@securing_bits profile picture
Securing Bits @securing_bits

I explain application security using comic art.

Joined April 2023
  • Tweets 743
  • Following 516
  • Followers 610
239 Photos and videos
Pinned Tweet
Securing Bits@securing_bits
21 Jun 2023
In February, I discovered a critical authentication bypass in the Google Cloud API Gateway and reported it to @GoogleVRP. 🧵[1/10] References: Write-Up: securingbits.com/bypassing-g… CVE: nvd.nist.gov/vuln/detail/CVE… GitHub Advisory: github.com/GoogleCloudPlatfo… #bugbounty #googlecloud
2
9
31
6,043
Building your next LLM integration? Beware of Indirect Prompt Injection vulnerability. Previous models like GPT4 and Bing have been affected. #llm #applicationsecurity #chatgpt
1
2
2
389
Learn more about indirect prompt injections from the paper 'Not what you’ve signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection' Link: arxiv.org/pdf/2302.12173

1
87
I hope you've found this thread helpful. Follow me here @securing_bits or on Linkedin linkedin.com/in/vasilikos-pa… for more, and if you enjoy my content make sure to subscribe to my weekly free newsletter at securingbits.com/newsletter. Like/Repost the quote below if you can:

Securing Bits@securing_bits
5 Jun 2024
Building your next LLM integration? Beware of Indirect Prompt Injection vulnerability. Previous models like GPT4 and Bing have been affected. #llm #applicationsecurity #chatgpt
82
HTTP Response Headers: Usage 🛠 and Security Abuse ☠. Those complement the HTTP Request Headers we saw last week :) #websecurity #bugbounty #bugbountytips
1
2
255
I hope you've found this thread helpful. Follow me here @securing_bits or on Linkedin linkedin.com/in/vasilikos-pa… for more, and if you enjoy my content make sure to subscribe to my weekly free newsletter at securingbits.com/newsletter. Like/Repost the quote below if you can:

Securing Bits@securing_bits
3 Jun 2024
HTTP Response Headers: Usage 🛠 and Security Abuse ☠. Those complement the HTTP Request Headers we saw last week :) #websecurity #bugbounty #bugbountytips
81
HTTP Request Headers: Usage🛠️ and Security Abuse💀 #websecurity #bugbounty #bugbountytips
1
1
174
I hope you've found this thread helpful. Follow me here @securing_bits or on Linkedin linkedin.com/in/vasilikos-pa… for more, and if you enjoy my content make sure to subscribe to my weekly free newsletter at securingbits.com/newsletter. Like/Repost the quote below if you can:

Securing Bits@securing_bits
27 May 2024
HTTP Request Headers: Usage🛠️ and Security Abuse💀 #websecurity #bugbounty #bugbountytips
65
Guard your LLM against prompt injection with these powerful tools: - github.com/protectai/llm-gua… - github.com/protectai/rebuff - github.com/NVIDIA/NeMo-Guard… - github.com/amoffat/HeimdaLLM - github.com/guardrails-ai/gua… - github.com/whylabs/langkit #AI #MachineLearning #LLM #Security 🛡️🔒
1
1
2
165
I hope you've found this thread helpful. Follow me here @securing_bits or on Linkedin linkedin.com/in/vasilikos-pa… for more, and if you enjoy my content make sure to subscribe to my weekly free newsletter at securingbits.com/newsletter. Like/Repost the quote below if you can:

Securing Bits@securing_bits
22 May 2024
Guard your LLM against prompt injection with these powerful tools: - github.com/protectai/llm-gua… - github.com/protectai/rebuff - github.com/NVIDIA/NeMo-Guard… - github.com/amoffat/HeimdaLLM - github.com/guardrails-ai/gua… - github.com/whylabs/langkit #AI #MachineLearning #LLM #Security 🛡️🔒
44
What could go wrong during the ML model development lifecycle (Part 2) ? Example threat model based on the talk "Kubernetes MLSec: Securing AI in Space" by @d1gital_f and James Callaghan of @controlplaneio at @CloudNativeFdn. #ai #machinelearning #security
1
2
96
If you missed Part 1 👇 x.com/securing_bits/status/1…

