Tag: LLM

Im Kontext der Datensicherheit sind LLMs als Menschen zu betrachten

Jan 6, 2025 6:17 AM

Tags: ai, data, LLM

Große Sprachmodelle und die Frage der Data Security Sicherheitsfragen rund um LLMs. Angesichts der rasanten KI-Entwicklung wird immer deutlicher, dass die grundlegenden Leitplanken, Plausibilitätsprüfungen und prompt-basierten Sicherheitsmaßnahmen, die derzeit gelten, durchlässig und unzureichend sind. Bei der Entwicklung von Strategien zur Verbesserung der Datensicherheit in KI-Workloads ist es entscheidend, die Perspektive zu ändern und… First seen…
New LLM jailbreak uses models’ evaluation skills against them

Jan 5, 2025 11:17 AM

Tags: LLM, skills

First seen on scworld.com Jump to article: www.scworld.com/news/new-llm-jailbreak-uses-models-evaluation-skills-against-them
‘Bad Likert Judge’ Jailbreak Bypasses Guardrails of OpenAI, Other Top LLMs

Jan 2, 2025 7:17 PM

Tags: ai, cyberattack, intelligence, LLM, openai

A novel technique to stump artificial intelligence (AI) text-based systems increases the likelihood of a successful cyberattack by 60%. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/bad-likert-judge-jailbreak-bypasses-guardrails-openai-other-llms
LLMs Crack the Code: 95% Success Rate in Hacking Challenge

Dec 31, 2024 5:28 AM

Tags: cybersecurity, hacking, LLM

A recent study demonstrates the transformative potential of large language models (LLMs) in offensive cybersecurity tasks. Researchers Rustem Turtayev, Artem Petrov, Dmitrii Volkov, and Denis Volk have achieved a record-breaking... First seen on securityonline.info Jump to article: securityonline.info/llms-crack-the-code-95-success-rate-in-hacking-challenge/
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 26

Dec 29, 2024 3:43 PM

Tags: botnet, international, iot, LLM, malicious, malware

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Now You See Me, Now You Don’t: Using LLMs to Obfuscate Malicious JavaScript Analyzing Malicious Intent in Python Code: A Case Study DigiEver Fix That IoT Thing! Botnets Continue to Target Aging D-Link Vulnerabilities OtterCookie, […]…
Data protection challenges abound as volumes surge and threats evolve

Dec 27, 2024 7:43 AM

Tags: access, ai, authentication, awareness, ciso, cloud, compliance, control, credentials, cryptography, cybersecurity, data, email, encryption, endpoint, firewall, framework, google, governance, guide, hacker, identity, intelligence, Internet, LLM, mfa, mobile, monitoring, network, office, phishing, phone, risk, risk-assessment, risk-management, saas, strategy, tactics, technology, theft, threat, tool, unauthorized, update, vulnerability

In the global digital economy, data is the most important asset organizations must protect from theft and damage. CISOs are fundamentally guardians of that asset, obligated to keep it secure and available to relevant users when and where they need it.”Every company has become a data company in this day and age; even if you’re…
AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case

Dec 23, 2024 3:42 PM

Tags: ai, cybersecurity, detection, LLM, malicious, malware, network

Cybersecurity researchers have found that it’s possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection.”Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate existing malware, making it harder to detect,” Palo…
Die 10 häufigsten LLM-Schwachstellen

Dec 19, 2024 6:42 AM

Tags: access, ai, api, application-security, awareness, breach, cloud, control, cyberattack, data, detection, dos, encryption, injection, least-privilege, LLM, ml, monitoring, privacy, RedTeam, remote-code-execution, risk, service, tool, update, vulnerability, zero-trust
Sophos stellt Tuning-Tool für große Sprachmodelle als Open-Source-Programm zur Verfügung

