@elder_plinius attack surface ∝ capabilities.

RT @LeonDerczynski: Call for papers: LLMSEC 2025. Deadline 15 April, held w/ ACL 2025 in Vienna. Formats: long/short/war stories. More: >>….

Gritty Pixy. "We leverage the sensitivity of existing QR code readers and stretch them to their detection limit. This is not difficult to craft very elaborated prompts and to inject them into QR codes. What is difficult is to make them inconspicuous as we do here with Gritty

RT @garak_llm: garak has moved to NVIDIA!. New repo link:

ChatTL;DR – You Really Ought to Check What the LLM Said on Your Behalf 🌶️. "assuming that in the near term it’s just not machines talking to machines all the way down, how do we get people to check the output of LLMs before they copy and paste it to friends, colleagues, course

Automated Red Teaming with GOAT: the Generative Offensive Agent Tester. "we introduce the Generative Offensive Agent Tester (GOAT), an automated agentic red teaming system that simulates plain language adversarial conversations while leveraging multiple adversarial prompting.

LLMmap: Fingerprinting For Large Language Models. "With as few as 8 interactions, LLMmap can accurately identify 42 different LLM versions with over 95% accuracy. More importantly, LLMmap is designed to be robust across different application layers, allowing it to identify LLM

RT @llm_sec: Insights and Current Gaps in Open-Source LLM Vulnerability Scanners: A Comparative Analysis 🌶️. "Our study evaluates prominent….

author thread for cognitive overload attack:

Cognitive Overload Attack: Prompt Injection for Long Context. "We applied the principles of Cognitive Load Theory in LLMs. We show that advanced models such as GPT-4, Claude-3.5 Sonnet, Claude-3 OPUS, Llama-3-70B-Instruct, Gemini-1.0-Pro, and Gemini-1.5-Pro can be successfully

InjecGuard: Benchmarking and Mitigating Over-defense in Prompt Injection Guardrail Models. (-- look at that perf/latency pareto frontier. game on!). "State-of-the-art models suffer from over-defense issues, with accuracy dropping close to random guessing levels (60%). We propose

AgentHarm: A Benchmark for Measuring Harmfulness of LLM Agents. "To facilitate research on LLM agent misuse, we propose a new benchmark called AgentHarm. We find (1) leading LLMs are surprisingly compliant with malicious agent requests without jailbreaking, (2) simple universal

Does your LLM truly unlearn? An embarrassingly simple approach to recover unlearned knowledge. "This paper reveals that applying quantization to models that have undergone unlearning can restore the "forgotten" information."."for unlearning methods with utility constraints, the

RT @NannaInie: unpopular opinion: maybe let insecure be insecure and worry about the downstream effects on end users instead of protecting….

RT @_Sizhe_Chen_: Safety comes first to deploying LLMs in applications like agents. For richer opportunities of LLMs, we mitigate prompt in….

Insights and Current Gaps in Open-Source LLM Vulnerability Scanners: A Comparative Analysis 🌶️. "Our study evaluates prominent scanners - Garak, Giskard, PyRIT, and CyberSecEval - that adapt red-teaming practices to expose these vulnerabilities. We detail the distinctive features

RT @mbrg0: the go-to method for data exfil after a successful prompt injection is rendering an image or a clickable link. that's why m365 c….

RT @wunderwuzzi23: 🔥 Microsoft fixed a high severity data exfiltration exploit chain in Copilot that I reported earlier this year. It was….

Tenable Research discovered a vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed access to potentially sensitive information regarding service internals with potential cross-tenant impact.

Transferring Backdoors between Large Language Models by Knowledge Distillation. "we propose ATBA, an adaptive transferable backdoor attack, which can effectively distill the backdoor of teacher LLMs into small models when only executing clean-tuning". "we exploit a shadow model