Threat actors embed prompt injection payloads in third-party LLM plugins and data sources to hijack AI agent actions, exfiltrate data, and pivot within enterprise environments.
Threat actors embed prompt injection payloads in third-party LLM plugins and data sources to hijack AI agent actions, exfiltrate data, and pivot within enterprise environments.
A newly attributed state-sponsored threat actor is targeting AI development infrastructure to poison training datasets and embed persistent backdoors in deployed models.
How to implement an AI Software Bill of Materials capturing base models, adapters, training datasets, and dependencies — and use it for supply chain risk and compliance.
LLMs with large context windows can be reliably jailbroken by embedding hundreds of fictitious dialogues before the target request. The attack scales with context length.
CVE-2026-31204: an SSRF vulnerability in Ollama allows local-network attackers to read arbitrary files and reach internal services via the model pull endpoint. All versions affected.