Dec 18, 2024 2:42 PM

Tags: LLM, open-source, sophos, tool

Große Sprachmodelle (Large-Language-Models, LLMs) haben das Potenzial, die Arbeitslast zu automatisieren und zu reduzieren, einschließlich der von Cybersicherheitsanalysten und Incident-Respondern. Generischen LLMs fehlt jedoch das domänenspezifische Wissen, um diese Aufgaben gut zu bewältigen. Auch wenn sie mit Trainingsdaten erstellt wurden, die Cybersicherheitsressourcen enthalten, reicht dies oft nicht aus, um spezialisiertere Aufgaben zu übernehmen, die aktuelles…
Sophos stellt neues Trainings-Framework zur Optimierung der LLMs zur Verfügung

Dec 18, 2024 2:42 PM

Tags: framework, LLM, sophos, training

Durch den Einsatz von DeepSpeed wird die Skalierung großer Trainingsaufgaben ermöglicht, unter anderem durch parallele Datenverarbeitung. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-stellt-neues-trainingsframework-zur-optimierung-der-llms-zur-verfuegung/a39320/
CISOs should stop freaking out about attackers getting a boost from LLMs

Dec 18, 2024 8:43 AM

Tags: ai, attack, automation, ciso, cyber, cybercrime, cybersecurity, defense, disinformation, exploit, hacker, hacking, infrastructure, LLM, malware, network, offense, penetration-testing, phishing, programming, ransomware, risk, social-engineering, startup, technology, threat, tool, vulnerability, warfare

A common refrain from cybersecurity professionals in recent years has been the need for a diversification of the CISO role to meet the demands of increased responsibility across numerous categories. In the past year, this refrain has grown louder, specifically around the topic of generative AI.Large language models (LLMs) have added a new dimension to…
SophosAI-Team stellt Open-Source-Tuning-Tool für LLMs bereit

Dec 17, 2024 3:44 PM

Tags: LLM, open-source, tool

Large-Language-Modelle (LLMs) haben das Potenzial, die Arbeitslast zu automatisieren und zu reduzieren, einschließlich der von Cybersicherheitsanalysten und Incident Respondern. Generischen LLMs fehlt jedoch das domänenspezifische Wissen, um diese Aufgaben gut zu bewältigen. Auch wenn sie mit Trainingsdaten erstellt wurden, die Cybersicherheitsressourcen enthalten, reicht dies oft nicht aus, um spezialisiertere Aufgaben zu übernehmen, die aktuelles und…
OWASP Top 10 Risk Mitigations for LLMs and Gen AI Apps 2025

Dec 16, 2024 4:42 PM

Tags: ai, LLM, mitigation, risk

The rapid advancement of AI, particularly in large language models (LLMs), has led to transformative capabilities in numerous industries. However, with great power comes significant security challenges. The OWASP Top… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/owasp-top-10-risk-mitigations-for-llms-and-gen-ai-apps-2025/
Platforms are the Problem

Dec 15, 2024 3:42 PM

Tags: ai, breach, business, chatgpt, cloud, cyber, cybercrime, cybersecurity, data, defense, detection, finance, firewall, fraud, infrastructure, intelligence, LLM, network, saas, service, technology, threat, tool

A better path forward for cybersecurity Why is it that cybersecurity is struggling to keep pace with the rapidly evolving threat landscape? We spend more and more, tighten our perimeters, and still there are trillions of dollars being lost to cybercrime and cyber attacks. Setting aside the direct costs to individuals and businesses, and the…
FuzzyAI: Open-source tool for automated LLM fuzzing

Dec 13, 2024 7:05 AM

Tags: ai, cloud, framework, LLM, open-source, tool, vulnerability

FuzzyAI is an open-source framework that helps organizations identify and address AI model vulnerabilities in cloud-hosted and in-house AI models, like guardrail bypassing and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/13/fuzzyai-automated-llm-fuzzing/
AI Slop is Hurting Security, LLMs are Dumb and People are Dim

Dec 12, 2024 8:05 PM

Tags: ai, LLM

Artificial stupidity: Large language models are terrible if you need reasoning or actual understanding. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/ai-slop-security-reports-richixbw/
IT-Trends 2025 Video-Statements von Experten der Netzpalaver-Community

