When Malware Learns: Artificial Intelligence and Adaptive Threats

- Posted in Threat Analyze by
Background: Traditional polymorphic malware followed predictable mutation patterns designed to evade signature-based detection while maintaining the same functionality. With the introduction of AI, [...] Read more

From Assistant to Actor: The Dangers of Excessive AI Agency

- Posted in Hardenings by
Background: Automation continues to drive efficiency, but agentic AI introduces new security challenges. AI agents may have extensive access to systems and the ability to perform actions [...] Read more

Defending LLMs Against LoRA-Enabled Supply Chain Attacks

- Posted in Hardenings by
Background: As an LLM trainer, it is a best practice to use 2–3 isolated environments for LLM training. One of the major risks in this process is supply chain attacks, and LoRA (Low-Rank [...] Read more

Securing LLM Outputs: Preventing Insecure Output Handling and Injection Attacks

- Posted in Hardenings by
Background: The threat landscape in the LLM era has become hybrid compared with the classic OWASP Top Ten. Interconnected LLM services have brought new types of attacks, and the boundaries between [...] Read more

Sensitive Data Disclosure over Leveraging LLM

- Posted in Threat Analyze by
Background: When leveraging agentic and non-agentic AI capabilities, especially when your solution is connected to your database, your organization can face another threat besides prompt injection: [...] Read more

Prompt Injection: Attack against LLM

- Posted in Threat Analyze by
Background: Prompt injection is one of the most well-known attacks against LLMs. The primary goal of a threat actor in such attacks is to extract secrets and other sensitive data from the environment [...] Read more

Data Poisoning Attacks on LLM leveraged Product Support Bots: Attack, Risk, Prevention

- Posted in Threat Analyze by
Background: Because industry started leveraging AI capabilities for routine cases like general customer support, a new threat has emerged: data poisoning. Core attack category: Based on MITRE ATLAS, [...] Read more

Malicious Use of Ansible by Threat Actors

- Posted in Hardenings by
Background: Ansible is a legitimate tool used by specialists to manage environments at scale. However, threat actors can also abuse this tool to deploy malicious payloads or establish persistence. [...] Read more

Morse Code and the Failure of Text-Based Detection

- Posted in Leak by
Background: Sometimes, in alert detection engineering, we can rely on plain-text detection, and even IDS rules can fail during body analysis. Attackers may achieve this by using more exotic methods [...] Read more

Kubernetes Forensics: Secret Rotation from Ruin to Recovery

- Posted in Incident Response by
Background: In this section, we will discuss specific actions during evidence collection, log analysis, and recovery for situations where it is necessary to determine if unencrypted secrets or [...] Read more
Page 1 of 11