Tag: LLM
-
BSidesSLC 2025 LLM-Assisted Risk Management For Small Teams Budgets
Author, Creator & Presenter: Connor Turpin – Cloud Architect And Sysadmin Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/bsidesslc-2025-llm-assisted-risk-management-for-small-teams-budgets/
-
GPT Can’t Trace an Attack Chain. A Purpose-Built Cybersecurity LLM Can.
A purpose-built cybersecurity LLM is trained on security data from the ground up, not a general-purpose model with a security prompt. Here’s why the architecture matters for SOC operations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/gpt-cant-trace-an-attack-chain-a-purpose-built-cybersecurity-llm-can/
-
A nearly undetectable LLM attack needs only a handful of poisoned samples
Prompt engineering has become a standard part of how large language models are deployed in production, and it introduces an attack surface most organizations have not yet … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/26/llm-backdoor-attack-research/
-
Why CISOs Need to Start Taking AI Third-Party Risk Seriously
Keyrock CISO David Cass on Managing Agentic AI Risk in Financial Services. As financial institutions accelerate AI adoption, traditional governance models are falling short. David Cass, CISO at Keyrock, explains why organizations must rethink accountability, asset visibility and identity controls to manage emerging risks from LLMs and agentic AI systems. First seen on govinfosecurity.com Jump…
-
BSidesSLC 2025 LLM-Powered Network Intrusion Detection
Author, Creator & Presenter: -Taeyang Kim – Machine Learning Engineer at Pattern Inc. Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/bsidesslc-2025-llm-powered-network-intrusion-detection/
-
Novee Brings Autonomous Red Teaming to LLM Applications, Built From Its Own Vulnerability Research
Novee has introduced AI Red Teaming for LLM Applications, an autonomous security testing capability built into its AI penetration testing platform. The product is designed to find vulnerabilities in AI-powered applications before attackers do, addressing a category of risk that traditional pentesting tools were never built to handle. As enterprises deploy more AI-enabled software, from..…
-
AI Has Created a New Attack Surface and Encryption Is Not Enough
Tags: access, ai, attack, ciso, cryptography, cybersecurity, data, data-breach, defense, encryption, endpoint, exploit, framework, injection, intelligence, leak, LLM, microsoft, mitigation, network, risk, service, side-channel, sql, training, vulnerability<div cla Executive Insight For decades, enterprises relied on strong encryption to protect sensitive data in transit, and encryption used to be the end of the conversation. If an organization could say “we use TLS 1.3 and modern cipher suites,” that was enough to reassure boards, regulators, and customers that data in transit was…
-
AI Has Created a New Attack Surface and Encryption Is Not Enough
Tags: access, ai, attack, ciso, cryptography, cybersecurity, data, data-breach, defense, encryption, endpoint, exploit, framework, injection, intelligence, leak, LLM, microsoft, mitigation, network, risk, service, side-channel, sql, training, vulnerability<div cla Executive Insight For decades, enterprises relied on strong encryption to protect sensitive data in transit, and encryption used to be the end of the conversation. If an organization could say “we use TLS 1.3 and modern cipher suites,” that was enough to reassure boards, regulators, and customers that data in transit was…
-
Try our new dimensional analysis Claude plugin
We’re releasing a new Claude plugin for developing and auditing code that implements dimensional analysis, a technique we explored in our most recent blog post. Most LLM-based security skills ask the model to find bugs. Our new dimensional-analysis plugin for Claude Code takes a different approach: it uses the LLM to annotate your codebase with…
-
Malicious LiteLLM versions linked to TeamPCP supply chain attack
TeamPCP backdoored LiteLLM v1.82.71.82.8, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent access. Threat actor TeamPCP compromised LiteLLM versions 1.82.7 and 1.82.8, likely through a Trivy CI/CD breach. LiteLLM, with over 95 million monthly downloads, helps developers route LLM requests via a single API. The malicious releases, now…
-
Malicious LiteLLM versions linked to TeamPCP supply chain attack
TeamPCP backdoored LiteLLM v1.82.71.82.8, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent access. Threat actor TeamPCP compromised LiteLLM versions 1.82.7 and 1.82.8, likely through a Trivy CI/CD breach. LiteLLM, with over 95 million monthly downloads, helps developers route LLM requests via a single API. The malicious releases, now…
-
Training an AI agent to attack LLM applications like a real adversary
Most enterprise software development teams now ship AI-powered applications faster than traditional penetration testing can keep up with. A security team with 500 applications … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/25/novee-ai-pentesting-agent/
-
Compromised LiteLLM Package With 95M Downloads Tied to TeamPCP, After Trivy KICS Hacks
Security researchers discovered that the popular Python library litellm was compromised on PyPI. With over 95 million monthly downloads, this open-source tool helps developers route requests across various LLM providers through a single API. The threat actor, identified as TeamPCP, injected malicious code into versions 1.82.7 and 1.82.8. This devastating supply chain attack directly follows the group’s…
-
Compromised LiteLLM Package With 95M Downloads Tied to TeamPCP, After Trivy KICS Hacks
