AI Security Blog

You'll find useful content about AI security, the cybersecurity landscape, news, events and much more updated regularly here.

Ghosts in the Machine: ASCII Smuggling across Various LLMs

Ghosts in the Machine: ASCII Smuggling across Various LLMs

Researcher Viktor Markopoulos discovers ASCII Smuggling bypasses human audit via Unicode, enabling enterprise identity spoofing and data poisoning on Gemini & Grok.

Latest articles

All
OWASP LLM TOP 10
All
AI Security
All
Product
All
A View from the C-Suite
All
Fintech
All
cloud security
All
AI
All
Awards
All
API economy
All
podcast
All
WAF
All
Events
All
Cybersecurity
All
Cyber landscape
All
Company
All
API security
Moovit API Vulnerability - letting attackers move free of charge
September 1, 2023

Moovit API Vulnerability - letting attackers move free of charge

During Defcon, a security researcher presented his findings from assessing a global transportation system, leveraging APIs.

Read more
API Days Connect Hong Kong
August 30, 2023

API Days Connect Hong Kong

We were delighted to have the opportunity to present at Apidays Hong Kong this year. The hybrid event was a wonderful way to connect with some of the brightest minds in API security from all across the region and our CEO, Jeremy Snyder, took to the stage to deliver a talk entitled ‘API Security: Analysis of Breaches, Attack Vectors and Strategies.’ Watch the full presentation now…

Read more
moveIT - a series of breaches, all enabled by APIs
August 25, 2023

moveIT - a series of breaches, all enabled by APIs

A file transfer software called moveIT experienced a vulnerability starting in mid-2023 that created a mass breach across many organizations and geographies. The breach is started by injection against an API administrative endpoint, and data is exfiltrated via administrative API calls.

Read more
IDOR Attacks and the Growing Threat to Your API Security
August 22, 2023

IDOR Attacks and the Growing Threat to Your API Security

A recent advisory has highlighted the increasing threat posed by IDOR vulnerabilities. In this article, we explain Insecure Direct Object Reference (IDOR) attacks, explore their rise, and examine how these vulnerabilities impact API security.

Read more
API Security: Bridging the Gap Between Application and Security Teams
August 15, 2023

API Security: Bridging the Gap Between Application and Security Teams

There’s a big API security problem most organizations need to address. It’s the gap that emerges between application and security teams. Here we look at what it takes to keep application and security teams on the same page when it comes to APIs.

Read more
Disclosure: Fast Food Delivery Service
August 7, 2023

Disclosure: Fast Food Delivery Service

An unauthenticated API belonging to a fast food company exposed receipts from all of its stores in India.

Read more

Subscribe to receive articles directly in your inbox

If you prefer to be notified of new posts via email, simply subscribe to our blog below.