Ayush RoyChowdhury

Ayush RoyChowdhury

Security Researcher @ Zenity

Threat Actors Are Trying to use LiteLLM's Guardrail Tester to Run Code as Root

Threat Actors Are Trying to use LiteLLM's Guardrail Tester to Run Code as Root

A closer look at custom-code guardrail sandbox-escape (CVE–2026-40217) activity in the wild

Avishai Efrat
Ayush RoyChowdhury
Avishai Efrat, +1
Threat Actors Are Trying to Turn LiteLLM's Connection-Test Into a Key-Exfiltration Channel

Threat Actors Are Trying to Turn LiteLLM's Connection-Test Into a Key-Exfiltration Channel

A closer look at api_base SSRF (CVE-2024-6587) activity in the wild, and its nested variant

Avishai Efrat
Ayush RoyChowdhury
Avishai Efrat, +1
Scanning for AI: Live Campaigns Mapping the Internet's Exposed LLM Backends

Scanning for AI: Live Campaigns Mapping the Internet's Exposed LLM Backends

Inside mass discovery and model-probing reconnaissance campaigns that are mapping LLM backend servers in the wild

Ayush RoyChowdhury
Avishai Efrat
Ayush RoyChowdhury, +1
Bring Your Own Agent: Hijacking Exposed AI Backends to Power Offensive Operations

Bring Your Own Agent: Hijacking Exposed AI Backends to Power Offensive Operations

Threat actors attempting to hijack Ollama & LiteLLM endpoints to run pentesting agents, tools and web reverse-engineering

Ayush RoyChowdhury
Avishai Efrat
Ayush RoyChowdhury, +1
What You Don’t Know Can Hurt You: Why AI Security Research Needs to Move Out of the Lab and Into the Wild

What You Don’t Know Can Hurt You: Why AI Security Research Needs to Move Out of the Lab and Into the Wild

What we can learn from observing real attacks, made by real Adversaries

Ayush RoyChowdhury
Avishai Efrat
Ayush RoyChowdhury, +1