Threat Actors Are Trying to use LiteLLM's Guardrail Tester to Run Code as Root

Threat Actors Are Trying to use LiteLLM's Guardrail Tester to Run Code as Root

A closer look at custom-code guardrail sandbox-escape (CVE–2026-40217) activity in the wild

Avishai Efrat
Ayush RoyChowdhury
Avishai Efrat, +1
Threat Actors Are Trying to Turn LiteLLM's Connection-Test Into a Key-Exfiltration Channel

Threat Actors Are Trying to Turn LiteLLM's Connection-Test Into a Key-Exfiltration Channel

A closer look at api_base SSRF (CVE-2024-6587) activity in the wild, and its nested variant

Avishai Efrat
Ayush RoyChowdhury
Avishai Efrat, +1
Scanning for AI: Live Campaigns Mapping the Internet's Exposed LLM Backends

Scanning for AI: Live Campaigns Mapping the Internet's Exposed LLM Backends

Inside mass discovery and model-probing reconnaissance campaigns that are mapping LLM backend servers in the wild

Ayush RoyChowdhury
Avishai Efrat
Ayush RoyChowdhury, +1
Bring Your Own Agent: Hijacking Exposed AI Backends to Power Offensive Operations

Bring Your Own Agent: Hijacking Exposed AI Backends to Power Offensive Operations

Threat actors attempting to hijack Ollama & LiteLLM endpoints to run pentesting agents, tools and web reverse-engineering

Ayush RoyChowdhury
Avishai Efrat
Ayush RoyChowdhury, +1
What You Don’t Know Can Hurt You: Why AI Security Research Needs to Move Out of the Lab and Into the Wild

What You Don’t Know Can Hurt You: Why AI Security Research Needs to Move Out of the Lab and Into the Wild

What we can learn from observing real attacks, made by real Adversaries

Ayush RoyChowdhury
Avishai Efrat
Ayush RoyChowdhury, +1
Your Model Reads Through Typos. Your Probe Doesn't.

Your Model Reads Through Typos. Your Probe Doesn't.

The Latent Undertow beneath fluent LLM behavior — and how to fish your activation probe out of it.

Elad David
Elad David
Catching Prompt Guard Off Guard: Exploiting Overfit in Training Algorithms

Catching Prompt Guard Off Guard: Exploiting Overfit in Training Algorithms

How understanding the training algorithms used in machine learning models may allow attacker to bypass them entirely

Tomer Wetzler
Tomer Wetzler
Security researchSecurity research
PerplexedBrowser: How Attackers Can Hijack Comet to Takeover your 1Password Vault

PerplexedBrowser: How Attackers Can Hijack Comet to Takeover your 1Password Vault

One Calendar Invite. Your Entire Vault. Zero Clicks.

Stav Cohen
Stav Cohen
Security researchSecurity research
PerplexedBrowser: Perplexity’s Agent Browser Can Leak Your PC's Local Files

PerplexedBrowser: Perplexity’s Agent Browser Can Leak Your PC's Local Files

Local Files Are No Longer Safe.

Stav Cohen
Stav Cohen
Security researchSecurity research
Turning Moltbook Into a Global Botnet Map

Turning Moltbook Into a Global Botnet Map

How Untrusted Content Triggered 1,000+ Agent Endpoints Worldwide and Exposed Moltbook’s Faulty Design

Stav Cohen
João Donato
Stav Cohen, +1
Looking Inside: a Maliciousness Classifier Based on the LLM's Internals

Looking Inside: a Maliciousness Classifier Based on the LLM's Internals

Beyond input & output filtering and how well does it generalize to your out-of-distribution production data?

Max Fomin
Max Fomin
Security researchSecurity research
Perplexity Comet: A Reversing Story

Perplexity Comet: A Reversing Story

A deeper look into an agentic browser's inner workings

Raul Klugman-Onitza
Raul Klugman-Onitza
FirstBack
1234567
Next Last