Tag: LLM
-
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
by
in SecurityNews
Tags: access, advisory, ai, application-security, attack, backup, best-practice, breach, cisa, cloud, computer, cve, cyber, cyberattack, cybercrime, cybersecurity, data, exploit, extortion, firewall, framework, governance, government, group, guide, Hardware, incident, incident response, infrastructure, injection, intelligence, Internet, LLM, malicious, microsoft, mitigation, mitre, monitoring, network, nist, office, open-source, powershell, privacy, ransomware, regulation, risk, risk-management, russia, service, skills, software, sql, strategy, supply-chain, tactics, technology, theft, threat, tool, update, vulnerability, vulnerability-management, windowsDon’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against…
-
Google OSS-Fuzz Harnesses AI to Expose 26 Hidden Security Vulnerabilities
by
in SecurityNewsOne of these flaws detected using LLMs was in the widely used OpenSSL library First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-oss-fuzz-ai-expose-26/
-
Google’s AI bug hunters sniff out two dozen-plus code gremlins that humans missed
by
in SecurityNewsOSS-Fuzz is making a strong argument for LLMs in security research First seen on theregister.com Jump to article: www.theregister.com/2024/11/20/google_ossfuzz/
-
OWASP Warns of Growing Data Exposure Risk from AI in New Top 10 List for LLMs
by
in SecurityNewsOWASP has updated its Top 10 list of risks for LLMs and GenAI, upgrading several areas and introducing new categories First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/owasp-data-exposure-risk-ai/
-
AI About-Face: ‘Mantis’ Turns LLM Attackers Into Prey
by
in SecurityNewsExperimental counter-offensive system responds to malicious AI probes with their own surreptitious prompt-injection commands. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/deceptive-framework-defense-mislead-attacking-ai
-
It’s ‘Alarmingly Easy’ to Jailbreak LLM-Controlled Robots
by
in SecurityNewsResearchers Manipulate LLM-Driven Robots into Detonating Bombs in Sandbox. Robots controlled by large language models can be jailbroken alarmingly easily, found researchers who manipulated machines into detonating bombs. Jailbreaking attacks are applicable and arguably, significantly more effective on AI-powered robots, researchers said. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/its-alarmingly-easy-to-jailbreak-llm-controlled-robots-a-26837
-
Letting chatbots run robots ends as badly as you’d expect
by
in SecurityNews
Tags: LLMLLM-controlled droids easily jailbroken to perform mayhem, researchers warn First seen on theregister.com Jump to article: www.theregister.com/2024/11/16/chatbots_run_robots/
-
Open source LLM tool primed to sniff out Python zero-days
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/10/20/python_zero_day_tool/
-
Google AI Platform Bugs Leak Proprietary Enterprise LLMs
by
in SecurityNewsThe tech giant fixed privilege-escalation and model-exfiltration vulnerabilities in Vertex AI that could have allowed attackers to steal or poison custom-built AI models. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/google-ai-platform-bugs-proprietary-enterprise-llms
-
Big Sleep AI Agent Puts SQLite Software Bug to Bed
by
in SecurityNewsA research tool by the company found a vulnerability in the SQLite open source database, demonstrating the defensive potential for using LLMs to find … First seen on darkreading.com Jump to article: www.darkreading.com/application-security/google-big-sleep-ai-agent-sqlite-software-bug
-
AI & LLMs Show Promise in Squashing Software Bugs
by
in SecurityNewsLarge language models (LLMs) can help app security firms find and fix software vulnerabilities. Malicious actors are on to them, too, but here’s why defenders may retain the edge. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/ai-llms-show-promise-squashing-software-bugs
-
Google’s Big Sleep LLM agent discovers exploitable bug in SQLite
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/googles-big-sleep-llm-agent-discovers-exploitable-bug-in-sqlite
-
Subverting LLM Coders
by
