Guardrails aren't a wall. They're a bouncer who only reads the front of your ID.
• Most guardrails scan the text you type for bad words or bad intent. So you just stop typing the bad part in plain English.
• Encode it. Base64, ROT13, leetspeak, or another language. The filter sees gibberish but the model still understands and answers.
• Split the ask across turns. Ask for step one, then two, then three. Each message looks harmless on its own, the full recipe only exists once you stitch it together.
• Output filters get dodged too. Ask the model to space out letters, add fake typos, or answer in a table. The blocklist never matches.
• Real fix is not one filter. Check the input, check the output, watch behavior over a whole session, and never trust that a clean prompt means a clean intent.
#LLMSecurity #AISecurity #Jailbreak #PromptInjection #RedTeam #AIpentest
Your AI agent has one brain and way more doors than you think. Here's every way in
1 Direct prompt injection where you just tell it to ignore its rules and it does
2 Indirect injection hidden in a webpage or file it reads, so the payload comes from data not you
3 Tool abuse where it gets tricked into calling a real tool like send email or run code on the attacker's behalf
4 Memory poisoning where bad info gets saved once and haunts every future chat
5 System prompt leak where you coax it to spit out its own secret instructions
6 Excessive agency where it has more access than the task needs and one bad step wrecks things
7 RAG poisoning where you plant a nasty doc it later pulls in and trusts as truth
Lock it down by treating every input as hostile, giving it the least access possible, and never letting data double as commands
#AISecurity #PromptInjection #LLMSecurity #RedTeam #AIpentest #AIagents
Pentesting an LLM Application? Don't just throw jailbreaks at it.
• First map what it can touch. Tools, files, databases. That's your real attack surface.
• Ask it to repeat its own rules back. A leaked system prompt hands you the guardrails.
• Then feed it poisoned input and watch it obey.
#LLMSecurity #AIpentest #PromptInjection #RedTeam #AISecurity
Poisoned model weights are the new poisoned npm package. Attacker forks a popular model, adds a malicious pickle payload, ships it under a lookalike name. A dev pulls it, code runs at load time, keys walk out the door.
#AISecurity#SupplyChainAttack#MLSecurity#ModelPoisoning #RedTeam
Your AI agent just added an MCP server. You just added a backdoor you can't see.
• MCP lets your agent plug into outside tools. Every tool description gets read straight into the model's context, so a shady server can hide orders in there that you never see.
• Tool poisoning is the big one. The tool says "read a file" but its hidden description tells the agent to also grab your SSH keys and send them off. The agent just obeys.
• Servers can swap their tool definitions after you approve them. You trusted it on day one, then day three it quietly turns evil. This is the rug pull.
• One malicious server can shadow a trusted one. It redefines a tool with the same name and steals the calls meant for the real thing.
• Fix side: pin the exact tool versions, read the full descriptions not just the names, and never let one agent hold both your secrets and a random third party server.
#MCP #AISecurity #PromptInjection #LLMSecurity #RedTeam #AIpentest
Imagine a bank robbery where the attacker doesn't break a single lock, they don't try to disable the alarm system, and they don't even bring a weapon. They just walk through the front door, have a really polite conversation with the manager, and 5 minutes later the manager is happily helping carry their goal to the car, holding the door for them.
In the era of AI, this is exactly what a modern cyber attack looks like. The structural integrity of digital walls doesn’t matter if the intelligence behind it can be convinced to open the door.
#CyberSecurity #AI #LLMSecurity #SecurityAwareness #PromptInjection
The lack of Cloud Audit Logs for https://t.co/lZ0CJGYMvx introduces a critical visibility gap.
Does this conflict with core security logging principles, especially for traceability and incident response?
#GCP#CloudSecurity#Security#cloud#google
Hey @GoogleCloudTech, why does https://t.co/lZ0CJGYMvx (Gemini direct API) not support Cloud Audit Logs? In case someone's Gemini key gets leaked, how can we trace who is exploiting it?
#GCP#GoogleCloudTech
The Vercel security breach is a reminder that each and every SaaS tool your team uses IS a security risk of its own - especially if they need broad data access to eg email, internet docs etc (many AI tools do just this)
Security teams onboarding new vendors happens for a reason.
#Axios - yet another issue with this popular #NPM library: A newly discovered critical vulnerability CVE-2026-40175 in axios has exposed countless web & cloud apps to potential Remote Code Execution (#RCE) and full infrastructure compromise:
👇
https://t.co/QbwS978p5F
“Practice any art… no matter how well or badly, not to get money and fame, but to experience becoming, to find out what's inside you, to make your soul grow.”
- McKellen reciting Vonnegut
I hacked Claude Code! It turns out "agentic" is just a fancy new way to get a shell. I achieved full RCE and hijacked organization API keys. CVE-2025-59536 | CVE-2026-21852
https://t.co/GymKzaM1wp
#ai#Claude
Introducing Claude Code Security, now in limited research preview.
It scans codebases for vulnerabilities and suggests targeted software patches for human review, allowing teams to find and fix issues that traditional tools often miss.
Learn more: https://t.co/n4SZ9EIklG
Introducing EVMbench—a new benchmark that measures how well AI agents can detect, exploit, and patch high-severity smart contract vulnerabilities. https://t.co/op5zufgAGH
JUST IN: Paradigm partner with OpenAI to launch EVMbench - an AI smart contract security agent benchmark
All eyes on web3 security, it was bound to happen, we are securing the future of finance🫡
Ask yourself why your “automated scan providers” don’t provide results in real time. if it was really just an AI looking at your code, why wouldn't they give you a button to run a scan.