AI Security

Agents Under Siege: How LLM Workflows Invite a New Breed of Cyber Threats From humble prompt-followers to autonomous agents capable of multi-step tool use, LLM-powered systems have evolved rapidly in just two years. But with this newfound capability comes a vulnerability surface unlike anything we’ve seen before. The recent survey paper From Prompt Injections to Protocol Exploits presents the first end-to-end threat model of these systems, and it reads like a cybersecurity nightmare. ...

When the DAO hack siphoned millions from Ethereum in 2016, the blockchain world learned a hard lesson: code is law, and bad law can be catastrophic. Fast forward to today, and smart contract security still walks a tightrope between complexity and automation. Enter Smart-LLaMA-DPO, a reinforced large language model designed not just to find vulnerabilities in smart contracts—but to explain them, clearly and reliably. 🧠 Beyond Detection: Why Explanations Matter Most smart contract vulnerability detectors work like smoke alarms—loud when something’s wrong, but not exactly helpful in telling you why. The core innovation of Smart-LLaMA-DPO is that it speaks the language of developers. It explains vulnerabilities with clarity and technical nuance, whether it’s a reentrancy flaw or an oracle manipulation scheme. And that clarity doesn’t come from magic—it comes from Direct Preference Optimization (DPO), a training method where the model learns not just from correct labels, but from expert-ranked explanations. ...