Tag: LLM
-
Google’s AI bug hunters sniff out two dozen-plus code gremlins that humans missed
OSS-Fuzz is making a strong argument for LLMs in security research First seen on theregister.com Jump to article: www.theregister.com/2024/11/20/google_ossfuzz/
-
OWASP Warns of Growing Data Exposure Risk from AI in New Top 10 List for LLMs
OWASP has updated its Top 10 list of risks for LLMs and GenAI, upgrading several areas and introducing new categories First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/owasp-data-exposure-risk-ai/
-
AI About-Face: ‘Mantis’ Turns LLM Attackers Into Prey
Experimental counter-offensive system responds to malicious AI probes with their own surreptitious prompt-injection commands. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/deceptive-framework-defense-mislead-attacking-ai
-
It’s ‘Alarmingly Easy’ to Jailbreak LLM-Controlled Robots
Researchers Manipulate LLM-Driven Robots into Detonating Bombs in Sandbox. Robots controlled by large language models can be jailbroken alarmingly easily, found researchers who manipulated machines into detonating bombs. Jailbreaking attacks are applicable and arguably, significantly more effective on AI-powered robots, researchers said. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/its-alarmingly-easy-to-jailbreak-llm-controlled-robots-a-26837
-
Letting chatbots run robots ends as badly as you’d expect
Tags: LLMLLM-controlled droids easily jailbroken to perform mayhem, researchers warn First seen on theregister.com Jump to article: www.theregister.com/2024/11/16/chatbots_run_robots/
-
Open source LLM tool primed to sniff out Python zero-days
First seen on theregister.com Jump to article: www.theregister.com/2024/10/20/python_zero_day_tool/
-
Google AI Platform Bugs Leak Proprietary Enterprise LLMs
The tech giant fixed privilege-escalation and model-exfiltration vulnerabilities in Vertex AI that could have allowed attackers to steal or poison custom-built AI models. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/google-ai-platform-bugs-proprietary-enterprise-llms
-
Big Sleep AI Agent Puts SQLite Software Bug to Bed
A research tool by the company found a vulnerability in the SQLite open source database, demonstrating the defensive potential for using LLMs to find … First seen on darkreading.com Jump to article: www.darkreading.com/application-security/google-big-sleep-ai-agent-sqlite-software-bug
-
AI & LLMs Show Promise in Squashing Software Bugs
Large language models (LLMs) can help app security firms find and fix software vulnerabilities. Malicious actors are on to them, too, but here’s why defenders may retain the edge. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/ai-llms-show-promise-squashing-software-bugs
-
Google’s Big Sleep LLM agent discovers exploitable bug in SQLite
First seen on scworld.com Jump to article: www.scworld.com/news/googles-big-sleep-llm-agent-discovers-exploitable-bug-in-sqlite
-
Subverting LLM Coders
Really interesting research: “An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection“: Abstract: Large Language Models (LLMs) have transformed code com- pletion tasks, providing context-based suggestions to boost developer productivity in software engineering. As users often fine-tune these models for specific applications, poisoning and backdoor attacks can covertly alter…
-
Google Says Its AI Found SQLite Vulnerability That Fuzzing Missed
Google has showcased the capabilities of its Big Sleep LLM agent, which found a previously unknown exploitable memory safety issue in SQLite. The post… First seen on securityweek.com Jump to article: www.securityweek.com/google-says-its-ai-found-sqlite-vulnerability-that-fuzzing-missed/
-
Google Uses Its Big Sleep AI Agent to Find SQLite Security Flaw
Google researchers behind the vendor’s Big Sleep project used the LLM-based AI agent to detect a security flaw in SQLite, illustrating the value the e… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/google-uses-its-big-sleep-ai-agent-to-find-sqlite-security-flaw/
-
Strategien für den Einsatz von Large Language Models – LLMs für Cybersecurity-Aufgaben nutzen
First seen on security-insider.de Jump to article: www.security-insider.de/large-language-models-cybersicherheit-a-886bd13a853e6c2639c6cc39de5fdc41/
-
ChatGPT-4o can be used for autonomous voice-based scams
Researchers have shown that it’s possible to abuse OpenAI’s real-time voice API for ChatGPT-4o, an advanced LLM chatbot, to conduct financial scams wi… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chatgpt-4o-can-be-used-for-autonomous-voice-based-scams/
-
Mozilla: ChatGPT Can Be Manipulated Using Hex Code
LLMs tend to miss the forest for the trees, understanding specific instructions but not their broader context. Bad actors can take advantage of this m… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/chatgpt-manipulated-hex-code
-
Open Source LLM Tool Sniffs Out Python Zero-Days
First seen on darkreading.com Jump to article: www.darkreading.com/application-security/open-source-llm-tool-finds-python-zero-days
-
dope.security Embeds LLM in CASB to Improve Data Security
dope.security this week added a cloud access security broker (CASB) to its portfolio that identifies any externally shared file and leverages a large … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/dope-security-embeds-llm-in-casb-to-improve-data-security/
-
New LLM Jailbreak Method With 65% Success Rate Developed
Tags: LLMFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36513/New-LLM-Jailbreak-Method-With-65-Success-Rate-Developed.html
-
DEF CON 32 AppSec Village BOLABuster-Harnessing LLMs for Automating BOLA Detection
Authors/Presenters:Ravid Mazon, Jay Chen Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely DEF CON 32 erudit… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/def-con-32-appsec-village-bolabuster-harnessing-llms-for-automating-bola-detection/
-
New LLM jailbreak method with 65% success rate developed by researchers
Tags: LLMFirst seen on scworld.com Jump to article: www.scworld.com/news/new-llm-jailbreak-method-with-65-success-rate-developed-by-researchers
-
LLMs Are a New Type of Insider Adversary
Tags: LLMFirst seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/llms-are-new-type-insider-adversary
-
DEF CON 32 AppSec Village Lessons Learned from Building and Defending LLM Applications
DEF CON 32 – Lessons Learned from Building and Defending LLM Applications Authors/Presenters:Javan Rasokat Our sincere appreciation to DEF CON, and th… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/def-con-32-appsec-village-lessons-learned-from-building-and-defending-llm-applications/
-
AI Hype Drives Demand For ML SecOps Skills
Companies are putting AI in just about all of their products, which opens up new security holes. LLM SecOps and ML SecOps are becoming must-have skill… First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-careers/ai-hype-drives-demand-ml-secops-skills
-
LLMs Fail Middle School Word Problems, Say Apple Researchers
AI Mimics Reasoning Without Understanding, Struggles With Irrelevant Data. Cutting-edge large language models would fail eighth grade math, say artifi… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/llms-fail-middle-school-word-problems-say-apple-researchers-a-26521
-
LLM attacks take just 42 seconds on average, 20% of jailbreaks succeed
First seen on scworld.com Jump to article: www.scworld.com/news/llm-attacks-take-just-42-seconds-on-average-20-of-jailbreaks-succeed
-
Wachsende Bedrohung durch LLM-Jacking
Das Sysdig-Threat-Research-Team (TRT) warnt vor einer alarmierenden Zunahme sogenannter LLM-Jacking-Angriffe. Dabei verschaffen sich Cyberkriminelle m… First seen on netzpalaver.de Jump to article: netzpalaver.de/2024/10/07/wachsende-bedrohung-durch-llm-jacking/
-
LLM Hijacking Of Cloud Infrastructure Uncovered By Researchers
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36433/LLM-Hijacking-Of-Cloud-Infrastructure-Uncovered-By-Researchers.html