Securing Bits@securing_bits
8 May 2024
What could go wrong during the ML model development lifecycle? Example threat model based on the talk "Kubernetes MLSec: Securing AI in Space" by @d1gital_f and James Callaghan of @controlplaneio at @CloudNativeFdn. Talk: youtube.com/watch?v=gjl-lTF7… #ai #machinelearning #security
1
45
I hope you've found this thread helpful. Follow me here @securing_bits or on Linkedin linkedin.com/in/vasilikos-pa… for more, and if you enjoy my content make sure to subscribe to my weekly free newsletter at securingbits.com/newsletter. Like/Repost the quote below if you can:

Securing Bits@securing_bits
15 May 2024
What could go wrong during the ML model development lifecycle (Part 2) ? Example threat model based on the talk "Kubernetes MLSec: Securing AI in Space" by @d1gital_f and James Callaghan of @controlplaneio at @CloudNativeFdn. #ai #machinelearning #security
28
Authentication (AuthN) architecture patterns for microservices👇 #microservices #applicationsecurity #systemdesign
2
1
212
I hope you've found this thread helpful. Follow me here @securing_bits or on Linkedin linkedin.com/in/vasilikos-pa… for more, and if you enjoy my content make sure to subscribe to my weekly free newsletter at securingbits.com/newsletter. Like/Repost the quote below if you can:

Securing Bits@securing_bits
13 May 2024
Authentication (AuthN) architecture patterns for microservices👇 #microservices #applicationsecurity #systemdesign
45
What could go wrong during the ML model development lifecycle? Example threat model based on the talk "Kubernetes MLSec: Securing AI in Space" by @d1gital_f and James Callaghan of @controlplaneio at @CloudNativeFdn. Talk: youtube.com/watch?v=gjl-lTF7… #ai #machinelearning #security
1
159
I hope you've found this thread helpful. Follow me here @securing_bits or on Linkedin linkedin.com/in/vasilikos-pa… for more, and if you enjoy my content make sure to subscribe to my weekly free newsletter at securingbits.com/newsletter. Like/Repost the quote below if you can:

Securing Bits@securing_bits
8 May 2024
What could go wrong during the ML model development lifecycle? Example threat model based on the talk "Kubernetes MLSec: Securing AI in Space" by @d1gital_f and James Callaghan of @controlplaneio at @CloudNativeFdn. Talk: youtube.com/watch?v=gjl-lTF7… #ai #machinelearning #security
36
Take a look at these Google Cloud Threat Detection Queries👇 They are inspired by a talk given by @daycyberwox during a past @fwdcloudsec event. Link: [youtube.com/watch?v=orNBBHKa…]
1
1
2
445
I hope you've found this thread helpful. Follow me here @securing_bits or on Linkedin linkedin.com/in/vasilikos-pa… for more, and if you enjoy my content make sure to subscribe to my weekly free newsletter at securingbits.com/newsletter. Like/Repost the quote below if you can:

Securing Bits@securing_bits
6 May 2024
Take a look at these Google Cloud Threat Detection Queries👇 They are inspired by a talk given by @daycyberwox during a past @fwdcloudsec event. Link: [youtube.com/watch?v=orNBBHKa…]
44
Developers using a poisoned ChatGPT-like tool are more prone to including insecure code than those using an IntelliCode-like tool or no tool. 🧵[1/2] Research done by Oh, Lee, Park, Kim and Kim involving 30 developers completing coding tasks with AI assistants. #ai #chatgpt
1
1
1
164
🧵[2/2] Find the full paper "Poisoned ChatGPT Finds Work for Idle Hands: Exploring Developers' Coding Practices with Insecure Suggestions from Poisoned AI Models" at arxiv.org/pdf/2312.06227.pdf

1
30
I hope you've found this thread helpful. Follow me here @securing_bits or on Linkedin linkedin.com/in/vasilikos-pa… for more, and if you enjoy my content make sure to subscribe to my weekly free newsletter at securingbits.com/newsletter. Like/Repost the quote below if you can:

Securing Bits@securing_bits
1 May 2024
Developers using a poisoned ChatGPT-like tool are more prone to including insecure code than those using an IntelliCode-like tool or no tool. 🧵[1/2] Research done by Oh, Lee, Park, Kim and Kim involving 30 developers completing coding tasks with AI assistants. #ai #chatgpt
38
Load more