Applied GAI in Security

Sign in Subscribe

Brandon Dixon

Brandon Dixon

Brandon is a cybersecurity expert currently leading Security Copilot at Microsoft. He is known for creating PassiveTotal, Blockade.io, NinjaJobs, PDF X-Ray, and other opensource tools

Agentic Security Marketmap

Agentic Security Marketmap

Since April, I've been tracking the security startup space, specifically as it relates to agents and agentic workflows. Back then, there were a handful of security companies leaning into the concept of agents and demonstrating real progress. In just over 6 months, I've seen sizable increase

Last Week in GAI Security Research - 12/02/24

Last Week in GAI Security Research - 12/02/24

Highlights from Last Week * 📚 EnStack: An Ensemble Stacking Framework of Large Language Models for Enhanced Vulnerability Detection in Source Code * 👤 Sensitive Content Classification in Social Media: A Holistic Resource and Evaluation * ☣️ Knowledge Database or Poison Base? Detecting RAG Poisoning Attack through LLM Activations * 🏛 Fine-Tuning LLMs with Noisy Data for Political

Last Week in GAI Security Research - 11/25/24

Last Week in GAI Security Research - 11/25/24

Highlights from Last Week * 🦹‍♂ RAG-Thief: Scalable Extraction of Private Data from Retrieval-Augmented Generation Applications with Agent-based Attacks * 🐠 Adapting to Cyber Threats: A Phishing Evolution Network (PEN) Framework for Phishing Generation and Analyzing Evolution Patterns using Large Language Models * 🧵 A Flexible Large Language Models Guardrail Development Methodology Applied to Off-Topic Prompt

Last Week in GAI Security Research - 11/18/24

Last Week in GAI Security Research - 11/18/24

Highlights from Last Week * 👹 Unmasking the Shadows: Pinpoint the Implementations of Anti-Dynamic Analysis Techniques in Malware Using LLM * 🐑 LLM App Squatting and Cloning * ✅ Trustful LLMs: Customizing and Grounding Text Generation with Knowledge Bases and Dual Decoders * 💔 RedCode: Risky Code Execution and Generation Benchmark for Code Agents * 🎓 MultiKG: Multi-Source Threat Intelligence

Agents, clarified.

Agents, clarified.

In recent months, I've observed "agents" and "agentic" terms supplanting generic concepts like "language models" and "generative AI". Overall, this is a net-positive for the industry as it acknowledges that single-turn, stateless language models alone are not enough to solve

Last Week in GAI Security Research - 11/11/24

Last Week in GAI Security Research - 11/11/24

Highlights from Last Week * 💉SQL Injection Jailbreak: a structural disaster of large language models * ❇ Fixing Security Vulnerabilities with AI in OSS-Fuzz * 🏭 LLMs for Domain Generation Algorithm Detection * 🧫 AutoPT: How Far Are We from the End2End Automated Web Penetration Testing? * 🎭 Targeted Manipulation and Deception Emerge when Optimizing LLMs for User Feedback

Last Week in GAI Security Research - 11/04/24

Last Week in GAI Security Research - 11/04/24

Highlights from Last Week * 🤖 Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks * 🔊 Audio Is the Achilles' Heel: Red Teaming Audio Large Multimodal Models * 🌱 Sorting Out the Bad Seeds: Automatic Classification of Cryptocurrency Abuse Reports * 🦟 Fine-Tuning LLMs for Code Mutation: A New Era of Cyber Threats