AI Security - Fred Rohrer's Blog

Multi-Path Ensemble Detection of Prompt Injection Attacks via Embedding Similarity, Trajectory Analysis, and Fine-Tuned Classification

Abstract. Prompt injection attacks pose a critical threat to large language model (LLM) deployments, enabling adversaries to override system instructions, exfiltrate data, and bypass safety controls. We present a multi-path ensemble system that combines three complementary detection strategies: (1) centroid-based embedding similarity against curated attack pattern clusters, (2) trajectory analysis

CISSP

Operationalizing AI Defense in the Age of Agents

Remember the panic back in 2023? We were all terrified of "Shadow AI", employees pasting proprietary code into ChatGPT or leaking sensitive memos into the public cloud. We spent the next year building private instances and locking down endpoints. But looking around today, the game has completely changed.

AI Security

Protecting Against Data Leaks in LLM-Powered Chatbots and Conversational AI

As Large Language Models (LLMs) become deeply integrated into customer-facing chatbots and internal conversational AI systems, a critical security challenge has emerged: data leakage. Organizations are discovering that these powerful AI assistants can inadvertently expose sensitive information, proprietary data, and confidential business logic. In this post, we'll explore the risks,

AI Security

The Basics of AI Agent Security

The Basics of AI Agent Security Prompt injection is a fundamental, unsolved weakness in all LLMs. With prompt injection, certain types of untrustworthy strings or pieces of data can cause unintended consequences when passed into an AI agent's context window, like ignoring instructions and safety guidelines or executing unauthorized tasks.

AI Security

MCP Security Vulnerabilities: A Quick Weekend List

The Model Context Protocol (MCP) is revolutionizing how AI agents interact with external tools, but this power comes with serious security implications that most organizations are overlooking. Here are 15 critical security issues with MCP - short and sweet so you can read it quickly.

OWASP

Understanding the OWASP Top 10 for LLMs: Risks and Controls

Understanding the OWASP Top 10 for LLMs: Risks and Controls 1. Prompt Injection Prompt injection occurs when malicious inputs manipulate a Large Language Model (LLM) into executing unintended actions or revealing sensitive data. Attackers craft inputs that override the model’s instructions, potentially leading to data leaks or unauthorized actions.