Applied GAI in Security

Sign in Subscribe

Brandon Dixon

Brandon Dixon

Brandon is a cybersecurity expert currently leading Security Copilot at Microsoft. He is known for creating PassiveTotal, Blockade.io, NinjaJobs, PDF X-Ray, and other opensource tools

Last Week in GAI Security Research - 02/17/25

Last Week in GAI Security Research - 02/17/25

Highlights from Last Week * 💦 RTBAS: Defending LLM Agents Against Prompt Injection and Privacy Leakage * 💰 Auditing Prompt Caching in Language Model APIs * 🤖 Commercial LLM Agents Are Already Vulnerable to Simple Yet Dangerous Attacks * 🔊 Improving Acoustic Side-Channel Attacks on Keyboards Using Transformers and Large Language Models * 🧠 On the Emergence of Thinking in

Last Week in GAI Security Research - 02/10/25

Last Week in GAI Security Research - 02/10/25

Highlights from Last Week * ☣️ Exploring the Security Threats of Knowledge Base Poisoning in Retrieval-Augmented Code Generation * 🥡 LLMSecConfig: An LLM-Based Approach for Fixing Software Container Misconfigurations * 🤓 Can LLMs Hack Enterprise Networks? Autonomous Assumed Breach Penetration-Testing Active Directory Networks * 📐 Rule-ATT&CK Mapper (RAM): Mapping SIEM Rules to TTPs Using LLMs * 🦥 OverThink:

Last Week in GAI Security Research - 02/03/25

Last Week in GAI Security Research - 02/03/25

Highlights from Last Week * 🎩 Illusions of Relevance: Using Content Injection Attacks to Deceive Retrievers, Rerankers, and LLM Judges * 🌐 On the Feasibility of Using LLMs to Execute Multistage Network Attacks * 🦄 Comparing Human and LLM Generated Code: The Jury is Still Out! * 🏛 Constitutional Classifiers: Defending against Universal Jailbreaks across Thousands of Hours

Beans to Bots: Hacking My Coffee Machine with AI

Beans to Bots: Hacking My Coffee Machine with AI

This post is not sponsored in any form. Speciality coffee has been in my life for over a decade. What used to be near-impossible to find is now commonplace, even in chains like Starbucks. Over the years, I've roasted coffee, formed a business around it and quested for

Last Week in GAI Security Research - 01/27/25

Last Week in GAI Security Research - 01/27/25

Highlights from Last Week * 🧑‍🔧️ An Empirically-grounded tool for Automatic Prompt Linting and Repair: A Case Study on Bias, Vulnerability, and Optimization in Developer Prompts * 🎶 Tune In, Act Up: Exploring the Impact of Audio Modality-Specific Edits on Large Audio Language Models in Jailbreak * 🦺 Can Safety Fine-Tuning Be More Principled? Lessons Learned

Last Week in GAI Security Research - 01/20/25

Last Week in GAI Security Research - 01/20/25

Highlights from Last Week * 😡 AfriHate: A Multilingual Collection of Hate Speech and Abusive Language Datasets for African Languages * 🧙 Gandalf the Red: Adaptive Security for LLMs * 🧭 I Can Find You in Seconds! Leveraging Large Language Models for Code Authorship Attribution * 🗳 Exploring and Mitigating Adversarial Manipulation of Voting-Based Leaderboards Partner Content Pillar

Running in Circles: Security Insights from a Treadmill

Running in Circles: Security Insights from a Treadmill

I run ultramarathons, so I run often and sometimes end up indoors when conditions aren’t ideal or I need to juggle family needs. When running inside, I use a Nordictrack X22i, which is a wonderful piece of equipment but is limited to the built-in iFit application and nothing more;