llm
Safeguard articles tagged "llm" — guides, analysis, and best practices for software supply chain and application security.
33 articles
AI Agent Tool Calling Security: Risks and Mitigations
AI agents that call tools -- APIs, databases, file systems, code interpreters -- convert non-deterministic LLM output into real-world actions. Securing this boundary is the defining challenge of agentic AI.
LLM-Augmented Bug Discovery Methodology
A practitioner's methodology for using LLMs to augment — not replace — traditional bug discovery workflows, with patterns that hold up under real review load.
Prompt Injection as a Supply Chain Risk: When AI Dependencies Are Exploitable
Prompt injection is not just an application vulnerability. When LLMs process content from the software supply chain -- package descriptions, README files, commit messages -- injection becomes a supply chain attack vector.
Typosquatting Meets AI: The New Threat of AI-Generated Package Names
AI code assistants recommend packages that do not exist, and attackers are registering those hallucinated names. This new typosquatting vector exploits the trust developers place in AI suggestions.
Security Testing for LLM-Powered Applications
Applications built on large language models introduce novel attack surfaces that traditional security testing does not cover. This guide addresses the specific testing methodologies needed for LLM applications.
The LLM Supply Chain: Risks Hiding in Foundation Models
Large language models have their own supply chains: training data, fine-tuning datasets, model weights, and serving infrastructure. Each layer introduces risk.
OWASP Top 10 for LLM Applications: A First Look
OWASP published its first Top 10 for LLM Applications on August 1, 2023. Here is what it covers, where it overreaches, and how to use it on real systems.
Securing LLM Applications: The OWASP Top 10 for Large Language Models
OWASP released its Top 10 for LLM Applications in August 2023, providing the first standardized framework for understanding and mitigating risks in AI-powered software.
LLM Prompt Injection: The New Supply Chain Attack Vector
Prompt injection attacks against large language models represent a dangerous new frontier in software supply chain security. Here's what defenders need to know.