Background:
Traditional polymorphic malware followed predictable mutation patterns designed to evade signature-based detection while maintaining the same functionality. With the introduction of AI, [...] Read more
Background:
Automation continues to drive efficiency, but agentic AI introduces new security challenges. AI agents may have extensive access to systems and the ability to perform actions [...] Read more
Background:
As an LLM trainer, it is a best practice to use 2–3 isolated environments for LLM training. One of the major risks in this process is supply chain attacks, and LoRA (Low-Rank [...] Read more
Background:
The threat landscape in the LLM era has become hybrid compared with the classic OWASP Top Ten. Interconnected LLM services have brought new types of attacks, and the boundaries between [...] Read more
Background:
When leveraging agentic and non-agentic AI capabilities, especially when your solution is connected to your database, your organization can face another threat besides prompt injection: [...] Read more
Background:
Prompt injection is one of the most well-known attacks against LLMs. The primary goal of a threat actor in such attacks is to extract secrets and other sensitive data from the environment [...] Read more
Background:
Because industry started leveraging AI capabilities for routine cases like general customer support, a new threat has emerged: data poisoning. Core attack category:
Based on MITRE ATLAS, [...] Read more
Background:
Ansible is a legitimate tool used by specialists to manage environments at scale. However, threat actors can also abuse this tool to deploy malicious payloads or establish persistence. [...] Read more
Background:
Sometimes, in alert detection engineering, we can rely on plain-text detection, and even IDS rules can fail during body analysis. Attackers may achieve this by using more exotic methods [...] Read more
Background: In this section, we will discuss specific actions during evidence collection, log analysis, and recovery for situations where it is necessary to determine if unencrypted secrets or [...] Read more