AI & LLM Threat Detection

Attackers craft inputs that manipulate the LLM to ignore its instructions and perform unintended actions. Can be direct (user input) or indirect (injected via retrieved content, tool outputs, or documents).

LLM outputs are passed downstream to other systems (browsers, code interpreters, databases) without validation, enabling XSS, SSRF, SQL injection, and code execution.

Malicious actors introduce adversarial data into training or fine-tuning datasets to create backdoored models, biased outputs, or degraded performance on specific inputs.

Attackers craft inputs that consume disproportionate computational resources — extremely long prompts, recursive context expansion, or adversarial inputs that cause model instability.

Compromised model weights, poisoned plugins, malicious third-party integrations, or insecure model hosting infrastructure introduce risks into the LLM deployment pipeline.

LLMs may reveal sensitive data — including PII, credentials, internal system details, or confidential business context — either memorized from training data or present in the conversation context.

LLM plugins and tool integrations with excessive permissions, insufficient input validation, or no authentication create attack surfaces for privilege escalation and data exfiltration through the LLM layer.

LLM-based systems granted excessive permissions or autonomy can take harmful actions with real-world consequences — deleting data, sending communications, modifying configurations — without adequate human oversight.

Users and systems place excessive trust in LLM outputs without verification, leading to security-relevant decisions based on hallucinated, biased, or manipulated content — including incorrect security guidance, code vulnerabilities, or false threat intelligence.

Lack of resource controls allows attackers or misconfigurations to cause excessive LLM API consumption — through long prompts, context flooding, recursive agent loops, or credential sharing — resulting in cost exhaustion, degraded availability, or denial of service.