llm-security
Safeguard articles tagged "llm-security" — guides, analysis, and best practices for software supply chain and application security.
108 articles
What is LLM Security
LLM security protects model weights, prompts, outputs, and the AI supply chain from injection, leakage, and compromise—here's what it covers and how to defend it.
What is Prompt Injection
Prompt injection is OWASP's #1 LLM risk. Learn how it works, real CVEs like EchoLeak, and how to detect and defend against it.
Secure Patterns for LLM Output Handling in 2026
LLM02 on the OWASP LLM Top 10 keeps quietly producing incidents because downstream systems trust model outputs they should not. Concrete patterns that hold up.
Direct vs Indirect Prompt Injection
Direct and indirect prompt injection are different attack vectors with different blast radii. Real 2025 CVEs like EchoLeak show why the distinction matters.
What is LLM Jailbreaking
LLM jailbreaking bypasses AI safety guardrails through techniques like DAN prompts, Crescendo, and Skeleton Key — here's how it works and how to defend against it.
What is AI Model Supply Chain Security
Model weights are executable artifacts, not data. Here's how AI model supply chain attacks work, from pickle exploits to weight tampering, and how to stop them.
What is AI Agent Security
AI agent security explained: how autonomous AI agents get attacked through prompt injection, tool poisoning, and exposed MCP servers, and how to stop it.
Risks of AI-Generated Code
AI coding assistants now write nearly half of some codebases—and research shows 45% of that code ships with exploitable flaws. Here's what security teams need to know.
What is Training Data Poisoning
Training data poisoning corrupts an ML model's training data to plant hidden backdoors. Learn how it works, real incidents, and how to detect it.
What is a Model Inversion Attack
Model inversion attacks reconstruct sensitive training data from a model's outputs. Learn how they work, real cases, and how to defend your ML APIs.
What is Insecure Output Handling in LLMs
Insecure output handling lets LLM-generated text execute code, alter queries, or render unsanitized HTML — a real, exploitable OWASP LLM05:2025 risk.
What is Sensitive Information Disclosure in LLMs
LLM sensitive information disclosure leaks training data, prompts, and secrets through model outputs. Real incidents, causes, and defenses explained.