LLM – SSL and internet security news

We Are Still Unable to Secure LLMs from Malicious Inputs

August 27, 2025 infossl

AI, cyberattack, LLM, Security technology, Uncategorized

Nice indirect prompt injection attack: Bargury’s attack starts with a poisoned document, which is shared to a potential victim’s Google Drive. (Bargury says a victim could have also uploaded a compromised file to their own account.) It looks like an official document on company meeting policies. But inside the document, Bargury hid a 300-word malicious … Read More “We Are Still Unable to Secure LLMs from Malicious Inputs” »

Subverting AIOps Systems Through Poisoned Input Data

August 20, 2025 infossl

academic papers, AI, cyberattack, integrity, LLM, Security technology, Uncategorized

In this input integrity attack against an AI system, researchers were able to fool AIOps tools: AIOps refers to the use of LLM-based agents to gather and analyze application telemetry, including system logs, performance metrics, traces, and alerts, to detect problems and then suggest or carry out corrective actions. The likes of Cisco have deployed … Read More “Subverting AIOps Systems Through Poisoned Input Data” »

LLM Coding Integrity Breach

August 14, 2025 infossl

AI, integrity, LLM, Security technology, Uncategorized

Here’s an interesting story about a failure being introduced by LLM-written code. Specifically, the LLM was doing some code refactoring, and when it moved a chunk of code from one file to another it changed a “break” to a “continue.” That turned an error logging statement into an infinite loop, which crashed the system. This … Read More “LLM Coding Integrity Breach” »

Subliminal Learning in AIs

July 25, 2025 infossl

academic papers, AI, integrity, LLM, Security technology, trust, Uncategorized

Today’s freaky LLM behavior: We study subliminal learning, a surprising phenomenon where language models learn traits from model-generated data that is semantically unrelated to those traits. For example, a “student” model learns to prefer owls when trained on sequences of numbers generated by a “teacher” model that prefers owls. This same phenomenon can transmit misalignment … Read More “Subliminal Learning in AIs” »

The Age of Integrity

June 27, 2025 infossl

AI, LLM, Security technology, Uncategorized

We need to talk about data integrity. Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies from medical records are all integrity attacks. More broadly, integrity refers to ensuring … Read More “The Age of Integrity” »

What LLMs Know About Their Users

June 25, 2025 infossl

AI, data collection, data privacy, LLM, Security technology, surveillance, Uncategorized

Simon Willison talks about ChatGPT’s new memory dossier feature. In his explanation, he illustrates how much the LLM—and the company—knows about its users. It’s a big quote, but I want you to read it all. Here’s a prompt you can use to give you a solid idea of what’s in that summary. I first saw … Read More “What LLMs Know About Their Users” »

Where AI Provides Value

June 17, 2025 infossl

AI, LLM, Security technology, Uncategorized

If you’ve worried that AI might take your job, deprive you of your livelihood, or maybe even replace your role in society, it probably feels good to see the latest AI tools fail spectacularly. If AI recommends glue as a pizza topping, then you’re safe for another day. But the fact remains that AI already … Read More “Where AI Provides Value” »

AI-Generated Law

May 15, 2025 infossl

AI, laws, LLM, Security technology, Uncategorized

On April 14, Dubai’s ruler, Sheikh Mohammed bin Rashid Al Maktoum, announced that the United Arab Emirates would begin using artificial intelligence to help write its laws. A new Regulatory Intelligence Office would use the technology to “regularly suggest updates” to the law and “accelerate the issuance of legislation by up to 70%.” AI would create a “comprehensive legislative … Read More “AI-Generated Law” »

Applying Security Engineering to Prompt Injection Security

April 29, 2025 infossl

academic papers, AI, google, LLM, security engineering, Security technology, Uncategorized

This seems like an important advance in LLM security against prompt injection: Google DeepMind has unveiled CaMeL (CApabilities for MachinE Learning), a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves. Instead, CaMeL treats language models as fundamentally untrusted components within a secure software framework, creating clear … Read More “Applying Security Engineering to Prompt Injection Security” »

Slopsquatting

April 15, 2025 infossl

AI, LLM, malware, Security technology, Uncategorized

As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names—laced with malware, of course. Powered by WPeMatico