CISA has released sector-specific AI security guidelines for critical infrastructure operators, covering threat modelling for AI systems, incident response procedures, and minimum security baseline requirements aligned with the NIST AI RMF.
How to implement an AI Software Bill of Materials (AI-SBOM) that captures the full component graph of a deployed AI system — base models, adapters, training datasets, and dependencies — and how to use it to manage supply chain risk and regulatory compliance.
A survey of query-efficient model extraction attacks against commercial LLM APIs — how adversaries can reconstruct a functional shadow model using only input-output pairs, the commercial and security risks this creates, and the defences providers are deploying.
A UK insurance provider has disclosed that its AI customer service chatbot, due to an IDOR vulnerability in the underlying API and excessive tool permissions, allowed authenticated users to retrieve policy documents and PII belonging to other customers.
Researchers demonstrate that safety-aligned multimodal LLMs can be reliably jailbroken by encoding adversarial instructions as text within images, bypassing text-layer safety filters that do not process image content through the same moderation pipeline.