Best of 2025: Indirect prompt injection attacks target common LLM data sources
While the shortest distance between two points is a straight line, a straight-line attack on a large language model isn't always the most efficient — and least noisy — way to get the LLM to do bad things. That's why malicious actors have been turning to indirect prompt injection attacks ... Read More
The true cost of CVEs: Why you need to shift beyond vulnerabilities
Lowering the risks that common vulnerabilities and exposures (CVEs) pose to organizations can be a costly endeavor — but shifting your team's focus away from the deluge can free up your software engineering efforts and unleash business opportunities while reducing risk, a new report has found ... Read More
Fully autonomous development is coming: Is your AppSec ready?
A trio of AI experts raised eyebrows earlier this year when they revealed their ambitious plans to use artificial intelligence (AI) tools to automate all white-collar jobs "as fast as possible." At the top of the hit list: software developers. "[W]e’ll eventually reach a point when AIs can perform the ... Read More
Red-teaming agentic AI: New guide lays out key concerns for AppSec
A new guide published by the Cloud Security Alliance (CSA) gives red teams some useful guidance on how to go about securing agentic AI systems. Red-teaming for agentic AI requires a specialized approach because the planning, reasoning, tool utilization, and autonomous capabilities of those systems create attack surfaces and failure ... Read More
OWASP’s Chat Playground lets security teams toy with gen AI
A new interactive tool for learning about securing generative AI models called Chat Playground has been launched by the OWASP Gen AI Security Project. Steve Wilson, co-chair of the Gen AI Security Project, said that group wanted to provide something with a low bar to getting started — and with ... Read More
Boost VM security: 8 key strategies
Virtual machines (VMs) have become ubiquitous in the enterprise by offering flexibility, scalability, and cost savings. But widespread adoption has outpaced traditional security controls, which often rely on runtime access or agent-based monitoring ... Read More
Indirect prompt injection attacks target common LLM data sources
While the shortest distance between two points is a straight line, a straight-line attack on a large language model isn't always the most efficient — and least noisy — way to get the LLM to do bad things. That's why malicious actors have been turning to indirect prompt injection attacks ... Read More
MIT researchers look to tame AI code with new controls
Despite the risks associated with artificial intelligence (AI) coding, developers remain enthusiastic, using it to keep up with the demand for delivery software at speed. A recent GitHub survey found that 92% of U.S.-based developers are using AI coding regularly. But while many developers are using AI to assist them ... Read More
Mobile and third-party risk: How legacy testing leaves you exposed
Risks to software supply chains from mobile applications are increasing, largely due to a lack of deeper visibility into their codebase, a new study has found. ... Read More