Security researchers discovered that the popular Python library litellm was compromised on PyPI. With over 95 million monthly downloads, this open-source tool helps developers route requests across various LLM providers through a single API. The threat actor, identified as TeamPCP, injected malicious code into versions 1.82.7 and 1.82.8. This devastating supply chain attack directly follows the group’s…
-
Julius v0.2.0: From 33 to 63 Probes, Now Detecting Cloud AI, Enterprise Inference, and RAG Pipelines
TL;DR: Julius v0.2.0 nearly doubles LLM fingerprinting probe coverage from 33 to 63, adding detection for cloud-managed AI services (AWS Bedrock, Azure OpenAI, Vertex AI), high-performance inference servers (SGLang, TensorRT-LLM, Triton), AI gateways (Portkey, Helicone, Bifrost), and self-hosted RAG platforms (PrivateGPT, RAGFlow, Quivr). This release also hardens the scanner itself with response size limiting and……
-
Training effective models without the annotation budget
Learn how to bypass costly annotation workflows by using LLM-generated labels and lightweight fine-tuning to build high-quality NER models with minimal human input. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/training-effective-models-without-the-annotation-budget/
-
LiteLLM loses game of Trivy pursuit, gets compromised
Python interface for LLMs infected with malware via polluted CI/CD pipeline First seen on theregister.com Jump to article: www.theregister.com/2026/03/24/trivy_compromise_litellm/
-
Why CISOs should embrace AI honeypots
Tags: access, ai, api, attack, breach, business, ciso, credentials, cyberattack, cybercrime, cybersecurity, data, defense, detection, exploit, hacker, LLM, mitigation, open-source, RedTeam, risk, service, threat, tool, vulnerabilityWhy CISOs should consider honeypots: Another player in the AI honeypot space is Deutsche Telekom (DT). The firm is both a user and purveyor of AI-powered honeypots through its free, open-source platform ‘T-Pot.’ The most obvious advantage to their use, explains Marco Ochse, DT’s lead for threat analytics and mitigation, lies in how little these…
-
The OWASP Top 10 for LLM Applications (2025): Explained Simply
6 min readThe OWASP Top 10 for LLM Applications is the most widely referenced framework for understanding these risks. First released in 2023, OWASP updated the list in late 2024 to reflect real-world incidents, emerging attack techniques and the rapid growth of agentic AI. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-owasp-top-10-for-llm-applications-2025-explained-simply/
-
Llamafile, Mozilla’s portable LLM runner, gets GPU support and a rebuilt core
Running a large language model on a single machine without cloud access or a container runtime remains a priority for practitioners working in air-gapped or … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/20/llamafile-0-10-0-released/
-
AI Conundrum: Why MCP Security Can’t Be Patched Away
MCP introduces security risks into LLM environments that are architectural and not easily fixable, researcher says at RSAC 2026 Conference. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/mcp-security-patched
-
AI Conundrum: Why MCP Security Can’t Be Patched Away
MCP introduces security risks into LLM environments that are architectural and not easily fixable, researcher says at RSAC 2026 Conference. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/mcp-security-patched
-
AI Conundrum: Why MCP Security Can’t Be Patched Away
MCP introduces security risks into LLM environments that are architectural and not easily fixable, researcher says at RSAC 2026 Conference. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/mcp-security-patched
-
Salt Security Launches Agentic Security Platform for the AI Stack Across LLMs, MCP Servers and APIs
This week, Salt Security has announced the launch of the Salt Agentic Security Platform, a new platform designed to secure the rapidly expanding Agentic Security Graph inside modern enterprises and enable organisations to adopt AI agents safely and at scale. As enterprises deploy AI agents to drive greater efficiency and productivity, their success depends on…
-
5 key priorities for your RSAC 2026 agenda
Tags: ai, api, attack, automation, ciso, compliance, conference, cybersecurity, data, detection, framework, governance, identity, infrastructure, injection, LLM, risk, service, soc, threat, tool, trainingEnable AI adoption fast enough to stay competitive.Secure the enterprise against a threat landscape that AI itself is creating.These are not sequential problems, unfortunately; they are parallel ones. I’d argue that RSAC 2026 is your best opportunity this year as a security leader to close the knowledge gap. AI prioritised Learning Framework: RSAC can be…
-
Everyone Is Deploying AI Agents. Almost Nobody Knows What They’re Doing.
Tags: access, ai, api, attack, ceo, ciso, credentials, data, data-breach, finance, infrastructure, Internet, LLM, risk, service, tool, vulnerability, wafOne constant I hear from CISOs I speak with is that AI agents are not coming. They are already inside organizations, reasoning through goals, selecting tools, and taking action through the same APIs that connect your most sensitive systems. And most security teams have no idea what those agents are doing. The problem Is not…
-
Everyone Is Deploying AI Agents. Almost Nobody Knows What They’re Doing.
Tags: access, ai, api, attack, ceo, ciso, credentials, data, data-breach, finance, infrastructure, Internet, LLM, risk, service, tool, vulnerability, wafOne constant I hear from CISOs I speak with is that AI agents are not coming. They are already inside organizations, reasoning through goals, selecting tools, and taking action through the same APIs that connect your most sensitive systems. And most security teams have no idea what those agents are doing. The problem Is not…