557 matches found
RulePilot: An LLM-Powered Agent for Security Rule Generation
The real-time demand for system security leads to the detection rules becoming an integral part of the intrusion detection life-cycle. Rule-based detection often identifies malicious logs based on the predefined grammar logic, requiring experts with deep domain knowledge for rule generation...
Robustness of LLM-Enabled Vehicle Trajectory Prediction under Data Security Threats
The integration of large language models LLMs into automated driving systems has opened new possibilities for reasoning and decision-making by transforming complex driving contexts into language-understandable representations. Recent studies demonstrate that fine-tuned LLMs can accurately predict...
LLM Response Evaluation with Spring AI: Building LLM-as-a-Judge Using Recursive Advisors
The challenge of evaluating Large Language Model LLM outputs is critical for notoriously non-deterministic AI applications, especially as they move into production. Traditional metrics like ROUGE and BLEU fall short when assessing the nuanced, contextual responses that modern LLMs produce. Human...
RAG-Targeted Adversarial Attack on LLM-Based Threat Detection and Mitigation Framework
The rapid expansion of the Internet of Things IoT is reshaping communication and operational practices across industries, but it also broadens the attack surface and increases susceptibility to security breaches. Artificial Intelligence has become a valuable solution in securing IoT networks, wit...
Injecting Falsehoods: Adversarial Man-In-The-Middle Attacks Undermining Factual Recall in LLMs
LLMs are now an integral part of information retrieval. As such, their role as question answering chatbots raises significant concerns due to their shown vulnerability to adversarial man-in-the-middle MitM attacks. Here, we propose the first principled attack evaluation on LLM factual memory unde...
When AI Meets the Web: Prompt Injection Risks in Third-Party AI Chatbot Plugins
Prompt injection attacks pose a critical threat to large language models LLMs, with prior work focusing on cutting-edge LLM applications like personal copilots. In contrast, simpler LLM applications, such as customer service chatbots, are widespread on the web, yet their security posture and...
Malicious code in wei516-tpa (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2ee2f69d608c9430677e3723e003b788f464ae688126d65199fc2936f1adfb0e Package seems to provide an MCP server, but in fact contains attempts to make an LLM agent break safeguards. As the request is about leaves just a flag, it see...
MAL-2025-191789 Malicious code in mcp-weather-full (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c12eff5425b0aa04547b3bbff3444c1d96ca3cf765fdc105d7b7ff9252c9afda Package seems to provide an MCP server, but in fact contains attempts to make an LLM agent break safeguards. As the request is about leaves just a flag, it see...
From Model to Breach: Towards Actionable LLM-Generated Vulnerabilities Reporting
As the role of Large Language Models LLM-based coding assistants in software development becomes more critical, so does the role of the bugs they generate in the overall cybersecurity landscape. While a number of LLM code security benchmarks have been proposed alongside approaches to improve the...
Malicious code in wayspiritmcp-tpa (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 523cbbda7a0fda2addfcd432b1bfcc1df072ee67a593ffce535b7da7005caae8 Package seems to provide an MCP server, but in fact contains attempts to make an LLM agent break safeguards. As the request is about leaves just a flag, it see...
MAL-2025-191924 Malicious code in wayspiritmcp-enconly (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b075eb7116e55dd48db0e026ce51a42ec4e7e1e100b4b68c8a42d4b35411f749 Package seems to provide an MCP server, but in fact contains attempts to make an LLM agent break safeguards. As the request is about leaves just a flag, it see...
Malicious code in wayspiritmcp-weather (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c3dbe830c7b2364daef2e4634c16062b86b0b26b88f95533e9413aa91bc646fd Package seems to provide an MCP server, but in fact contains attempts to make an LLM agent break safeguards. As the request is about leaves just a flag, it see...
Hybrid Fuzzing with LLM-Guided Input Mutation and Semantic Feedback
Software fuzzing has become a cornerstone in automated vulnerability discovery, yet existing mutation strategies often lack semantic awareness, leading to redundant test cases and slow exploration of deep program states. In this work, I present a hybrid fuzzing framework that integrates static an...
CVE-2025-64318
Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1...
CVE-2025-64320
Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0...
CVE-2025-10875
Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6...
CVE-2025-64320
Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0...
CVE-2025-64318
Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1...
CVE-2025-10875
Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6...
Jailbreaking in the Haystack
Recent advances in long-context language models LMs have enabled million-token inputs, expanding their capabilities across complex tasks like computer-use agents. Yet, the safety implications of these extended contexts remain unclear. To bridge this gap, we introduce NINJA short for...