Article Brief
Why this article matters
David Noever's 2023 research tested GPT-4 against Snyk and Fortify on 128 vulnerable code snippets across 8 languages and 33 vulnerability categories. The results were striking: GPT-4 found roughly 4x more vulnerabilities (393 vs. 98) and its fixes reduced them by 90% with only an 11% code increase. This post walks through the methodology, presents the raw comparison tables, and discusses what LLM-powered self-auditing means for the future of secure development pipelines.
Continue Reading
Next steps in the archive
Newer article
Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection
This research introduces Indirect Prompt Injection (IPI), a method to remotely manipulate Large Language Models (LLMs) via malicious prompts in data sources, risking data theft, misinformation, and much more, highlighting the need for stronger defenses.
Older article
Tips and Tricks to tackle your Bug Bounty Hunter exam (cBBH) by Hack The Box
My journey, tips and important things you need to know before starting your 'Certified Bug Bounty Hunter' exam attempt
Keep Exploring
Related reading
Continue through adjacent topics with the strongest tag overlap.
Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection
This research introduces Indirect Prompt Injection (IPI), a method to remotely manipulate Large Language Models (LLMs) via malicious prompts in data sources, risking data theft, misinformation, and much more, highlighting the need for stronger defenses.
MCP Security for Enterprise Organizations: Real-world experiences and advanced defense
A personal reflection and technical analysis on the MCP protocol, from the challenge of presenting to the community to the real-world methods and risks in AI Security, MCP Server, and recommended defenses for organizations. Includes resources, papers, and key sites for modern research in AI agent security.
A2AS: A New Standard for Security in Agentic AI Systems
Reflection, explanation, and analysis of the A2AS paper, the BASIC model, and the A2AS framework, from the perspective of real-world challenges in controls and attack mitigation in AI Security and GenAI Applications.