Tag: LLM

Geben Sie LLM-Alarmismus keine Chance!

Jan 23, 2025 6:22 AM

Tags: ai, ciso, cybercrime, hacking, LLM, malware, phishing, ransomware, risk, social-engineering, tool, vulnerability
Sweet Security launches LLM-powered cloud detection engine

Jan 21, 2025 9:23 PM

Tags: cloud, detection, LLM

First seen on scworld.com Jump to article: www.scworld.com/brief/sweet-security-launches-llm-powered-cloud-detection-engine
How organizations can secure their AI code

Jan 20, 2025 8:22 AM

Tags: ai, application-security, awareness, backdoor, breach, business, chatgpt, ciso, compliance, control, credentials, crime, cybersecurity, data, data-breach, finance, github, healthcare, LLM, malicious, ml, open-source, organized, programming, risk, risk-management, software, startup, strategy, supply-chain, technology, tool, training, vulnerability

In 2023, the team at data extraction startup Reworkd was under tight deadlines. Investors pressured them to monetize the platform, and they needed to migrate everything from Next.js to Python/FastAPI. To speed things up, the team decided to turn to ChatGPT to do some of the work. The AI-generated code appeared to function, so they…
OpenAI’s ChatGPT crawler can be tricked into DDoSing sites, answering your queries

Jan 19, 2025 8:24 PM

Tags: chatgpt, LLM, openai

The S in LLM stands for Security First seen on theregister.com Jump to article: www.theregister.com/2025/01/19/openais_chatgpt_crawler_vulnerability/
A Brief Guide for Dealing with ‘Humanless SOC’ Idiots

Jan 18, 2025 7:24 AM

Tags: ai, api, attack, automation, business, cloud, computing, data, defense, detection, guide, intelligence, jobs, LLM, mssp, siem, soc, technology, threat, tool

image by Meta.AI lampooning humanless SOC My former “colleagues” have written several serious pieces of research about why a SOC without humans will never happen (“Predict 2025: There Will Never Be an Autonomous SOC”, “The “Autonomous SOC” Is A Pipe Dream”, “Stop Trying To Take Humans Out Of Security Operations”). But I wanted to write…
Cisco Unveils AI Defense to Stand Against Model Safety Risks

Jan 15, 2025 9:02 PM

Tags: ai, cisco, defense, injection, intelligence, LLM, risk, threat

Product Head Jeetu Patel on How AI Defense Ensures Secure LLM Operations at Runtime. Cisco’s AI Defense platform addresses emerging safety and security risks in AI. By leveraging insights from Robust Intelligence, it offers model validation, threat prevention and integrated guardrails to protect against evolving challenges such as hallucinations and prompt injection attacks. First seen…
OWASP’s New LLM Top 10 Shows Emerging AI Threats

Jan 15, 2025 6:02 PM

Tags: ai, LLM, risk, threat

Ultimately, there is no replacement for an intuitive, security-focused developer working with the critical thinking required to drive down the risk of both AI and human error. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/owasps-llm-top-10-shows-emerging-ai-threats
Sweet Security Introduces Patent-Pending LLM-Powered Detection Engine, Reducing Cloud Detection Noise to 0.04%

Jan 15, 2025 4:02 PM

Tags: cloud, detection, LLM

Tel Aviv, Israel, 15th January 2025, CyberNewsWire First seen on hackread.com Jump to article: hackread.com/sweet-security-introduces-patent-pending-llm-powered-detection-engine-reducing-cloud-detection-noise-to-0-04/
Sweet Security Leverages LLM to Improve Cloud Security

Jan 15, 2025 4:02 PM

Tags: cloud, cybersecurity, detection, LLM, threat

Sweet Security today added a cloud detection engine to its cybersecurity portfolio that makes use of a large language model (LLM) to identify potential threats in real-time. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/sweet-security-leverages-llm-to-improve-cloud-security/
Gen AI strategies put CISOs in a stressful bind

