Tag: LLM
-
Die 10 häufigsten LLM-Schwachstellen
by
in SecurityNews
Tags: access, ai, api, application-security, awareness, breach, cloud, control, cyberattack, data, detection, dos, encryption, injection, least-privilege, LLM, ml, monitoring, privacy, RedTeam, remote-code-execution, risk, service, tool, update, vulnerability, zero-trust -
Sophos stellt Tuning-Tool für große Sprachmodelle als Open-Source-Programm zur Verfügung
by
in SecurityNewsGroße Sprachmodelle (Large-Language-Models, LLMs) haben das Potenzial, die Arbeitslast zu automatisieren und zu reduzieren, einschließlich der von Cybersicherheitsanalysten und Incident-Respondern. Generischen LLMs fehlt jedoch das domänenspezifische Wissen, um diese Aufgaben gut zu bewältigen. Auch wenn sie mit Trainingsdaten erstellt wurden, die Cybersicherheitsressourcen enthalten, reicht dies oft nicht aus, um spezialisiertere Aufgaben zu übernehmen, die aktuelles…
-
Sophos stellt neues Trainings-Framework zur Optimierung der LLMs zur Verfügung
by
in SecurityNewsDurch den Einsatz von DeepSpeed wird die Skalierung großer Trainingsaufgaben ermöglicht, unter anderem durch parallele Datenverarbeitung. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-stellt-neues-trainingsframework-zur-optimierung-der-llms-zur-verfuegung/a39320/
-
SophosAI-Team stellt Open-Source-Tuning-Tool für LLMs bereit
by
in SecurityNewsLarge-Language-Modelle (LLMs) haben das Potenzial, die Arbeitslast zu automatisieren und zu reduzieren, einschließlich der von Cybersicherheitsanalysten und Incident Respondern. Generischen LLMs fehlt jedoch das domänenspezifische Wissen, um diese Aufgaben gut zu bewältigen. Auch wenn sie mit Trainingsdaten erstellt wurden, die Cybersicherheitsressourcen enthalten, reicht dies oft nicht aus, um spezialisiertere Aufgaben zu übernehmen, die aktuelles und…
-
OWASP Top 10 Risk Mitigations for LLMs and Gen AI Apps 2025
by
in SecurityNewsThe rapid advancement of AI, particularly in large language models (LLMs), has led to transformative capabilities in numerous industries. However, with great power comes significant security challenges. The OWASP Top… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/owasp-top-10-risk-mitigations-for-llms-and-gen-ai-apps-2025/
-
Platforms are the Problem
by
in SecurityNews
Tags: ai, breach, business, chatgpt, cloud, cyber, cybercrime, cybersecurity, data, defense, detection, finance, firewall, fraud, infrastructure, intelligence, LLM, network, saas, service, technology, threat, toolA better path forward for cybersecurity Why is it that cybersecurity is struggling to keep pace with the rapidly evolving threat landscape? We spend more and more, tighten our perimeters, and still there are trillions of dollars being lost to cybercrime and cyber attacks. Setting aside the direct costs to individuals and businesses, and the…
-
FuzzyAI: Open-source tool for automated LLM fuzzing
by
in SecurityNewsFuzzyAI is an open-source framework that helps organizations identify and address AI model vulnerabilities in cloud-hosted and in-house AI models, like guardrail bypassing and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/13/fuzzyai-automated-llm-fuzzing/
-
AI Slop is Hurting Security, LLMs are Dumb and People are Dim
by
in SecurityNewsArtificial stupidity: Large language models are terrible if you need reasoning or actual understanding. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/ai-slop-security-reports-richixbw/
-
IT-Trends 2025 Video-Statements von Experten der Netzpalaver-Community
by
in SecurityNewsAlle Märkte der ITK-Branche sind im Umbruch. Grund: die künstliche Intelligenz. Optimierungen, Effizienz, Automatisierung, Einsparungen, Customer-Experience, Fachkräftemangel etc. LLMs, KI-Agenten und Embedded-Systeme revolutionieren die Datacenter, die Cybersicherheit, Unified-Communications, die Programmierung und sämtliche Aspekte der IT-Infrastruktur. Das Jahr 2025 steht vor etlichen Herausforderungen in Bezug auf die künstliche Intelligenz und vielen weiteren Trends. Welche das sind,…
-
The imperative for governments to leverage genAI in cyber defense
by
in SecurityNews
Tags: ai, attack, cyber, cyberattack, cybersecurity, dark-web, data, deep-fake, defense, detection, email, endpoint, gartner, government, incident response, infrastructure, intelligence, LLM, malicious, malware, microsoft, strategy, tactics, threat, tool, training, vulnerabilityIn an era where cyber threats are evolving at an unprecedented pace, the need for robust cyber defense mechanisms has never been more critical. Sixty-two percent of all cyberattacks focus on public sector organizations directly and indirectly. Nation-state actors, equipped with generative artificial intelligence (genAI) sophisticated tools and techniques, pose significant threats to national security,…
-
Black Hat: Latest news and insights
by
in SecurityNewsThe infosecurity world decamps to London this week, with research on vulnerabilities in AI systems at the fore of the latest edition of Black Hat Europe.The four-day program runs from Dec. 9-12, with two-and four-day options of hands-on trainings, but the main event at ExCeL London occurs on Dec. 11 and 12 featuring the latest research, developments,…
-
Microsoft Challenge Will Test LLM Defenses Against Prompt Injections
Microsoft is calling out to researchers to participate in a competition that is aimed at testing the latest protections in LLMs against prompt injection attacks, which OWASP is calling the top security risk facing the AI models as the industry rolls into 2025. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/microsoft-challenge-will-test-llm-defenses-against-prompt-injections/
-
Black Hat Europe preview: Cryptographic protocol attacks and AI in the spotlight
by
in SecurityNews
