Zenity Labs logo
Zenity Labs
AI Agent Security Summit (On Demand)Join Us
Subscribe
  • Zenity Labs
  • Archive
  • Page -102
Threat Actors Are Using Ollama's Model Downloader as a Server-Side Weapon
4 hours ago

Threat Actors Are Using Ollama's Model Downloader as a Server-Side Weapon

A closer look at Ollama model-pull SSRF targeted activity in the wild

Avishai Efrat
Ayush RoyChowdhury
Avishai Efrat, +1
Threat Actors Are Trying to use LiteLLM's Guardrail Tester to Run Code as Root
Jun 30, 2026

Threat Actors Are Trying to use LiteLLM's Guardrail Tester to Run Code as Root

A closer look at custom-code guardrail sandbox-escape (CVE–2026-40217) activity in the wild

Avishai Efrat
Ayush RoyChowdhury
Avishai Efrat, +1
Threat Actors Are Trying to Turn LiteLLM's Connection-Test Into a Key-Exfiltration Channel
Jun 30, 2026

Threat Actors Are Trying to Turn LiteLLM's Connection-Test Into a Key-Exfiltration Channel

A closer look at api_base SSRF (CVE-2024-6587) activity in the wild, and its nested variant

Avishai Efrat
Ayush RoyChowdhury
Avishai Efrat, +1
Scanning for AI: Live Campaigns Mapping the Internet's Exposed LLM Backends
Jun 30, 2026

Scanning for AI: Live Campaigns Mapping the Internet's Exposed LLM Backends

Inside mass discovery and model-probing reconnaissance campaigns that are mapping LLM backend servers in the wild

Ayush RoyChowdhury
Avishai Efrat
Ayush RoyChowdhury, +1
Bring Your Own Agent: Hijacking Exposed AI Backends to Power Offensive Operations
Jun 30, 2026

Bring Your Own Agent: Hijacking Exposed AI Backends to Power Offensive Operations

Threat actors attempting to hijack Ollama & LiteLLM endpoints to run pentesting agents, tools and web reverse-engineering

Ayush RoyChowdhury
Avishai Efrat
Ayush RoyChowdhury, +1
What You Don’t Know Can Hurt You: Why AI Security Research Needs to Move Out of the Lab and Into the Wild
Jun 30, 2026

What You Don’t Know Can Hurt You: Why AI Security Research Needs to Move Out of the Lab and Into the Wild

What we can learn from observing real attacks, made by real Adversaries

Ayush RoyChowdhury
Avishai Efrat
Ayush RoyChowdhury, +1
Your Model Reads Through Typos. Your Probe Doesn't.
Jun 04, 2026

Your Model Reads Through Typos. Your Probe Doesn't.

The Latent Undertow beneath fluent LLM behavior — and how to fish your activation probe out of it.

Elad David
Elad David
Catching Prompt Guard Off Guard: Exploiting Overfit in Training Algorithms
Mar 12, 2026

Catching Prompt Guard Off Guard: Exploiting Overfit in Training Algorithms

How understanding the training algorithms used in machine learning models may allow attacker to bypass them entirely

Tomer Wetzler
Tomer Wetzler
Security researchSecurity research
PerplexedBrowser: How Attackers Can Hijack Comet to Takeover your 1Password Vault
Mar 03, 2026

PerplexedBrowser: How Attackers Can Hijack Comet to Takeover your 1Password Vault

One Calendar Invite. Your Entire Vault. Zero Clicks.

Stav Cohen
Stav Cohen
Security researchSecurity research
PerplexedBrowser: Perplexity’s Agent Browser Can Leak Your PC's Local Files
Mar 03, 2026

PerplexedBrowser: Perplexity’s Agent Browser Can Leak Your PC's Local Files

Local Files Are No Longer Safe.

Stav Cohen
Stav Cohen
Security researchSecurity research
Turning Moltbook Into a Global Botnet Map
Feb 18, 2026

Turning Moltbook Into a Global Botnet Map

How Untrusted Content Triggered 1,000+ Agent Endpoints Worldwide and Exposed Moltbook’s Faulty Design

Stav Cohen
João Donato
Stav Cohen, +1
Looking Inside: a Maliciousness Classifier Based on the LLM's Internals
Feb 18, 2026

Looking Inside: a Maliciousness Classifier Based on the LLM's Internals

Beyond input & output filtering and how well does it generalize to your out-of-distribution production data?

Max Fomin
Max Fomin
FirstBack
1234567
Next Last
Latest research, tools and talks about breaking and building AI systems, agents and assistants

Zenity Labs

Latest research, tools and talks about breaking and building AI systems, agents and assistants

Home

Posts

Authors

© 2026 Zenity Labs.

Privacy policy

Terms of use

Powered by beehiiv