in SecurityNewsReally interesting research: “An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection“: Abstract: Large Language Models (LLMs) have transformed code com- pletion tasks, providing context-based suggestions to boost developer productivity in software engineering. As users often fine-tune these models for specific applications, poisoning and backdoor attacks can covertly alter…
-
Google Says Its AI Found SQLite Vulnerability That Fuzzing Missed
by
in SecurityNewsGoogle has showcased the capabilities of its Big Sleep LLM agent, which found a previously unknown exploitable memory safety issue in SQLite. The post… First seen on securityweek.com Jump to article: www.securityweek.com/google-says-its-ai-found-sqlite-vulnerability-that-fuzzing-missed/
-
Google Uses Its Big Sleep AI Agent to Find SQLite Security Flaw
by
in SecurityNewsGoogle researchers behind the vendor’s Big Sleep project used the LLM-based AI agent to detect a security flaw in SQLite, illustrating the value the e… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/google-uses-its-big-sleep-ai-agent-to-find-sqlite-security-flaw/
-
Strategien für den Einsatz von Large Language Models – LLMs für Cybersecurity-Aufgaben nutzen
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/large-language-models-cybersicherheit-a-886bd13a853e6c2639c6cc39de5fdc41/
-
ChatGPT-4o can be used for autonomous voice-based scams
Researchers have shown that it’s possible to abuse OpenAI’s real-time voice API for ChatGPT-4o, an advanced LLM chatbot, to conduct financial scams wi… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chatgpt-4o-can-be-used-for-autonomous-voice-based-scams/
-
Mozilla: ChatGPT Can Be Manipulated Using Hex Code
by
in SecurityNewsLLMs tend to miss the forest for the trees, understanding specific instructions but not their broader context. Bad actors can take advantage of this m… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/chatgpt-manipulated-hex-code
-
Open Source LLM Tool Sniffs Out Python Zero-Days
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/application-security/open-source-llm-tool-finds-python-zero-days
-
dope.security Embeds LLM in CASB to Improve Data Security
by
in SecurityNewsdope.security this week added a cloud access security broker (CASB) to its portfolio that identifies any externally shared file and leverages a large … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/dope-security-embeds-llm-in-casb-to-improve-data-security/
-
New LLM Jailbreak Method With 65% Success Rate Developed
by
in SecurityNews
Tags: LLMFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36513/New-LLM-Jailbreak-Method-With-65-Success-Rate-Developed.html
-
DEF CON 32 AppSec Village BOLABuster-Harnessing LLMs for Automating BOLA Detection
by
in SecurityNewsAuthors/Presenters:Ravid Mazon, Jay Chen Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely DEF CON 32 erudit… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/def-con-32-appsec-village-bolabuster-harnessing-llms-for-automating-bola-detection/
-
New LLM jailbreak method with 65% success rate developed by researchers
by
in SecurityNews
Tags: LLMFirst seen on scworld.com Jump to article: www.scworld.com/news/new-llm-jailbreak-method-with-65-success-rate-developed-by-researchers
-
LLMs Are a New Type of Insider Adversary
by
in SecurityNews
Tags: LLMFirst seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/llms-are-new-type-insider-adversary
-
DEF CON 32 AppSec Village Lessons Learned from Building and Defending LLM Applications
by
in SecurityNewsDEF CON 32 – Lessons Learned from Building and Defending LLM Applications Authors/Presenters:Javan Rasokat Our sincere appreciation to DEF CON, and th… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/def-con-32-appsec-village-lessons-learned-from-building-and-defending-llm-applications/
-
AI Hype Drives Demand For ML SecOps Skills
by
in SecurityNewsCompanies are putting AI in just about all of their products, which opens up new security holes. LLM SecOps and ML SecOps are becoming must-have skill… First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-careers/ai-hype-drives-demand-ml-secops-skills
-
LLMs Fail Middle School Word Problems, Say Apple Researchers
by
in SecurityNewsAI Mimics Reasoning Without Understanding, Struggles With Irrelevant Data. Cutting-edge large language models would fail eighth grade math, say artifi… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/llms-fail-middle-school-word-problems-say-apple-researchers-a-26521