Last week proved that AI systems now officially contribute to critical infrastructure vulnerabilities. The unprecedented LiteLLM supply chain compromise exposes how adversaries are targeting the underlying routing layers of AI deployments. Coupled with the emergence of context window poisoning in massive 128K+ token contexts and the active operationalization of AI by state-sponsored threat actors, defending these systems now requires defense in depth approaches and extreme vigilance. “LLM firewalls” are not enough.
Total resources: 19
Category breakdown:
| Category | Count |
|---|---|
| Technique | 3 |
| Exploitation | 2 |
| GenAI research | 2 |
| GenAI defense | 2 |
| AI Red Teaming | 2 |
| GenAI threat model | 2 |
| Report | 2 |
| Incident | 1 |
| GenAI vulnerability | 1 |
| GenAI 101 | 1 |
| Video | 1 |
This paper introduces a novel multi-turn LLM jailbreaking technique called “Defamiliarization” based on literary theory. By altering the conceptual framing, this opens a new class of attacks capable of bypassing standard safety training parameters.
Demonstrating the fragility of retrieval-augmented generation pipelines, attackers achieved a 95% success rate through RAG poisoning with vocabulary-engineered documents. However, the study shows that implementing robust embedding anomaly detection successfully reduced the attack effectiveness to 20%.
Analyzing three Hack The Box (HTB) lab scenarios, this post explores critical guardrail bypass and data exfiltration risks. It practically demonstrates how attackers can achieve complete database manipulation via LLM-generated SQL injection vulnerabilities.
Researchers discovered a hidden DNS tunneling channel residing directly within ChatGPT’s code execution sandbox. This critical vulnerability allowed domain name resolution to be weaponized as a covert transport for silently exfiltrating sensitive user data to external servers.
This case study breaks down a sophisticated, multi-step exploit targeting a live e-commerce chatbot platform. The attacker successfully chained context-window flooding and developer impersonation with indirect prompt injection via RAG to bypass restricted coupon logic.
Researchers formally prove that current alignment methods in artificial intelligence only create highly localized, superficial safety regions rather than generalized defense. The empirical study demonstrated a staggering 100% attack success rate across 22 of the 26 evaluated LLMs.
This academic paper proposes devastating compound attacks that combine direct prompt injection with targeted database poisoning methods. Against standard RAG systems, the PIDP-Attack achieved an alarming 98.125% attack success rate across three recognized benchmarks and eight different models.
The newly proposed TBOP method projects model representations onto the null space of a specified nuisance subspace to reduce jailbreak viability. It dramatically cuts the attack success rate down to 2.56% while actively improving overall model utility and operating 60x faster than the next-best defense mechanism.
A detailed engineering walkthrough on training a robust “LLM firewall” by fine-tuning the Ministral-3B architecture to act as an asynchronous safety judge. The authors successfully baked the defense into the model weights using a dedicated SFT and GRPO pipeline spanning over 8,300 adversarial prompts.
This post details an autonomous AI agent that achieved top-three ranking in the global Gandalf CTF by mathematically predicting vulnerabilities before executing any attack. It reveals the core methodology, competitive results, and the critical questions organizations must ask about defenses in current production systems.
Addressing severe safety risks in modern healthcare environments, this study develops a comprehensive taxonomy featuring eight adversarial attack categories and 24 sub-strategies. An authority impersonation strategy notably achieved an 83.3% success rate against medical AI deployments.
By rigorously evaluating 384 separate references, researchers have generated a structured taxonomy of known vulnerabilities in real-world deployments. The identified threats are carefully classified by the CIA triad and effectively mapped to severity levels using the proven STRIDE methodology.
This technical paper represents the very first end-to-end academic survey mapping the entirety of the retrieval-augmented generation security pipeline. It equips engineers with a dual-perspective taxonomy of defenses and highlights the latest standardized benchmarking protocols.
Stanford Law examines the currently missing legal and accountability frameworks for foundational models trained exclusively via self-supervised learning methods. The resulting proposal outlines a rigorous liability taxonomy distinguishing structural defects within architectures from purely instructional flaws.
Microsoft Threat Intelligence released crucial documentation outlining how state-sponsored threat actors are actively and efficiently weaponizing artificial intelligence tools today. The report systematically tracks the operationalization of AI across the entire cyberattack lifecycle.
While this digest primarily focuses on LLM-specific flaws, the sheer scale of the LiteLLM compromise by the malicious group TeamPCP fundamentally mandates its inclusion. This deep technical analysis covers the widespread supply chain compromise spanning critical distribution nodes like PyPI, npm, and Docker Hub.
Context window poisoning is rapidly emerging as one of the most critically under-defended operational vulnerabilities in live production environments. Attackers can now reliably embed malicious instructions deep within massive 128K+ token document contexts to hijack generation.
A highly practical development guide exploring the underlying mechanics of prompt injection alongside its growing list of real-world CVEs. Developers can immediately utilize the provided six-layer defense architecture accompanied by production-ready TypeScript code examples.
An autonomous adversarial AI agent known as Claudini practically demonstrates how automated systems can programmatically craft their own complex security bypasses. The agent successfully designs jailbreaks achieving a 100% success rate in testing scenarios where human-crafted methods peaked at only 56%.
The LiteLLM incident and multi-step RAG exploitations prove that modern adversaries are sometimes bypassing the LLM level entirely to target the surrounding architecture and data gateways. Stop relying solely on semantic filters or weak alignment guardrails. Instead, enforce robust anomaly detection, strict input sanitization, rigorous least-privilege principles across all your agentic workflows, and validate these defenses hold using
Our April 2026 MCP resources digest highlights the latest vulnerability research and practical defenses. Discover how to audit MCP servers and lock down your AI infrastructure today.
