Tag: LLM

How Exposed Endpoints Increase Risk Across LLM Infrastructure

Feb 23, 2026 2:00 PM

Tags: attack, data-breach, endpoint, infrastructure, LLM, programming, risk, service

As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application Programming Interfaces (APIs) to support those models. Modern security risks are being introduced less from the models themselves and more from the infrastructure that serves, connects and automates the model. Each new LLM endpoint expands the…
13 ways attackers use generative AI to exploit your systems

Feb 23, 2026 9:01 AM

Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
13 ways attackers use generative AI to exploit your systems

Feb 23, 2026 9:01 AM

Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
NDSS 2025 The Midas Touch: Triggering The Capability Of LLMs For RM-API Misuse Detection

Feb 22, 2026 6:01 PM

Tags: api, china, conference, cyber, detection, framework, Internet, LLM, network, open-source, service, software, tool

Session 13B: API Security Authors, Creators & Presenters: Yi Yang (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Jinghua Liu (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Kai…
Using threat modeling and prompt injection to audit Comet

Feb 20, 2026 7:01 PM

Tags: access, ai, attack, captcha, control, data, defense, detection, email, endpoint, exploit, framework, injection, Internet, law, least-privilege, LLM, malicious, ml, monitoring, privacy, RedTeam, risk, social-engineering, threat, tool, training, update, vulnerability

Before launching their Comet browser, Perplexity hired us to test the security of their AI-powered browsing features. Using adversarial testing guided by our TRAIL threat model, we demonstrated how four prompt injection techniques could extract users’ private information from Gmail by exploiting the browser’s AI assistant. The vulnerabilities we found reflect how AI agents behave…
LLMs change their answers based on who’s asking

Feb 20, 2026 4:01 PM

Tags: ai, LLM

AI chatbots may deliver unequal answers depending on who is asking the question. A new study from the MIT Center for Constructive Communication finds that LLMs provide less … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/20/mit-llms-response-reliability-risks-study/
LLM-Generated Passwords Expose Security Risks with Predictability and Weakness

Feb 20, 2026 11:01 AM

Tags: cyber, LLM, password, risk

LLM-generated passwords may look complex and “high entropy,” but new research shows they are highly predictable, frequently repeated, and far weaker than traditional cryptographic password generators. At the core of a secure password generator is a CSPRNG, which produces characters from a uniform, unpredictable distribution, making each position in the password hard to guess. Large…
Why LLMs Make Terrible Databases and Why That Matters for Trusted AI

Feb 19, 2026 9:01 PM

Tags: ai, LLM, programming, vulnerability

<div cla Large language models (LLMs) are now embedded across the SDLC. They summarize documentation, generate code, explain vulnerabilities, and assist with architectural decisions. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/why-llms-make-terrible-databases-and-why-that-matters-for-trusted-ai/
Poland bans camera-packing cars made in China from military bases

Feb 19, 2026 9:01 AM

Tags: cctv, china, LLM, military

Dell, however, is welcome to help build a local-language LLM First seen on theregister.com Jump to article: www.theregister.com/2026/02/19/poland_china_car_ban/
Poland bans camera-packing cars made in China cars from military bases

Feb 19, 2026 8:00 AM

Tags: cctv, china, LLM, military

Dell, however, is welcome to help build a local-language LLM First seen on theregister.com Jump to article: www.theregister.com/2026/02/19/poland_china_car_ban/
Poland bans camera-packing cars made in China cars from military bases

Feb 19, 2026 8:00 AM

Tags: cctv, china, LLM, military

Dell, however, is welcome to help build a local-language LLM First seen on theregister.com Jump to article: www.theregister.com/2026/02/19/poland_china_car_ban/
OWASP Agentic Top 10: Agent Goal Hijack FireTail Blog

Feb 19, 2026 1:01 AM

Tags: ai, attack, control, data, email, finance, LLM, malicious, microsoft, risk, strategy, tool, unauthorized, zero-trust

Feb 18, 2026 – Lina Romero – What is Agent Goal Hijack?Agent Goal Hijack occurs when an attacker manipulates an agent’s objectives or decision pathways. Unlike traditional LLM attacks that focus on altering a single response, ASI01 targets the planning logic of the agent.Agents rely on natural-language instructions, so they often can’t reliably distinguish between…
Palo Alto Networks CEO: AI Won’t Replace Security Tools ‘Any Time Soon’

