Fred Rohrer's Blog

Multi-Path Ensemble Detection of Prompt Injection Attacks via Embedding Similarity, Trajectory Analysis, and Fine-Tuned Classification

Abstract. Prompt injection attacks pose a critical threat to large language model (LLM) deployments, enabling adversaries to override system instructions, exfiltrate data, and bypass safety controls. We present a multi-path ensemble system that combines three complementary detection strategies: (1) centroid-based embedding similarity against curated attack pattern clusters, (2) trajectory analysis

CISSP

Operationalizing AI Defense in the Age of Agents

Remember the panic back in 2023? We were all terrified of "Shadow AI", employees pasting proprietary code into ChatGPT or leaking sensitive memos into the public cloud. We spent the next year building private instances and locking down endpoints. But looking around today, the game has completely changed.

AI Security

Protecting Against Data Leaks in LLM-Powered Chatbots and Conversational AI

As Large Language Models (LLMs) become deeply integrated into customer-facing chatbots and internal conversational AI systems, a critical security challenge has emerged: data leakage. Organizations are discovering that these powerful AI assistants can inadvertently expose sensitive information, proprietary data, and confidential business logic. In this post, we'll explore

cybersecurity

OpenClaw: When AI Agents Go Wild

A Cybersecurity Nightmare The viral AI assistant everyone's installing is a masterclass in what happens when convenience trumps security TL;DR OpenClaw (formerly Moltbot/Clawdbot) is an open-source AI agent that manages your email, calendar, WhatsApp, and more through chat interfaces. It's gone massively viral with

AI Security

The Basics of AI Agent Security

The Basics of AI Agent Security Prompt injection is a fundamental, unsolved weakness in all LLMs. With prompt injection, certain types of untrustworthy strings or pieces of data can cause unintended consequences when passed into an AI agent's context window, like ignoring instructions and safety guidelines or executing

security

The Security Leader's Guide to Evaluating New Tools and Processes

AI leaders are often in the position to have to evaluate new security tools without necesarily being embedded in the day to day use of that very tool. How do leaders not fall into analysis paralysis, or fall into shiny object syndrome? Over my years in consulting I've

AI

Detecting LLM writing in Text

LLMs are harder and harder to detect in text, and detection vary between models. In this article I will explore a couple of easy and hard methods to find LLM generated text. This is not foolproof so please don't rely on it. Linguistic and Stylistic Recognition First, detecting

AI Security Featured

MCP Security Vulnerabilities: A Quick Weekend List

The Model Context Protocol (MCP) is revolutionizing how AI agents interact with external tools, but this power comes with serious security implications that most organizations are overlooking. Here are 15 critical security issues with MCP - short and sweet so you can read it quickly.

Docker And Why It Adds False Security: A Deep Dive into Docker Risks and Fixes

Docker has revolutionized the way we build, ship, and run applications by leveraging containerization. However, beneath its convenience lies a critical concern: if not secured properly, breaking out of a Docker container to gain access to the host system is alarmingly easy. This article explores why Docker containers can be

OWASP

Understanding the OWASP Top 10 for LLMs: Risks and Controls

Understanding the OWASP Top 10 for LLMs: Risks and Controls 1. Prompt Injection Prompt injection occurs when malicious inputs manipulate a Large Language Model (LLM) into executing unintended actions or revealing sensitive data. Attackers craft inputs that override the model’s instructions, potentially leading to data leaks or unauthorized actions.

AI

The AI Revolution: Why Discernment is the Skill of Tomorrow

The AI Revolution: Why Discernment is the Skill of Tomorrow Introduction In a world where artificial intelligence (AI) can write essays, design logos, compose music, and even debug code, the traditional markers of expertise are being redefined. Much like the rise of digital tools transformed industries in the past, AI

Harnessing AI for Shadow IT Discovery: A Technical Dive

Harnessing AI for Shadow IT Discovery: A Technical Dive Shadow IT—those unauthorized applications and services employees use outside the purview of IT departments—poses a significant challenge for organizations. It can lead to security vulnerabilities, compliance issues, and operational inefficiencies. Discovering and managing these hidden tools is no small

