ai-security
Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.
532 articles
Typosquatting Meets AI: The New Threat of AI-Generated Package Names
AI code assistants recommend packages that do not exist, and attackers are registering those hallucinated names. This new typosquatting vector exploits the trust developers place in AI suggestions.
Security Testing for LLM-Powered Applications
Applications built on large language models introduce novel attack surfaces that traditional security testing does not cover. This guide addresses the specific testing methodologies needed for LLM applications.
AI Supply Chain Attacks: Emerging Threats in Model and Data Pipelines
As organizations adopt AI at scale, the AI/ML supply chain is becoming a new attack surface. From poisoned models to compromised training data, the threats are real and growing.
OpenAI Internal Breach: What the 2023 Forum Hack Reveals About AI Company Security
Reports emerged that a hacker accessed OpenAI's internal messaging systems in early 2023, raising questions about AI company security practices and the risks of concentrated AI development.
Deepfakes and Social Engineering: The Human Layer of Supply Chain Attacks
AI-generated deepfakes are making social engineering attacks against software supply chains more convincing and harder to detect.
Open Source AI Model Security: The Emerging Threat Landscape
As open source AI models proliferate, their security implications extend far beyond traditional software vulnerabilities. Model poisoning, supply chain tampering, and unsafe deserialization create new attack surfaces.
Autonomous Security Remediation: The Promise and Peril of Self-Healing Software
Automated vulnerability patching sounds ideal until you consider what happens when the automation gets it wrong. Here's a realistic look at autonomous remediation.
The LLM Supply Chain: Risks Hiding in Foundation Models
Large language models have their own supply chains: training data, fine-tuning datasets, model weights, and serving infrastructure. Each layer introduces risk.
OWASP Top 10 for LLM Applications: A First Look
OWASP published its first Top 10 for LLM Applications on August 1, 2023. Here is what it covers, where it overreaches, and how to use it on real systems.
Securing LLM Applications: The OWASP Top 10 for Large Language Models
OWASP released its Top 10 for LLM Applications in August 2023, providing the first standardized framework for understanding and mitigating risks in AI-powered software.
LLM Prompt Injection: The New Supply Chain Attack Vector
Prompt injection attacks against large language models represent a dangerous new frontier in software supply chain security. Here's what defenders need to know.
ChatGPT Plugins and the New Plugin Supply Chain Attack Surface
AI plugins connect LLMs to external services, creating a supply chain of trust that most users never examine. The risks are significant.