Tag
#llm-security
16 posts tagged llm-security.
- disclosure
LLM Security Risks: The 2025 Threat Landscape for AI Deployments
A practitioner breakdown of LLM security risks covering the OWASP Top 10 for LLM Applications 2025, MITRE ATLAS AI attack tactics, and concrete mitigation
- disclosure
Generative AI Risks: A Technical Reference for Security Teams
A practitioner-focused breakdown of generative AI risks mapped against NIST AI 600-1 and the OWASP Top 10 for LLMs — prompt injection, data poisoning
- disclosure
ChatGPT Security: Patched Flaws, Persistent Gaps, Unsolved Risks
A technical review of ChatGPT security vulnerabilities disclosed in 2025-2026: DNS-based data exfiltration, ZombieAgent prompt injection bypass, Codex
- guide
ChatGPT Security: Risks, Controls, and How to Use It Safely
A practitioner's guide to ChatGPT security in 2026: how OpenAI protects enterprise data, where prompt injection and account-takeover risks live, and the
- analysis
Generative AI Risks: A Practical Taxonomy for Security Teams
Generative AI risks span prompt injection, data poisoning, supply chain vulnerabilities, hallucination, and governance failures.
- analysis
LLM Security Risks: A Practitioner's Field Guide for 2025
A comprehensive breakdown of LLM security risks — prompt injection, supply chain poisoning, excessive agency, and model extraction — with mitigation
- analysis
What Red Teamers Are Finding in 2026: LLM Defense Gaps
Enterprise LLM deployments are being red-teamed at scale for the first time. Security practitioners find consistent failure patterns — misconfigured
- analysis
Major Jailbreak Techniques of 2025: Disclosures and What Persists
A roundup of significant jailbreak techniques disclosed or widely documented in 2025, including many-shot jailbreaking, crescendo attacks, cipher-based
- analysis
OWASP LLM Top 10 2025: What Changed and Why It Matters
The OWASP Top 10 for Large Language Model Applications was updated for 2025. Here is a breakdown of what moved, what was added, and why the changes
- deep-dive
RAG Poisoning: How Retrieval-Augmented Systems Get Compromised
RAG systems inherit all the vulnerabilities of LLMs and add a new one: the retrieval corpus. Injecting malicious content into retrieved sources can hijack
- disclosure
AI Security: Attack Categories, Defense Gaps, and How to Respond
A practitioner guide to the four core attack categories against AI/ML systems — from adversarial inputs to supply chain compromise — with mitigation
- deep-dive
Model Extraction Attacks: How Adversaries Steal AI via the API
Model extraction attacks reconstruct proprietary AI models by querying their public APIs. Here's how they work, what has been demonstrated against real
- methodology
A Practical Guide to AI Red-Teaming for Security Teams
Red-teaming LLMs requires different skills and methodology than traditional network or application penetration testing.
- deep-dive
LLM Supply Chain Poisoning: Training Data Attacks and Backdoors
Training data poisoning and model supply chain attacks are among the hardest AI threats to detect. This post explains how they work, what public research
- incident
How System Prompt Leaks Happen: Techniques and Defenses
Prompt injection attacks that expose system prompts are one of the most common real-world LLM exploits. This post covers the mechanics of system prompt
- primer
Jailbreaking vs Prompt Injection: Not the Same Attack
Security practitioners conflate jailbreaking and prompt injection constantly. They are distinct attack classes with different threat actors, different