AI

Vibe Coding: A Security Minefield for Software Developers

Let’s dive straight into the gritty reality of “vibe coding”—the practice of letting AI write code for you. It’s tempting, right? Tools like GitHub Copilot or ChatGPT spit out code in seconds, saving you hours of typing. But here’s the catch: this convenience can be a

Model Context Protocol: Building Secure Data Connections for AI Applications

What is the Model Context Protocol (MCP)? The Model Context Protocol (MCP) is an open standard designed to create secure, bidirectional connections between data sources and AI applications. Instead of building custom integrations for each data source, MCP provides a standardized way for AI systems (clients) to access and interact

LLM Inference Sampling Methods

Sampling methods in large language models are essential for fine-tuning the balance between accuracy and diversity in generated responses. Here’s a deeper dive into various sampling techniques—temperature sampling, top-K, top-P (nucleus sampling), min-P, and beam search—along with guidance on when to apply each. 1. Temperature Sampling Temperature

Detecting AI-Generated Images Using Entropy Analysis

Professional researchers (and myself) have been exploring ways to distinguish AI-generated images from real ones every since they took over certain social media. In this blog post I present a way to detect AI-generated pixel images, by analyzing the randomness of each RGB channel using local entropy calculations. The Process

Mastering Risk Assessments: Leveraging CIA, STRIDE, and MITRE ATT&CK

In my years working in cybersecurity, I've learned that thorough risk assessments are key to protecting a company's assets. Over time, I've put together a process that combines the CIA triad, STRIDE methodology, and the MITRE ATT&CK framework to cover all our

Context-Dependent Sentence Detection in LLM Caching Pipelines

Building an effective caching pipeline is extremely important to keep costs down and improve the user experience by lowering latency. However, we'll run into one pesky issue immediately: How do we determine which user prompts to cache, and which to ignore? For example: Say you have a user

Just-in-Time Coding: The Future of AI-Driven Software Development

As an AI enthusiast and software developer, I've been closely following the rapid advancements in artificial intelligence and its potential impact on the world of computing. One concept that particularly excites me is what I call "just-in-time coding" – a future where code is generated on-demand, based

Building a Binary Classifier in Keras for Splunk Logs

As a data scientist, I recently worked on a project where I needed to build a binary classifier to analyze Splunk logs. I decided to use Keras, a powerful and user-friendly deep learning library, to tackle this task. Here's how I went about creating a simple binary classifier

Top 10 OWASP Vulnerabilities and Python Scripts to Test Them

1. Injection: Injection vulnerabilities occur when untrusted data is sent to an interpreter as part of a command or query. To test for injection vulnerabilities using Python, you can use the requests library to send payloads and analyze the responses. Here's an example script to test for SQL

The Crucial Role of Identity Management in Ensuring Business Continuity

As a seasoned IT professional, I cannot stress enough the importance of a robust identity management program in maintaining business continuity. In today's digital landscape, where cyber threats loom large and data breaches can cripple organizations, implementing a comprehensive identity management solution is no longer a luxury but

Leveraging the MITRE ATT&CK Framework for Effective Detection and Response

The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework has become an essential tool for organizations looking to strengthen their cybersecurity posture. This comprehensive matrix provides a structured approach to understanding and defending against the various tactics, techniques, and procedures (TTPs) employed by adversaries. By mapping out

OWASP Risk Rating Methodology: A Guide to Web Security Assessment

Introduction Web security is a critical concern for organizations of all sizes. The Open Web Application Security Project (OWASP) provides a comprehensive framework for assessing and mitigating web application security risks. The OWASP Risk Rating Methodology is a key component of this framework, enabling security professionals to prioritize and address

Selecting and Creating Detection Rules with Syslog and Splunk

In today's cybersecurity landscape, effective detection rules are crucial for identifying and mitigating potential threats. Syslog, a standard protocol for logging system events, can be leveraged to create powerful detection rules. By ingesting these rules into Splunk, a leading security information and event management (SIEM) platform, organizations can