Tags: access, ai, application-security, attack, authentication, backdoor, best-practice, computer, conference, control, cybercrime, cybersecurity, data, dns, encryption, exploit, finance, github, government, hacker, healthcare, identity, injection, Internet, LLM, malicious, microsoft, mitigation, office, open-source, radius, RedTeam, risk, service, sophos, technology, tool, training, vulnerability, vulnerability-management, windowsThis week in London Black Hat Europe will feature a diverse range of talks and presentations covering the latest developments in cybersecurity.The opening keynote on Wednesday will be delivered by Frédérick Douzet, a professor of geopolitics at the University of Paris 8, and director of the French Institute of Geopolitics research team. No preview is…
-
Microsoft Bets $10,000 on Prompt Injection Protections of LLM Email Client
by
in SecurityNewsMicrosoft offers $10,000 in rewards to researchers who can manipulate a realistic simulated LLM-integrated email client. The post Microsoft Bets $10,000 on Prompt Injection Protections of LLM Email Client appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-bets-10000-on-prompt-injection-protections-of-llm-email-client/
-
Hackers Can Hijack Your Terminal Via Prompt Injection using LLM-powered Apps
by
in SecurityNewsResearchers have uncovered that Large Language Models (LLMs) can generate and manipulate ANSI escape codes, potentially creating new security vulnerabilities in terminal-based applications. ANSI escape sequences are a standardized set of control characters used by terminal emulators to manipulate the appearance and behavior of text displays. They enable features such as text color changes, cursor movement, blinking text, and more. Terminal emulators interpret these sequences…
-
>>Hack<< this LLM-powered service and get paid
by
in SecurityNewsMicrosoft, in collaboration with the Institute of Science and Technology Australia and ETH Zurich, has announced the LLMail-Inject Challenge, a competition to test and improve … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/09/llm-prompt-injection-attacks-challenge/
-
Microsoft dangles $10K for hackers to hijack LLM email service
Outsmart an AI, win a little Christmas cash First seen on theregister.com Jump to article: www.theregister.com/2024/12/09/microsoft_llm_prompt_injection_challenge/
-
CrowdStrike hilft bei der Sicherung des EndEnd-KI-Ökosystems, das auf AWS aufbaut
by
in SecurityNewsDie erweiterte Integration bietet End-to-End-Transparenz und Schutz für KI-Innovationen, von LLMs bis hin zu Anwendungen, durch verbesserte Amazon SageMaker-Unterstützung, KI-Container-Scanning und AWS IAM Identity Center-Integration. Da Unternehmen ihre Innovationen in der Cloud und die Einführung von KI beschleunigen, ist die Sicherung von KI-Workloads und -Identitäten von entscheidender Bedeutung. Fehlkonfigurationen, Schwachstellen und identitätsbasierte Bedrohungen setzen… First…
-
LLMs Raise Efficiency, Productivity of Cybersecurity Teams
by
in SecurityNewsAI-powered tools are making cybersecurity tasks easier to solve, as well as easier for the team to handle. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/llms-raise-efficiency-productivity-of-cybersecurity-teams
-
SophosAI-Team erstellt neue Benchmarks im Bereich Maschinelles Lernen
by
in SecurityNews
Tags: LLMei der Zusammenfassung von Vorfallinformationen aus Rohdaten erbringen die meisten LLMs eine ausreichende Leistung, es gibt jedoch Raum für Verbesseru… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophosai-team-erstellt-neue-benchmarks-im-bereich-maschinelles-lernen/a36923/
-
WithSecure bringt GenAITool Luminen auf den Markt
by
in SecurityNewsWithSecure™ Luminen nutzt fortschrittliche LLM-Funktionen (Large Language Models) sowie andere KI-Techniken, um die Produktivität von IT-Sicher… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/withsecure-bringt-genai-cybersecurity-tool-luminen-auf-den-markt/a37443/
-
Unternehmen können von innovativen Datenquellen für generative KI, LLMs, FinOps und Nachhaltigkeit profitieren
by
in SecurityNewsDer Datenfluss in den Unternehmen wird nach wie vor durch zahlreiche Herausforderungen beeinträchtigt, darunter solche, die mit Menschen, Prozessen un… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/unternehmen-koennen-von-innovativen-datenquellen-fuer-generative-ki-llms-finops-und-nachhaltigkeit-profitieren/a38048/
-
How LLMs could help defenders write better and faster detection
by
in SecurityNewsFirst seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/how-llms-could-help-defenders-write-better-and-faster-detection/
-
Careful Where You Code: Multiple Vulnerabilities in AI-Powered PR-Agent
by
in SecurityNewsIntroduction There is a push to use LLMs in all aspects of software engineering, far beyond merely generating code snippets. This push includes integr… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2024/08/29/careful-where-you-code-multiple-vulnerabilities-in-ai-powered-pr-agent/
-
Black Friday Fake Stores Surge 110%: How LLMs and Cheap Domains Empower Cybercrime
by
in SecurityNewsThe 2024 holiday shopping season is witnessing an alarming rise in fraudulent e-commerce activity. According to Netcraft, fake online stores have surged by 110% between August and October, capitalizing on... First seen on securityonline.info Jump to article: securityonline.info/black-friday-fake-stores-surge-110-how-llms-and-cheap-domains-empower-cybercrime/
-
How a 2-Hour Interview With an LLM Makes a Digital Twin
by
in SecurityNewsScientists Devise Technique to Make AI Models Mimic Specific People. Researchers have devised a technique to train artificial intelligence models to impersonate people’s behavior based on just two hours of interviews, creating a virtual replica that can mimic an individual’s values and preferences. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/how-2-hour-interview-llm-makes-digital-twin-a-26910