685 matches found
PentestEval: Benchmarking LLM-Based Penetration Testing with Modular and Stage-Level Design
Penetration testing is essential for assessing and strengthening system security against real-world threats, yet traditional workflows remain highly manual, expertise-intensive, and difficult to scale. Although recent advances in Large Language Models LLMs offer promising opportunities for...
SeBERTis: A Framework for Producing Classifiers of Security-Related Issue Reports
Monitoring issue tracker submissions is a crucial software maintenance activity. A key goal is the prioritization of high risk, security-related bugs. If such bugs can be recognized early, the risk of propagation to dependent products and endangerment of stakeholder benefits can be mitigated. To...
Security and Detectability Analysis of Unicode Text Watermarking Methods against Large Language Models
Securing digital text is becoming increasingly relevant due to the widespread use of large language models. Individuals' fear of losing control over data when it is being used to train such machine learning models or when distinguishing model-generated output from text written by humans. Digital...
The Role of AI in Modern Penetration Testing
Penetration testing is a cornerstone of cybersecurity, traditionally driven by manual, time-intensive processes. As systems grow in complexity, there is a pressing need for more scalable and efficient testing methodologies. This systematic literature review examines how Artificial Intelligence AI...
Persistent Backdoor Attacks under Continual Fine-Tuning of LLMs
Backdoor attacks embed malicious behaviors into Large Language Models LLMs, enabling adversaries to trigger harmful outputs or bypass safety controls. However, the persistence of the implanted backdoors under user-driven post-deployment continual fine-tuning has been rarely examined. Most prior...
Scale AI Securely with Qualys TotalAI’s Streamlined Onboarding, Deeper Risk Detection, and Compliance-Ready Reporting
Executive Summary Enterprises are entering a phase where AI systems function as decision engines that shape customer interactions, operational workflows, and business outcomes. This creates a new class of risk that is behavioral, contextual, and dynamic, driven by how models interpret instruction...
Patch Wednesday: Root Cause Analysis with LLMs
...
Chasing Shadows: Pitfalls in LLM Security Research
Large language models LLMs are increasingly prevalent in security research. Their unique characteristics, however, introduce challenges that undermine established paradigms of reproducibility, rigor, and evaluation. Prior work has identified common pitfalls in traditional machine learning researc...
Defining Cost Function of Steganography with Large Language Models
In this paper, we make the first attempt towards defining cost function of steganography with large language models LLMs, which is totally different from previous works that rely heavily on expert knowledge or require large-scale datasets for cost learning. To achieve this goal, a two-stage...
Prompt injection is a problem that may never be fixed, warns NCSC
Prompt injection is shaping up to be one of the most stubborn problems in AI security, and the UK’s National Cyber Security Centre NCSC has warned that it may never be “fixed” in the way SQL injection was. Two years ago, the NCSC said prompt injection might turn out to be the “SQL injection of th...
A Practical Framework for Evaluating Medical AI Security: Reproducible Assessment of Jailbreaking and Privacy Vulnerabilities across Clinical Specialties
Medical Large Language Models LLMs are increasingly deployed for clinical decision support across diverse specialties, yet systematic evaluation of their robustness to adversarial misuse and privacy leakage remains inaccessible to most researchers. Existing security benchmarks require GPU cluster...
Towards Small Language Models for Security Query Generation in SOC Workflows
Analysts in Security Operations Centers routinely query massive telemetry streams using Kusto Query Language KQL. Writing correct KQL requires specialized expertise, and this dependency creates a bottleneck as security teams scale. This paper investigates whether Small Language Models SLMs can...
ThinkTrap: Denial-Of-Service Attacks against Black-Box LLM Services Via Infinite Thinking
Large Language Models LLMs have become foundational components in a wide range of applications, including natural language understanding and generation, embodied intelligence, and scientific discovery. As their computational requirements continue to grow, these models are increasingly deployed as...
Beyond Detection: A Comprehensive Benchmark and Study on Representation Learning for Fine-Grained Webshell Family Classification
Malicious WebShells pose a significant and evolving threat by compromising critical digital infrastructures and endangering public services in sectors such as healthcare and finance. While the research community has made significant progress in WebShell detection i.e., distinguishing malicious...
Safe2Harm: Semantic Isomorphism Attacks for Jailbreaking Large Language Models
Large Language Models LLMs have demonstrated exceptional performance across various tasks, but their security vulnerabilities can be exploited by attackers to generate harmful content, causing adverse impacts across various societal domains. Most existing jailbreak methods revolve around Prompt...
CISA, Australia, and Partners Author Joint Guidance on Securely Integrating Artificial Intelligence in Operational Technology
CISA and the Australian Signals Directorate’s Australian Cyber Security Centre, in collaboration with federal and international partners, have released new cybersecurity guidance: Principles for the Secure Integration of Artificial Intelligence in Operational Technology. This guidance aims to hel...
Learning the Wrong Lessons: Syntactic-Domain Spurious Correlations in Language Models
Whitepaper from researchers at MIT, Northeastern University, and Meta. For an LLM to correctly respond to an instruction it must understand both the semantics and the domain i.e., subject area of a given task-instruction pair. However, syntax can also convey implicit information Recent work shows...
LeechHijack: Covert Computational Resource Exploitation in Intelligent Agent Systems
Large Language Model LLM-based agents have demonstrated remarkable capabilities in reasoning, planning, and tool usage. The recently proposed Model Context Protocol MCP has emerged as a unifying framework for integrating external tools into agent systems, enabling a thriving open ecosystem of...
COGNITION: From Evaluation to Defense against Multimodal LLM CAPTCHA Solvers
This paper studies how multimodal large language models MLLMs undermine the security guarantees of visual CAPTCHA. We identify the attack surface where an adversary can cheaply automate CAPTCHA solving using off-the-shelf models. We evaluate 7 leading commercial and open-source MLLMs across 18...
Large Language Models Cannot Reliably Detect Vulnerabilities in JavaScript: The First Systematic Benchmark and Evaluation
Researchers have proposed numerous methods to detect vulnerabilities in JavaScript, especially those assisted by Large Language Models LLMs. However, the actual capability of LLMs in JavaScript vulnerability detection remains questionable, necessitating systematic evaluation and comprehensive...