Tag
#llm-security
16 posts tagged llm-security.
- disclosure
LLM Security Risks: The 2025 Threat Landscape for AI Deployments
A practitioner breakdown of LLM security risks covering the OWASP Top 10 for LLM Applications 2025, MITRE ATLAS AI attack tactics, and concrete mitigation priorities for security and platform teams.
- disclosure
Generative AI Risks: A Technical Reference for Security Teams
A practitioner-focused breakdown of generative AI risks mapped against NIST AI 600-1 and the OWASP Top 10 for LLMs — prompt injection, data poisoning, supply-chain compromise, and mitigation priorities.
- disclosure
ChatGPT Security: Patched Flaws, Persistent Gaps, Unsolved Risks
A technical review of ChatGPT security vulnerabilities disclosed in 2025-2026: DNS-based data exfiltration, ZombieAgent prompt injection bypass, Codex command injection, and the credential market driving account takeovers.
- guide
ChatGPT Security: Risks, Controls, and How to Use It Safely
A practitioner's guide to ChatGPT security in 2026: how OpenAI protects enterprise data, where prompt injection and account-takeover risks live, and the controls that actually move the needle.
- analysis
Generative AI Risks: A Practical Taxonomy for Security Teams
Generative AI risks span prompt injection, data poisoning, supply chain vulnerabilities, hallucination, and governance failures. A technical breakdown of the major threat categories with mitigation priorities.
- analysis
LLM Security Risks: A Practitioner's Field Guide for 2025
A comprehensive breakdown of LLM security risks — prompt injection, supply chain poisoning, excessive agency, and model extraction — with mitigation guidance for security and AI platform teams.
- analysis
What Red Teamers Are Finding in 2026: LLM Defense Gaps
Enterprise LLM deployments are being red-teamed at scale for the first time. Security practitioners find consistent failure patterns — misconfigured system prompts, inadequate output filtering, and agentic privilege escalation paths operators didn't anticipate.
- analysis
Major Jailbreak Techniques of 2025: Disclosures and What Persists
A roundup of significant jailbreak techniques disclosed or widely documented in 2025, including many-shot jailbreaking, crescendo attacks, cipher-based bypasses, and their patch status across major models.
- analysis
OWASP LLM Top 10 2025: What Changed and Why It Matters
The OWASP Top 10 for Large Language Model Applications was updated for 2025. Here is a breakdown of what moved, what was added, and why the changes reflect the evolving threat landscape for AI deployments.
- deep-dive
RAG Poisoning: How Retrieval-Augmented Systems Get Compromised
RAG systems inherit all the vulnerabilities of LLMs and add a new one: the retrieval corpus. Injecting malicious content into retrieved sources can hijack model behavior in ways users and operators don't see coming.
- disclosure
AI Security: Attack Categories, Defense Gaps, and How to Respond
A practitioner guide to the four core attack categories against AI/ML systems — from adversarial inputs to supply chain compromise — with mitigation priorities and framework references.
- deep-dive
Model Extraction Attacks: How Adversaries Steal AI via the API
Model extraction attacks reconstruct proprietary AI models by querying their public APIs. Here's how they work, what has been demonstrated against real systems, and how to reduce exposure.
- methodology
A Practical Guide to AI Red-Teaming for Security Teams
Red-teaming LLMs requires different skills and methodology than traditional network or application penetration testing. This guide covers the process, techniques, and what to document.
- deep-dive
LLM Supply Chain Poisoning: Training Data Attacks and Backdoors
Training data poisoning and model supply chain attacks are among the hardest AI threats to detect. This post explains how they work, what public research has demonstrated, and what controls exist.
- incident
How System Prompt Leaks Happen: Techniques and Defenses
Prompt injection attacks that expose system prompts are one of the most common real-world LLM exploits. This post covers the mechanics of system prompt extraction, documented incidents, and defensive controls that actually work.
- primer
Jailbreaking vs Prompt Injection: Not the Same Attack
Security practitioners conflate jailbreaking and prompt injection constantly. They are distinct attack classes with different threat actors, different mitigations, and different risk profiles.