Feb 18, 2026 3:58 PM

Tags: ai, ceo, cybersecurity, LLM, network, risk, tool

Investor fears that AI poses more of a risk than an opportunity for cybersecurity vendors are unfounded, with LLMs unlikely to become capable of displacing security products in the foreseeable future, Palo Alto Networks CEO Nikesh Arora said Tuesday. First seen on crn.com Jump to article: www.crn.com/news/security/2026/palo-alto-networks-ceo-ai-won-t-replace-security-tools-any-time-soon
(g+) Anthropics Bericht über KI-Hacker: Keine CVE-ID – didn’t happen!

Feb 18, 2026 2:58 PM

Tags: ai, cve, hacker, LLM, risk

Ohne gründliche Dokumentation sind Anthropics Berichte über KI-Hacker unglaubwürdig. Das heißt nicht, dass LLMs kein Risiko darstellen. First seen on golem.de Jump to article: www.golem.de/news/anthropics-bericht-ueber-ki-hacker-keine-cve-id-didn-t-happen-2602-205498.html
Low-Skilled Cybercriminals Use AI to Perform Vibe Extortion Attacks

Feb 17, 2026 3:58 PM

Tags: ai, attack, cybercrime, extortion, LLM, strategy, tactics, threat

Unit 42 researchers observed a low-skilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cybercriminals-ai-vibe-extortion/
Side-Channel Attacks Against LLMs

Feb 17, 2026 2:58 PM

Tags: access, attack, chatgpt, credit-card, data, defense, exploit, LLM, monitoring, network, open-source, openai, phone, side-channel

Here are three papers describing different side-channel attacks against LLMs. “Remote Timing Attacks on Efficient Language Model Inference”: Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive body of work (e.g., speculative sampling or parallel decoding) that improves the (average case)…
Large Language Model (LLM) integration risks for SaaS and enterprise

Feb 17, 2026 1:58 PM

Tags: api, automation, LLM, risk, saas, service

The rapid adoption of Large Language Models (LLMs) is transforming how SaaS platforms and enterprise applications operate. From embedded copilots and automated support agents to internal knowledge-base search and workflow automation, organisations are increasingly integrating LLM APIs into existing services to deliver faster and more intuitive user experiences. Nevertheless, as adoption accelerates, so too does”¦…
Why 2025’s agentic AI boom is a CISO’s worst nightmare

Feb 17, 2026 11:58 AM

Tags: access, ai, api, attack, breach, ciso, control, data, defense, email, exploit, finance, framework, governance, infrastructure, injection, jobs, LLM, malicious, microsoft, monitoring, nist, nvidia, openai, RedTeam, risk, risk-management, service, strategy, threat, tool, training, unauthorized, update, vulnerability

defined the early generative AI boom are structurally obsolete. In their place, dynamic and goal-oriented agentic AI systems are taking over the enterprise.This shift was not born of ambition, but of necessity. The industry’s previous darling, standard retrieval-augmented generation (RAG), has hit a wall. To understand the security crisis of 2026, we must first understand…
Was CISOs über OpenClaw wissen sollten

Feb 16, 2026 9:58 PM

Tags: ai, api, authentication, browser, bug, chrome, ciso, cloud, crypto, cyberattack, ddos, DSGVO, firewall, gartner, github, intelligence, Internet, jobs, linkedin, LLM, malware, marketplace, mfa, open-source, risk, security-incident, skills, software, threat, tool, update, vulnerability

Lesen Sie, welches Sicherheitsrisiko die Verwendung von OpenClaw in Unternehmen mit sich bringt.Das neue Tool zur Orchestrierung persönlicher KI-Agenten namens OpenClaw früher Clawdbot, dann Moltbot genannt erfreut sich aktuell großer Beliebtheit. Die Open-Source-Software kann eigenständig und geräteübergreifend arbeiten, mit Online-Diensten interagieren und Workflows auslösen kein Wunder, dass das Github-Repo in den vergangenen Wochen Millionen von…
Why Borderless AI Is Coming to an End

