AI Security

Retrieval-Augmented Generation (RAG) may seem like a fortress of AI reliability—until you realize the breach happens at the front door, not in the model. Large Language Models (LLMs) have become the backbone of enterprise AI assistants. Yet as more systems integrate RAG pipelines to improve their factuality and domain alignment, a gaping blindspot has emerged—the document ingestion layer. A new paper titled “The Hidden Threat in Plain Text” by Castagnaro et al. warns that attackers don’t need to jailbreak your model or infiltrate your vector store. Instead, they just need to hand you a poisoned DOCX, PDF, or HTML file. And odds are, your RAG system will ingest it—invisibly. ...

Agents Under Siege: How LLM Workflows Invite a New Breed of Cyber Threats From humble prompt-followers to autonomous agents capable of multi-step tool use, LLM-powered systems have evolved rapidly in just two years. But with this newfound capability comes a vulnerability surface unlike anything we’ve seen before. The recent survey paper From Prompt Injections to Protocol Exploits presents the first end-to-end threat model of these systems, and it reads like a cybersecurity nightmare. ...

When the DAO hack siphoned millions from Ethereum in 2016, the blockchain world learned a hard lesson: code is law, and bad law can be catastrophic. Fast forward to today, and smart contract security still walks a tightrope between complexity and automation. Enter Smart-LLaMA-DPO, a reinforced large language model designed not just to find vulnerabilities in smart contracts—but to explain them, clearly and reliably. 🧠 Beyond Detection: Why Explanations Matter Most smart contract vulnerability detectors work like smoke alarms—loud when something’s wrong, but not exactly helpful in telling you why. The core innovation of Smart-LLaMA-DPO is that it speaks the language of developers. It explains vulnerabilities with clarity and technical nuance, whether it’s a reentrancy flaw or an oracle manipulation scheme. And that clarity doesn’t come from magic—it comes from Direct Preference Optimization (DPO), a training method where the model learns not just from correct labels, but from expert-ranked explanations. ...