AI/LLM Security → LLM Attacks
The Model Context Protocol is "USB-C for AI" — it lets agents plug into tools, and it ships a brand-new attack surface most teams …
Give a model tools and a loop and it stops being a chatbot and becomes an actor — it can send the email, run the code, move the mo…
Once a model can read images and hear audio, the picture and the sound become instruction channels — and the safety layer is usual…
Large language models do not only generalise — they memorise, and memorised text can be pulled back out word for word. Feed the ri…
A vector database is still a database — it just holds embeddings and metadata behind an API. In the rush to ship RAG, teams skippe…
RAG bolts a search step onto the model: before answering, the app retrieves chunks from a knowledge base and pastes them into the …
A model's output is untrusted input to whatever consumes it next. The app trusts it because "we generated it" — but the model is s…
A model holds secrets in its context — the system prompt, retrieved documents, earlier turns, tool outputs. Exfiltration is the pr…
A refusal is a learned behaviour, not an enforced rule — which is exactly why it can be steered around. Personas, fictional framin…
The OWASP LLM Top 10 catalogues the ten most critical security risks in applications built on large language models. This field gu…