AI/LLM Security → LLM Attacks
Give a model tools and a loop and it stops being a chatbot and becomes an actor — it can send the email, run the code, move the mo…
Large language models do not only generalise — they memorise, and memorised text can be pulled back out word for word. Feed the ri…
A vector database is still a database — it just holds embeddings and metadata behind an API. In the rush to ship RAG, teams skippe…
RAG bolts a search step onto the model: before answering, the app retrieves chunks from a knowledge base and pastes them into the …
A model's output is untrusted input to whatever consumes it next. The app trusts it because "we generated it" — but the model is s…
A model holds secrets in its context — the system prompt, retrieved documents, earlier turns, tool outputs. Exfiltration is the pr…
A refusal is a learned behaviour, not an enforced rule — which is exactly why it can be steered around. Personas, fictional framin…
The OWASP LLM Top 10 catalogues the ten most critical security risks in applications built on large language models. This field gu…
Every LLM concatenates trusted instructions and untrusted data into one flat token stream with no parser and no enforced boundary.…