Topics

Browse posts by category and tag — every topic we cover, with the latest pieces under each.

Tags

Categories

news 4 posts

How LLM Chatbots Leak Data Through Their Own Rendered Output

A recurring AI-security finding: an injected instruction makes the model emit a markdown image whose URL carries the user's data to an attacker server. Why this works, why CSP is the real fix, and what to check this week.
Indirect Prompt Injection: The Agent Era's Default Vulnerability

As LLM agents gained tools and memory, the dangerous injection stopped coming from the user and started coming from the data the agent reads. A defender's breakdown of why this class resists patching and what containment looks like.
The OWASP LLM Top 10 (2025) Changed More Than the Numbering

The 2025 revision of the OWASP Top 10 for LLM Applications added system-prompt leakage and vector/embedding weaknesses, and reframed the supply-chain entry. Here's what actually shifted and why it matters for defenders.
How AI Sec Weekly Works: The Format and Why It Looks This Way

Every Friday digest follows the same structure for a reason. Here's the format breakdown — three top stories, the reading list, and what gets left out.

site 1 posts

What this site is for

AI Sec Weekly covers cybersecurity news with an engineer's filter. Here's what we publish.