Tag
#owasp
7 posts tagged owasp.
- disclosure
LLM Security Risks: The 2025 Threat Landscape for AI Deployments
A practitioner breakdown of LLM security risks covering the OWASP Top 10 for LLM Applications 2025, MITRE ATLAS AI attack tactics, and concrete mitigation priorities for security and platform teams.
- analysis
LLM Security Risks: A Practitioner's Field Guide for 2025
A comprehensive breakdown of LLM security risks — prompt injection, supply chain poisoning, excessive agency, and model extraction — with mitigation guidance for security and AI platform teams.
- guide
Machine Learning Security: Threats, Frameworks, and Defenses
A practitioner's reference for machine learning security: the canonical attack categories, the frameworks that catalog them (NIST AI 100-2, OWASP ML Top 10, MITRE ATLAS), and the defenses that actually ship in production.
- analysis
OWASP LLM Top 10 2025: What Changed and Why It Matters
The OWASP Top 10 for Large Language Model Applications was updated for 2025. Here is a breakdown of what moved, what was added, and why the changes reflect the evolving threat landscape for AI deployments.
- methodology
A Practical Guide to AI Red-Teaming for Security Teams
Red-teaming LLMs requires different skills and methodology than traditional network or application penetration testing. This guide covers the process, techniques, and what to document.
- incident
How System Prompt Leaks Happen: Techniques and Defenses
Prompt injection attacks that expose system prompts are one of the most common real-world LLM exploits. This post covers the mechanics of system prompt extraction, documented incidents, and defensive controls that actually work.
- primer
Jailbreaking vs Prompt Injection: Not the Same Attack
Security practitioners conflate jailbreaking and prompt injection constantly. They are distinct attack classes with different threat actors, different mitigations, and different risk profiles.