Applied GAI in Security

Sign in Subscribe

Brandon Dixon

Brandon Dixon

Brandon is a cybersecurity expert currently leading Security Copilot at Microsoft. He is known for creating PassiveTotal, Blockade.io, NinjaJobs, PDF X-Ray, and other opensource tools

Last Week in GAI Security Research - 12/02/24

Last Week in GAI Security Research - 12/02/24

Highlights from Last Week * 📚 EnStack: An Ensemble Stacking Framework of Large Language Models for Enhanced Vulnerability Detection in Source Code * 👤 Sensitive Content Classification in Social Media: A Holistic Resource and Evaluation * ☣️ Knowledge Database or Poison Base? Detecting RAG Poisoning Attack through LLM Activations * 🏛 Fine-Tuning LLMs with Noisy Data for Political

Last Week in GAI Security Research - 11/25/24

Last Week in GAI Security Research - 11/25/24

Highlights from Last Week * 🦹‍♂ RAG-Thief: Scalable Extraction of Private Data from Retrieval-Augmented Generation Applications with Agent-based Attacks * 🐠 Adapting to Cyber Threats: A Phishing Evolution Network (PEN) Framework for Phishing Generation and Analyzing Evolution Patterns using Large Language Models * 🧵 A Flexible Large Language Models Guardrail Development Methodology Applied to Off-Topic Prompt

Last Week in GAI Security Research - 11/18/24

Last Week in GAI Security Research - 11/18/24

Highlights from Last Week * 👹 Unmasking the Shadows: Pinpoint the Implementations of Anti-Dynamic Analysis Techniques in Malware Using LLM * 🐑 LLM App Squatting and Cloning * ✅ Trustful LLMs: Customizing and Grounding Text Generation with Knowledge Bases and Dual Decoders * 💔 RedCode: Risky Code Execution and Generation Benchmark for Code Agents * 🎓 MultiKG: Multi-Source Threat Intelligence

Agents, clarified.

Agents, clarified.

In recent months, I've observed "agents" and "agentic" terms supplanting generic concepts like "language models" and "generative AI". Overall, this is a net-positive for the industry as it acknowledges that single-turn, stateless language models alone are not enough to solve

Last Week in GAI Security Research - 11/11/24

Last Week in GAI Security Research - 11/11/24

Highlights from Last Week * 💉SQL Injection Jailbreak: a structural disaster of large language models * ❇ Fixing Security Vulnerabilities with AI in OSS-Fuzz * 🏭 LLMs for Domain Generation Algorithm Detection * 🧫 AutoPT: How Far Are We from the End2End Automated Web Penetration Testing? * 🎭 Targeted Manipulation and Deception Emerge when Optimizing LLMs for User Feedback

Last Week in GAI Security Research - 11/04/24

Last Week in GAI Security Research - 11/04/24

Highlights from Last Week * 🤖 Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks * 🔊 Audio Is the Achilles' Heel: Red Teaming Audio Large Multimodal Models * 🌱 Sorting Out the Bad Seeds: Automatic Classification of Cryptocurrency Abuse Reports * 🦟 Fine-Tuning LLMs for Code Mutation: A New Era of Cyber Threats

Scaling Yourself with the AI Digest

Scaling Yourself with the AI Digest

Every week for the past 7 months, I've found myself executing a python script I call "deepthought" to summarize research papers that talk about applying generative AI to security problems. This process is what powers the "Last Week in GAI" digests I send out