INFOSEC
Preventing Overreliance: Proper Ways to Use LLMs
LLMs have a very uncanny ability of being able to solve problems in a wide variety of domains. Unfortunately, they also have a tendency to fail catastrophically. While an LLM may be able to provide accurate responses 90% of the time, due to nondeterministic behavior, one must be prepared for cases when it gives blatantly wrong or malicious responses. Depending on the use case, this could result in hilarity or, in very bad cases, security compromises. In this blog post, weāll talk about #9 on th
CSP AUTHOR ā
AUGUST 8, 2024
Ignore Previous Instruction: The Persistent Challenge of Prompt Injection in Language Models
Prompt injections are an interesting class of emergent vulnerability in LLM systems. It arises because LLMs are unable to differentiate between system prompts, which are created by engineers to configure the LLMās behavior, and user prompts, which are created by the user to query the LLM. Unfortunately, at the time of this writing, there are no total mitigations (though some guardrails) for Prompt Injection, and this issue must be architected around rather than fixed. In this blog post, we will
CSP AUTHOR ā
APRIL 24, 2024
LASCON Recap - Infrastructure as Code
Recently, we had the privilege of participating in and sponsoringĀ the Lonestar Application Security Conference (LASCON). Our CEO,Ā Michael McCabe, and Ken Toler delivered a training session and a talk on exploiting Terraform for remote code execution; both received a fantastic turnout. In between operating our booth, we had the opportunity to attend some insightful talks. During the event, one presentation that stood out was delivered by Bug Bounty and focused on how to manage a bug bounty progr
CSP AUTHOR ā
NOVEMBER 6, 2023
The Security Absolutist
All security practitioners know the Security Absolutist. Itās the practitioner who has a plan before the context, is unapologetic in their approach to security, and is unwaveringly confident in their solution. Seemingly always frustrated with the current state of security in business and consistently angry at why āpeople canāt justā¦ā the Security Absolutist is a pained and frustrated individual, but we can help. Security Absolutism is a dangerous game, constantly creating conflict and boundarie
MIKE MCCABE ā
OCTOBER 2, 2023