AI Security
In-depth guides and analysis on ai security from the Safeguard engineering team.
676 articles
Prompt Injection as a Supply Chain Risk: When AI Dependencies Are Exploitable
Prompt injection is not just an application vulnerability. When LLMs process content from the software supply chain -- package descriptions, README files, commit messages -- injection becomes a supply chain attack vector.
Security Testing for LLM-Powered Applications
Applications built on large language models introduce novel attack surfaces that traditional security testing does not cover. This guide addresses the specific testing methodologies needed for LLM applications.
Deepfakes and Social Engineering: The Human Layer of Supply Chain Attacks
AI-generated deepfakes are making social engineering attacks against software supply chains more convincing and harder to detect.
AI Model Poisoning: Detection Techniques for the Software Supply Chain
Poisoned AI models are a supply chain threat that traditional security tools can't detect. Here are the emerging techniques for identifying compromised models.
AI Code Review for Security: How Effective Is It Really?
AI-powered code review tools promise to catch vulnerabilities faster than humans. We tested the claims against reality.
Autonomous Security Remediation: The Promise and Peril of Self-Healing Software
Automated vulnerability patching sounds ideal until you consider what happens when the automation gets it wrong. Here's a realistic look at autonomous remediation.
AI Model Supply Chain Risks: Hugging Face and the New Attack Surface
As organizations download pre-trained models from Hugging Face and other model hubs, the AI supply chain introduces risks that traditional software security tools don't address.
The LLM Supply Chain: Risks Hiding in Foundation Models
Large language models have their own supply chains: training data, fine-tuning datasets, model weights, and serving infrastructure. Each layer introduces risk.
OWASP Top 10 for LLM Applications: A First Look
OWASP published its first Top 10 for LLM Applications on August 1, 2023. Here is what it covers, where it overreaches, and how to use it on real systems.
Securing LLM Applications: The OWASP Top 10 for Large Language Models
OWASP released its Top 10 for LLM Applications in August 2023, providing the first standardized framework for understanding and mitigating risks in AI-powered software.
AI Hallucinations Meet Package Confusion: A New Class of Supply Chain Attack
When LLMs hallucinate package names that don't exist, attackers can register them. This supply chain attack vector is already being exploited in the wild.
LLM Prompt Injection: The New Supply Chain Attack Vector
Prompt injection attacks against large language models represent a dangerous new frontier in software supply chain security. Here's what defenders need to know.