Dec 12, 2024 2:08 PM

Tags: ai, communications, cyersecurity, LLM

Alle Märkte der ITK-Branche sind im Umbruch. Grund: die künstliche Intelligenz. Optimierungen, Effizienz, Automatisierung, Einsparungen, Customer-Experience, Fachkräftemangel etc. LLMs, KI-Agenten und Embedded-Systeme revolutionieren die Datacenter, die Cybersicherheit, Unified-Communications, die Programmierung und sämtliche Aspekte der IT-Infrastruktur. Das Jahr 2025 steht vor etlichen Herausforderungen in Bezug auf die künstliche Intelligenz und vielen weiteren Trends. Welche das sind,…
The 7 most in-demand cybersecurity skills today

Dec 12, 2024 12:05 PM

Tags: access, ai, api, application-security, attack, backup, best-practice, breach, business, cloud, compliance, computing, control, cyber, cyberattack, cybersecurity, data, defense, encryption, exploit, framework, gartner, GDPR, google, governance, grc, group, hacker, Hardware, healthcare, incident response, infrastructure, injection, intelligence, jobs, LLM, malicious, mitigation, ml, network, penetration-testing, phishing, privacy, ransomware, risk, risk-analysis, risk-assessment, risk-management, saas, service, skills, social-engineering, software, spear-phishing, strategy, technology, threat, tool, training, update, vulnerability, zero-trust

Cybersecurity teams find themselves understaffed, overburdened, and rushing to keep up with a rapidly changing threat landscape, as cyberattackers continually devise new ways to attack organizations, and organizations accelerate their embrace of the latest technologies.As a result, security professionals must continually upskill themselves to ensure they keep pace with organizations’ latest skill demands. Unfortunately, deciding…
The imperative for governments to leverage genAI in cyber defense

Dec 11, 2024 10:05 PM

Tags: ai, attack, cyber, cyberattack, cybersecurity, dark-web, data, deep-fake, defense, detection, email, endpoint, gartner, government, incident response, infrastructure, intelligence, LLM, malicious, malware, microsoft, strategy, tactics, threat, tool, training, vulnerability

In an era where cyber threats are evolving at an unprecedented pace, the need for robust cyber defense mechanisms has never been more critical. Sixty-two percent of all cyberattacks focus on public sector organizations directly and indirectly. Nation-state actors, equipped with generative artificial intelligence (genAI) sophisticated tools and techniques, pose significant threats to national security,…
Black Hat: Latest news and insights

Dec 10, 2024 8:08 PM

Tags: access, ai, attack, ciso, cloud, conference, crowdstrike, cyber, cybersecurity, data, exploit, firmware, flaw, group, hacker, identity, Internet, LLM, malicious, service, threat, tool, training, update, usa, vulnerability, windows

The infosecurity world decamps to London this week, with research on vulnerabilities in AI systems at the fore of the latest edition of Black Hat Europe.The four-day program runs from Dec. 9-12, with two-and four-day options of hands-on trainings, but the main event at ExCeL London occurs on Dec. 11 and 12 featuring the latest research, developments,…
Black Hat Europe preview: Cryptographic protocol attacks and AI in the spotlight

Dec 10, 2024 7:07 PM

Tags: access, ai, application-security, attack, authentication, backdoor, best-practice, computer, conference, control, cybercrime, cybersecurity, data, dns, encryption, exploit, finance, github, government, hacker, healthcare, identity, injection, Internet, LLM, malicious, microsoft, mitigation, office, open-source, radius, RedTeam, risk, service, sophos, technology, tool, training, vulnerability, vulnerability-management, windows

This week in London Black Hat Europe will feature a diverse range of talks and presentations covering the latest developments in cybersecurity.The opening keynote on Wednesday will be delivered by FrÃ©dÃ©rick Douzet, a professor of geopolitics at the University of Paris 8, and director of the French Institute of Geopolitics research team. No preview is…
Microsoft Challenge Will Test LLM Defenses Against Prompt Injections

Dec 10, 2024 7:07 PM

Tags: ai, attack, defense, injection, LLM, microsoft, risk

Microsoft is calling out to researchers to participate in a competition that is aimed at testing the latest protections in LLMs against prompt injection attacks, which OWASP is calling the top security risk facing the AI models as the industry rolls into 2025. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/microsoft-challenge-will-test-llm-defenses-against-prompt-injections/
Microsoft Bets $10,000 on Prompt Injection Protections of LLM Email Client