Jan 14, 2025 10:47 AM

Tags: access, ai, attack, business, ciso, compliance, control, cybersecurity, data, exploit, injection, law, LLM, malicious, open-source, ransomware, risk, risk-management, saas, service, software, strategy, technology, unauthorized, vulnerability

Senior executive perceptions on the promise of generative AI are proving to be a siren song for many CISOs.According to a recent survey from NTT Data, 89% of C-suite executives “are very concerned about the potential security risks associated with gen AI deployments.” But, the report found, those same senior execs believe “the promise and…
How to create de-identified embeddings with Tonic Textual Pinecone

Jan 14, 2025 8:46 AM

Tags: data, LLM

To protect private information stored in text embeddings, it’s essential to de-identify the text before embedding and storing it in a vector database. In this article, we’ll demonstrate how to de-identify and chunk text using Tonic Textual, and then easily embed these chunks and store the data in a Pinecone vector database to use for…
Phishing click rates tripled in 2024 despite user training

Jan 13, 2025 9:26 AM

Tags: adobe, ai, attack, awareness, business, cloud, credentials, cybercrime, data, deep-fake, detection, email, finance, identity, LLM, login, malicious, malware, microsoft, network, office, phishing, scam, service, social-engineering, spam, technology, threat, tool, training

For years organizations have invested in security awareness training programs to teach employees how to spot and report phishing attempts. Despite those efforts, enterprise users were three times as likely in 2024 to land on phishing pages compared to the previous year, according to a report from security vendor Netskope.Based on telemetry collected from its…
2025 Cybersecurity and AI Predictions

Jan 11, 2025 11:42 AM

Tags: access, ai, api, attack, backdoor, backup, browser, business, chrome, communications, compliance, control, corporate, crowdstrike, crypto, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, exploit, finance, firmware, flaw, framework, fraud, GDPR, hacker, Hardware, identity, intelligence, international, korea, LLM, malicious, mitigation, monitoring, network, open-source, privacy, regulation, resilience, risk, risk-assessment, scam, service, skills, supply-chain, switch, technology, threat, tool, training, unauthorized, vulnerability

The cybersecurity and AI landscape continues to evolve at a breathtaking pace, and with it, the associated risks. Snowballing cybercrime costs are compounded by a cybersecurity workforce gap of nearly 4.8 million professionals, as reported by ISC2. Meanwhile, ISACA’s end-2024 State of Cybersecurity Report shows that nearly half of those surveyed claim no involvement in…
SOAR buyer’s guide: 11 security orchestration, automation, and response products, and how to choose

Jan 9, 2025 8:19 AM

Tags: access, ai, api, attack, automation, business, chatgpt, cisco, cloud, compliance, container, cybersecurity, data, detection, edr, endpoint, firewall, fortinet, gartner, google, group, guide, Hardware, ibm, incident response, infrastructure, intelligence, jobs, LLM, malware, mandiant, marketplace, microsoft, mitigation, monitoring, network, okta, risk, saas, security-incident, service, siem, soar, soc, software, technology, threat, tool, training, vulnerability, vulnerability-management, zero-day

Security orchestration, automation, and response (SOAR) has undergone a major transformation in the past few years. Features in each of the words in its description that were once exclusive to SOAR have bled into other tools. For example, responses can be found now in endpoint detection and response (EDR) tools. Orchestration is now a joint…
Forscher: KI sorgt für effektiveres Phishing

Jan 8, 2025 4:18 PM

Tags: ai, LLM, phishing, spear-phishing

Wie wirksam ist per LLM automatisch erzeugtes Phishing? Es ist gleichauf mit menschlich erzeugtem Spear-Phishing, sagen Forscher. First seen on heise.de Jump to article: www.heise.de/news/Forscher-KI-sorgt-fuer-effektiveres-Phishing-10232370.html
Sophos stellt Sprachmodell-Tool zur Verfügung – Tuning-Tool für LLMs als Open-Source-Programm