Feb 16, 2026 4:58 PM

Tags: ai, china, data, framework, governance, infrastructure, LLM

Countries Are Pouring Billions Into Domestic AI Stacks to Escape US-China Dominance. By 2027, more than one-third of the world’s nations will be locked into region-specific AI platforms built on proprietary data, infrastructure and governance frameworks, according to Gartner. Nations are now safeguarding LLMs in the same way they do critical infrastructure. First seen on…
Exploited React2Shell Flaw By LLM-generated Malware Foreshadows Shift in Threat Landscape

Feb 16, 2026 2:58 PM

Tags: exploit, LLM, threat

Attackers recently leveraged LLMs to exploit a React2Shell vulnerability and opened the door to low-skill operators and calling traditional indicators into question. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/exploited-react2shell-flaw-by-llm-generated-malware-foreshadows-shift-in-threat-landscape/
The Promptware Kill Chain

Feb 16, 2026 2:58 PM

Tags: access, ai, attack, control, defense, injection, intelligence, LLM, malicious, malware

Attacks against modern generative artificial intelligence (AI) large language models (LLMs) pose a real threat. Yet discussions around these attacks and their potential defenses are dangerously myopic. The dominant narrative focuses on “prompt injection,” a set of techniques to embed instructions into inputs to LLM intended to perform malicious activity. This term suggests a simple,…
Viral AI Caricatures Highlight Shadow AI Dangers

Feb 14, 2026 5:58 AM

Tags: ai, attack, data, LLM, risk, social-engineering

A viral AI caricature trend may be exposing sensitive enterprise data, fueling shadow AI risks, social engineering attacks, and LLM account compromise. The post Viral AI Caricatures Highlight Shadow AI Dangers appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-ai-caricature-trend-shadow-ai-security-risks/
Claude LLM artifacts abused to push Mac infostealers in ClickFix attack

Feb 13, 2026 9:58 PM

Tags: attack, google, LLM, macOS, malware, threat

Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/
Claude LLM artifacts abused to push Mac infostealers in ClickFix attack

Feb 13, 2026 9:58 PM

Tags: attack, google, LLM, macOS, malware, threat

Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/
Google fears massive attempt to clone Gemini AI through model extraction

Feb 13, 2026 1:58 PM

Tags: access, ai, api, attack, china, ciso, cybercrime, cybersecurity, defense, exploit, google, government, group, hacker, intelligence, iran, jobs, korea, LLM, malicious, malware, north-korea, phishing, russia, service, social-engineering, threat, vulnerability

Nation-state groups used Gemini to accelerate attack operations: Google sees itself not just as a potential victim of AI cybercrime, but also an unwilling enabler. Its report documented how government-backed threat actors from China, Iran, North Korea, and Russia integrated Gemini into their operations in late 2025. The company said it disabled accounts and assets…
Viral AI Caricatures Highlight Shadow AI Dangers

Feb 12, 2026 3:58 PM

Tags: ai, data, LLM, risk

A viral AI caricature trend is spotlighting shadow AI risks, exposing how public LLM use can lead to data leakage and targeted attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/viral-ai-caricatures-highlight-shadow-ai-dangers/
Viral AI Caricatures Highlight Shadow AI Dangers

Feb 12, 2026 3:58 PM

Tags: ai, data, LLM, risk

A viral AI caricature trend is spotlighting shadow AI risks, exposing how public LLM use can lead to data leakage and targeted attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/viral-ai-caricatures-highlight-shadow-ai-dangers/
Viral AI Caricatures Highlight Shadow AI Dangers

Feb 12, 2026 3:58 PM

Tags: ai, data, LLM, risk

A viral AI caricature trend is spotlighting shadow AI risks, exposing how public LLM use can lead to data leakage and targeted attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/viral-ai-caricatures-highlight-shadow-ai-dangers/
Entwickler werden zum Angriffsvektor

Feb 12, 2026 5:58 AM

Tags: access, ai, api, application-security, best-practice, ceo, ciso, cloud, cyberattack, cybercrime, cybersecurity, data, exploit, hacker, infrastructure, intelligence, jobs, least-privilege, LLM, malware, open-source, phishing, risk, saas, social-engineering, software, spear-phishing, supply-chain, threat, tool, training, vulnerability

Softwareentwickler sind gefragt auch unter kriminellen Hackern.Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer versuchen nicht mehr nur, in…