Dec 10, 2024 3:08 PM

Tags: email, injection, LLM, microsoft

Microsoft offers $10,000 in rewards to researchers who can manipulate a realistic simulated LLM-integrated email client. The post Microsoft Bets $10,000 on Prompt Injection Protections of LLM Email Client appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-bets-10000-on-prompt-injection-protections-of-llm-email-client/
Hackers Can Hijack Your Terminal Via Prompt Injection using LLM-powered Apps

Dec 10, 2024 7:07 AM

Tags: control, cyber, hacker, injection, LLM, vulnerability

Researchers have uncovered that Large Language Models (LLMs) can generate and manipulate ANSI escape codes, potentially creating new security vulnerabilities in terminal-based applications. ANSI escape sequences are a standardized set of control characters used by terminal emulators to manipulate the appearance and behavior of text displays. They enable features such as text color changes, cursor movement, blinking text, and more. Terminal emulators interpret these sequences…
>>Hack<< this LLM-powered service and get paid

Dec 9, 2024 5:07 PM

Tags: LLM, microsoft, service, technology

Microsoft, in collaboration with the Institute of Science and Technology Australia and ETH Zurich, has announced the LLMail-Inject Challenge, a competition to test and improve … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/09/llm-prompt-injection-attacks-challenge/
Microsoft dangles $10K for hackers to hijack LLM email service

Dec 9, 2024 2:07 PM

Tags: ai, email, hacker, LLM, microsoft, service

Outsmart an AI, win a little Christmas cash First seen on theregister.com Jump to article: www.theregister.com/2024/12/09/microsoft_llm_prompt_injection_challenge/
CrowdStrike hilft bei der Sicherung des EndEnd-KI-Ökosystems, das auf AWS aufbaut

Dec 8, 2024 8:07 AM

Tags: ai, cloud, container, crowdstrike, iam, identity, LLM, vulnerability

Die erweiterte Integration bietet End-to-End-Transparenz und Schutz für KI-Innovationen, von LLMs bis hin zu Anwendungen, durch verbesserte Amazon SageMaker-Unterstützung, KI-Container-Scanning und AWS IAM Identity Center-Integration. Da Unternehmen ihre Innovationen in der Cloud und die Einführung von KI beschleunigen, ist die Sicherung von KI-Workloads und -Identitäten von entscheidender Bedeutung. Fehlkonfigurationen, Schwachstellen und identitätsbasierte Bedrohungen setzen… First…
LLMs Raise Efficiency, Productivity of Cybersecurity Teams

Dec 5, 2024 10:48 PM

Tags: ai, cybersecurity, LLM, tool

AI-powered tools are making cybersecurity tasks easier to solve, as well as easier for the team to handle. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/llms-raise-efficiency-productivity-of-cybersecurity-teams
10 most critical LLM vulnerabilities

Dec 3, 2024 8:49 AM

Tags: access, ai, api, application-security, attack, authentication, automation, awareness, backdoor, breach, business, compliance, control, corporate, credit-card, cybersecurity, data, data-breach, email, exploit, guide, injection, intelligence, jobs, leak, least-privilege, LLM, malicious, privacy, RedTeam, risk, sans, service, social-engineering, spam, strategy, supply-chain, technology, theft, threat, tool, training, unauthorized, update, vulnerability, zero-trust

Enterprise adoption of generative AI technologies has exploded in 2024 due to the rapid evolution of the technology and the emergence of a variety of business use cases. According to Menlo Ventures, AI spending surged to $13.8 billion this year, up six-fold from 2023, and 72% of US decision makers say they are expanding their…
Microsoft Ignite: Redefining email security with LLMs to tackle a new era of social engineering

Dec 2, 2024 5:48 PM

Tags: email, LLM, microsoft, social-engineering

First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/microsoft-ignite-redefining-email-security-with-llms-to-tackle-a-new-era-of-social-engineering/