Jan 8, 2025 2:18 PM

Tags: LLM, open-source, sophos, tool

First seen on security-insider.de Jump to article: www.security-insider.de/sophosai-open-source-tool-large-language-models-a-7f503f54ce6f32d4c318a41e873e2a54/
Agents, Robotics, and Auth Oh My! – Impart Security

Jan 7, 2025 5:18 PM

Tags: access, ai, api, attack, automation, awareness, backdoor, breach, chatgpt, cloud, conference, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, ddos, deep-fake, defense, detection, email, exploit, finance, firewall, fraud, healthcare, incident response, infrastructure, intelligence, kubernetes, LLM, malicious, malware, mitigation, network, offense, password, phishing, risk, saas, scam, security-incident, service, social-engineering, software, strategy, supply-chain, technology, threat, unauthorized, update, vulnerability, waf

Agents, Robotics, and Auth – Oh My! Introduction 2025 will be the year of the futurist. I never thought that I’d be writing a blog post about AI and robotics at this point in my career, but technology has advanced so much in the lat 12 months setting up 2025 to be a landmark year…
Gen AI is transforming the cyber threat landscape by democratizing vulnerability hunting

Jan 7, 2025 9:17 AM

Tags: ai, api, apt, attack, bug-bounty, business, chatgpt, cloud, computing, conference, credentials, cve, cyber, cybercrime, cyberespionage, cybersecurity, data, defense, detection, email, exploit, finance, firewall, flaw, framework, github, government, group, guide, hacker, hacking, incident response, injection, LLM, malicious, microsoft, open-source, openai, penetration-testing, programming, rce, RedTeam, remote-code-execution, service, skills, software, sql, tactics, threat, tool, training, update, vulnerability, waf, zero-day

Generative AI has had a significant impact on a wide variety of business processes, optimizing and accelerating workflows and in some cases reducing baselines for expertise.Add vulnerability hunting to that list, as large language models (LLMs) are proving to be valuable tools in assisting hackers, both good and bad, in discovering software vulnerabilities and writing…
Will AI Code Generators Overcome Their Insecurities This Year?

Jan 7, 2025 12:17 AM

Tags: ai, LLM, software

In just two years, LLMs have become standard for developers, and non-developers, to generate code, but companies still need to improve security processes to reduce software vulnerabilities. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/will-ai-code-generators-overcome-their-insecurities-2025
Garak An Open Source LLM Vulnerability Scanner for AI Red-Teaming

Jan 6, 2025 9:17 AM

Tags: ai, cyber, data, guide, injection, LLM, open-source, RedTeam, tool, vulnerability

Garak is a free, open-source tool specifically designed to test the robustness and reliability of Large Language Models (LLMs). Inspired by utilities like Nmap or Metasploit, Garak identifies potential weak points in LLMs by probing for issues such as hallucinations, data leakage, prompt injections, toxicity, jailbreak effectiveness, and misinformation propagation. This guide covers everything you…
Im Kontext der Datensicherheit sind LLMs als Menschen zu betrachten

Jan 6, 2025 6:17 AM

Tags: ai, data, LLM

Große Sprachmodelle und die Frage der Data Security Sicherheitsfragen rund um LLMs. Angesichts der rasanten KI-Entwicklung wird immer deutlicher, dass die grundlegenden Leitplanken, Plausibilitätsprüfungen und prompt-basierten Sicherheitsmaßnahmen, die derzeit gelten, durchlässig und unzureichend sind. Bei der Entwicklung von Strategien zur Verbesserung der Datensicherheit in KI-Workloads ist es entscheidend, die Perspektive zu ändern und… First seen…
New LLM jailbreak uses models’ evaluation skills against them

Jan 5, 2025 11:17 AM

Tags: LLM, skills

First seen on scworld.com Jump to article: www.scworld.com/news/new-llm-jailbreak-uses-models-evaluation-skills-against-them
‘Bad Likert Judge’ Jailbreak Bypasses Guardrails of OpenAI, Other Top LLMs

