregister
1 week ago

Posting AI caricatures on social media is bad for security

Posting AI-generated work caricatures publicly can expose personal and employer information, increasing risk of social engineering, LLM account takeovers, and sensitive data theft.
fromTheregister
2 weeks ago

Three clues your LLM may be poisoned

Sleeper agent-style backdoors in AI large language models pose a straight-out-of-sci-fi security threat. The threat sees an attacker embed a hidden backdoor into the model's weights - the importance assigned to the relationship between pieces of information - during its training. Attackers can activate the backdoor using a predefined phrase. Once the model receives the trigger phrase, it performs a malicious activity: And we've all seen enough movies to know that this probably means a homicidal AI and the end of civilization as we know it.
Artificial intelligence
Information security
fromInfoWorld
3 weeks ago

Crooks are hijacking and reselling AI infrastructure: Report

Threat actors are probing and hijacking exposed corporate LLM and MCP endpoints to steal compute, exfiltrate data, and resell API access for profit.
Information security
fromTechzine Global
3 weeks ago

First large-scale LLMjacking generates tens of thousands of attacks

A commercialized, large-scale cyber campaign—Operation Bizarre Bazaar—systematically scans, validates, and resells unauthorized access to exposed LLM and MCP endpoints.
#prompt-injection
fromComputerworld
1 month ago
Information security

One click is all it takes: How 'Reprompt' turned Microsoft Copilot into a data exfiltration tool

fromIT Pro
2 months ago
Information security

NCSC issues urgent warning over growing AI prompt injection risks - here's what you need to know

Information security
fromArs Technica
5 months ago

New attack on ChatGPT research agent pilfers secrets from Gmail inboxes

Prompt injections remain largely unpreventable, forcing LLM providers to rely on reactive, channel-blocking mitigations that require explicit user consent to prevent data exfiltration.
Artificial intelligence
fromTheregister
5 months ago

LegalPwn: Tricking LLMs by burying flaw in legal fine print

Embedding adversarial instructions within legal-style text can bypass LLM guardrails, enabling prompt-injection attacks that force models to produce harmful or disallowed outputs.
fromComputerworld
1 month ago
Information security

One click is all it takes: How 'Reprompt' turned Microsoft Copilot into a data exfiltration tool

fromIT Pro
2 months ago
Information security

NCSC issues urgent warning over growing AI prompt injection risks - here's what you need to know

more#prompt-injection
Information security
fromInfoQ
1 month ago

Open-Source Agent Sandbox Enables Secure Deployment of AI Agents on Kubernetes

Agent Sandbox provides a secure, stateful, declarative Kubernetes API to run isolated, persistent, single-pod environments for safely executing untrusted LLM-generated code and stateful workloads.
fromArs Technica
3 months ago

Critics scoff after Microsoft warns AI feature can infect machines and pilfer data

Microsoft's warning on Tuesday that an experimental AI Agent integrated into Windows can infect devices and pilfer sensitive user data has set off a familiar response from security-minded critics: Why is Big Tech so intent on pushing new features before their dangerous behaviors can be fully understood and contained? As reported Tuesday, Microsoft introduced Copilot Actions, a new set of "experimental agentic features"
Information security
Information security
fromTheregister
3 months ago

LLM side-channel attack could allow snoops to guess topic

A side-channel attack named Whisper Leak can infer prompt topics from encrypted streaming LLM traffic by analyzing packet size and timing, exposing user communications.
Artificial intelligence
fromSecurityWeek
4 months ago

Will AI-SPM Become the Standard Security Layer for Safe AI Adoption?

AI security posture management continuously detects, evaluates, and remediates AI and LLM security and compliance risks, enabling transparent, governed, and policy-aligned AI use.
Startup companies
fromBusiness Insider
4 months ago

This AI startup helps developers safely and cheaply build on top of LLMs from OpenAI and Anthropic. Read its pitch deck.

Requesty centralizes developer access to multiple AI providers, tightening security, enforcing governance, and optimizing costs across large language models.
Information security
fromSecuritymagazine
5 months ago

Generative AI Remains Growing Concern for Organizations

Generative AI adoption is outpacing enterprise security readiness, leaving LLM deployments under-assessed and high-severity vulnerabilities largely unresolved.
fromTheregister
5 months ago

AI can't stop the sprint to adopt hot tech without security

Ollama provides a framework that makes it possible to run large language models locally, on a desktop machine or server. Cisco decided to research it because, in the words of Senior Incident Response Architect Dr. Giannis Tziakouris, Ollama has "gained popularity for its ease of use and local deployment capabilities." Talos researchers used the Shodan scanning tool to find unsecured Ollama servers, and spotted over 1,100, around 20 percent of which are "actively hosting models susceptible to unauthorized access."
Information security
Artificial intelligence
fromTheregister
5 months ago

GitHub engineer: team 'coerced' to put Grok in Copilot

GitHub is adding xAI's Grok Code Fast 1 to Copilot while a whistleblower alleges inadequate security testing and an engineering team under duress.
[ Load more ]