Tool calling gives injection attacks a path to backend/agentic actions. If a model can call functions, browse, read files, hit APIs, or drive a desktop, then untrusted input may be able to steer those actions. We have already looked at two pieces of this problem from the Sentry side.
Prompt injection is OWASP's #1 ranked vulnerability for LLM applications, but the term covers two fundamentally different attack classes. Semantic prompt injections manipulate meaning. They use natural language to trick the model into interpreting a malicious instruction as legitimate. Token-based injections exploit the tokenization layer itself: techniques such
Large Language Models introduce security issues reminiscent of early-2000s software bugs. Special Token Injection (STI) exploits how LLMs parse structured prompts. This post breaks down what STI is, how it works, where it appears, and why it matters—through a pentester’s lens.
Tool calling gives injection attacks a path to backend/agentic actions. If a model can call functions, browse, read files, hit APIs, or drive a desktop, then untrusted input may be able to steer those actions. We have already looked at two pieces of this problem from the Sentry side.
Prompt injection is OWASP's #1 ranked vulnerability for LLM applications, but the term covers two fundamentally different attack classes. Semantic prompt injections manipulate meaning. They use natural language to trick the model into interpreting a malicious instruction as legitimate. Token-based injections exploit the tokenization layer itself: techniques such
If you work in cybersecurity, you already know the feeling of having more to investigate than hours in the day. The security research backlog grows while you sleep. Threat feeds update faster than you can read them. Incident reports pile up. So when AI tools showed up offering to help
Side-channel attacks are a method of extracting information from systems by observing their physical implementation rather than attacking the theoretical weaknesses in algorithms. These attacks focus on the unintended information leakage that occurs during a system's operation. This guide covers web side-channel attacks—timing signals, response-size leaks, and
Over the last few years, I’ve found myself coming back to the same question when thinking about AI systems: what actually makes them dangerous in practice? I was specifically interested in environments with real infrastructure, real incentives, and real failure modes as it pertains to practical AI security leaders
What are LLM API Misconfigurations and why do they happen? Large Language Model (LLM) APIs like Responses, Completions, Messages provide flexible interfaces for building multi-turn conversations, tool integrations, and agent pipelines. These APIs accept structured input such as messages[], roles, function calls, and other model-relevant parameters, and return structured outputs
Large Language Models introduce security issues reminiscent of early-2000s software bugs. Special Token Injection (STI) exploits how LLMs parse structured prompts. This post breaks down what STI is, how it works, where it appears, and why it matters—through a pentester’s lens.
OAuth 2.0 has become the cornerstone of modern authorization, powering secure API access for countless applications. Yet not every OAuth flow fits every scenario. While some flows are designed for backend, server-to-server communications, others are intended for public clients. In this piece, we explore why using the OAuth client
This blog details how attackers exploit Unconstrained Delegation in Active Directory to achieve domain takeover. You'll see a step-by-step breakdown of capturing a Domain Controller's TGT, why it's critical, and, of course, learn actionable steps to prevent this threat. Unconstrained delegation is a legacy
Insecure handling of OpenAI's ChatML JSON schemas can allow attackers to inject their own system roles into the messages array. This silently overrides developer-supplied instructions, coercing the model into unintended behaviors. Attackers can also abuse the system role to call hidden or unauthorized tools or functions that the
When reset tokens rely on predictable data, such as hashing a simple timestamp with MD5, they can lead to account takeovers. Read on if you want to protect your application’s password recovery functionality without compromising user convenience. Modern web applications almost always feature some form of password recovery or
Information stored in sourcemap files can lead to major security breaches. If you’re looking to keep your production environment safe without sacrificing the benefits of modern build pipelines, read on.