Jan 2, 2025 7:17 PM

Tags: ai, cyberattack, intelligence, LLM, openai

A novel technique to stump artificial intelligence (AI) text-based systems increases the likelihood of a successful cyberattack by 60%. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/bad-likert-judge-jailbreak-bypasses-guardrails-openai-other-llms
LLMs Crack the Code: 95% Success Rate in Hacking Challenge

Dec 31, 2024 5:28 AM

Tags: cybersecurity, hacking, LLM

A recent study demonstrates the transformative potential of large language models (LLMs) in offensive cybersecurity tasks. Researchers Rustem Turtayev, Artem Petrov, Dmitrii Volkov, and Denis Volk have achieved a record-breaking... First seen on securityonline.info Jump to article: securityonline.info/llms-crack-the-code-95-success-rate-in-hacking-challenge/
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 26

Dec 29, 2024 3:43 PM

Tags: botnet, international, iot, LLM, malicious, malware

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Now You See Me, Now You Don’t: Using LLMs to Obfuscate Malicious JavaScript Analyzing Malicious Intent in Python Code: A Case Study DigiEver Fix That IoT Thing! Botnets Continue to Target Aging D-Link Vulnerabilities OtterCookie, […]…
Data protection challenges abound as volumes surge and threats evolve

Dec 27, 2024 7:43 AM

Tags: access, ai, authentication, awareness, ciso, cloud, compliance, control, credentials, cryptography, cybersecurity, data, email, encryption, endpoint, firewall, framework, google, governance, guide, hacker, identity, intelligence, Internet, LLM, mfa, mobile, monitoring, network, office, phishing, phone, risk, risk-assessment, risk-management, saas, strategy, tactics, technology, theft, threat, tool, unauthorized, update, vulnerability

In the global digital economy, data is the most important asset organizations must protect from theft and damage. CISOs are fundamentally guardians of that asset, obligated to keep it secure and available to relevant users when and where they need it.”Every company has become a data company in this day and age; even if you’re…
AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case

Dec 23, 2024 3:42 PM

Tags: ai, cybersecurity, detection, LLM, malicious, malware, network

Cybersecurity researchers have found that it’s possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection.”Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate existing malware, making it harder to detect,” Palo…
Die 10 häufigsten LLM-Schwachstellen

Dec 19, 2024 6:42 AM

Tags: access, ai, api, application-security, awareness, breach, cloud, control, cyberattack, data, detection, dos, encryption, injection, least-privilege, LLM, ml, monitoring, privacy, RedTeam, remote-code-execution, risk, service, tool, update, vulnerability, zero-trust
Sophos stellt Tuning-Tool für große Sprachmodelle als Open-Source-Programm zur Verfügung

Dec 18, 2024 2:42 PM

Tags: LLM, open-source, sophos, tool

Große Sprachmodelle (Large-Language-Models, LLMs) haben das Potenzial, die Arbeitslast zu automatisieren und zu reduzieren, einschließlich der von Cybersicherheitsanalysten und Incident-Respondern. Generischen LLMs fehlt jedoch das domänenspezifische Wissen, um diese Aufgaben gut zu bewältigen. Auch wenn sie mit Trainingsdaten erstellt wurden, die Cybersicherheitsressourcen enthalten, reicht dies oft nicht aus, um spezialisiertere Aufgaben zu übernehmen, die aktuelles…
Sophos stellt neues Trainings-Framework zur Optimierung der LLMs zur Verfügung

Dec 18, 2024 2:42 PM

Tags: framework, LLM, sophos, training

Durch den Einsatz von DeepSpeed wird die Skalierung großer Trainingsaufgaben ermöglicht, unter anderem durch parallele Datenverarbeitung. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-stellt-neues-trainingsframework-zur-optimierung-der-llms-zur-verfuegung/a39320/