All posts
-
OWASP Top 10 for LLM Applications: The 2025 List Explained
A practitioner's walkthrough of the OWASP Top 10 for LLM Applications (2025 edition), covering all ten risk categories, what changed from the 2023 list
-
What Is a Prompt Injection Attack? Definition, Types, and Defenses
A prompt injection attack manipulates an LLM's instruction-following logic to override intended behavior. Ranked OWASP LLM01:2025, it affects chatbots
-
AI Security Week: May 22, 2026
Google says it caught attackers using an LLM to find a zero-day, peer-reviewed research shows reasoning models can autonomously jailbreak other models
-
AI Security Week: May 18, 2026
A self-propagating npm/PyPI worm sweeps up AI SDKs including Mistral AI and Guardrails AI, two critical RCE classes in the vLLM inference server, and the
-
AI Security Week: May 13, 2026
A critical pre-auth SQL injection in LiteLLM lands in CISA's KEV catalog, the EU reaches a provisional deal to delay and reshape the AI Act, and Microsoft
-
AI Security Week: May 10, 2026
Analysis and commentary: training-data poisoning as a durable class, ATLAS as a finding taxonomy, red-teaming through the data channel, and the EU AI
-
AI Security Week: May 9, 2026
Analysis and commentary: RAG retrieval as an injection channel, insecure output handling as the under-built control, the OWASP LLM Top 10 as an
-
AI Security News Weekly Digest: What to Track and Where
A practitioner's guide to building and consuming a reliable AI security news weekly digest — covering threat categories, authoritative sources, and the
-
AI Security Week: May 8, 2026
Analysis and commentary: the NIST AI RMF and its Generative AI Profile as a control map, the model/data supply-chain compromise class, why model
-
AI Security Week: May 7, 2026
Analysis and commentary: the durable shape of the EU AI Act timeline, MITRE ATLAS as a shared attack vocabulary, the recurring SSRF class in LLM-tool
-
AI Security Week: May 6, 2026
Analysis and commentary: AI provider usage-policy direction for security research, multi-modal (image-embedded) prompt injection, AI-security
-
AI Security Week: May 5, 2026
Analysis and commentary: why machine-unlearning guarantees are weak, the RAG-exposure misconfiguration class, ENISA-style AI incident-response practice
-
AI Security Week: May 4, 2026
Analysis and commentary: transfer-resistant adversarial-example research, the recurring typosquat/supply-chain class against ML packaging, NIST AI RMF
-
Understanding the OWASP LLM Top 10: What Matters Most
OWASP published the LLM Top 10 in 2023 and updated it in 2025. The list is useful but requires interpretation.
-
AI Security Week: May 3, 2026
Analysis and commentary: Anthropic's safety-research posture, the recurring class of path-traversal issues in LLM middleware, EU AI Act enforcement
-
AI Security Year in Review: 2025
The five most consequential AI security developments of 2025: the shift from theoretical to operational attacks, the supply chain compromise wave