llm

Threat actors are embedding prompt injection payloads in third-party LLM plugins and data sources to hijack AI agent actions, exfiltrate data, and pivot within enterprise environments.

Research demonstrates that LLMs with large context windows can be reliably jailbroken by embedding hundreds of fictitious dialogues before the target request — a technique that scales with context length and bypasses standard safety training.

A detailed post-mortem of a multi-stage intrusion in which threat actors used LLM-generated spear phishing, AI-assisted credential stuffing, and automated reconnaissance to compromise a wealth management firm — from initial access to detection.

Model inversion and training data extraction attacks allow adversaries to recover PII, proprietary data, and trade secrets from fine-tuned LLMs exposed via API — a significant compliance and IP risk for enterprises.