# attack-surface
25 articlestagged with “attack-surface”
LlamaIndex Attack Surface Analysis
Analysis of security vulnerabilities in LlamaIndex's RAG and agent components.
Cloud AI Security
Comprehensive overview of cloud AI security for red teamers: shared responsibility models, attack surfaces across AWS, Azure, and GCP AI services, threat models for model APIs, data pipelines, and inference endpoints.
Multi-Cloud AI Attack Surface Analysis
Comparative attack surface analysis across AWS, Azure, and GCP AI service portfolios.
Agentic Coding Tools
Security analysis of agentic coding tools like Claude Code, Devin, and Cursor Agent: expanded attack surfaces from file system access, terminal commands, MCP tool use, and autonomous operation.
AI Coding Assistant Landscape
Overview of major AI coding assistants including GitHub Copilot, Cursor, Claude Code, Windsurf, and Cody, with analysis of their architectures and attack surfaces.
LoRA & Adapter Attack Surface
Overview of security vulnerabilities in parameter-efficient fine-tuning methods including LoRA, QLoRA, and adapter-based approaches -- how the efficiency and shareability of adapters create novel attack vectors.
Model Types and Their Attack Surfaces
How text, vision, multimodal, embedding, and code generation models each present unique vulnerabilities and attack surfaces for red teamers.
Instruction Following as Attack Surface
Why the instruction-following capability of LLMs is inherently an attack surface.
Lab: Mapping an AI System's Attack Surface
Hands-on lab walking through reconnaissance of an AI system — identifying components, mapping data flows, enumerating tools, and documenting the attack surface.
Model Merging Attack Surface Analysis
Security analysis of model merging techniques including TIES, DARE, and SLERP for injecting malicious capabilities.
Tokenizer Security
How tokenization creates attack surfaces in LLM systems: BPE exploitation, token boundary attacks, encoding edge cases, and tokenizer-aware adversarial techniques.
LLMOps Security
Comprehensive overview of security across the LLMOps lifecycle: from data preparation and experiment tracking through model deployment and production monitoring. Attack surfaces, threat models, and defensive strategies for ML operations.
Claude Attack Surface
Claude-specific attack vectors including Constitutional AI weaknesses, tool use exploitation, system prompt handling, vision attacks, and XML tag injection techniques.
Gemini Attack Surface
Gemini-specific attack vectors including multimodal injection across image, audio, and video inputs, Google Workspace integration attacks, grounding abuse, and code execution exploitation.
GPT-4 Attack Surface
Comprehensive analysis of GPT-4-specific attack vectors including function calling exploitation, vision input attacks, system message hierarchy abuse, structured output manipulation, and known jailbreak patterns.
Model Deep Dives
Why model-specific knowledge matters for AI red teaming, how different architectures create different attack surfaces, and a systematic methodology for profiling any new model.
Audio Model Attack Surface
Overview of audio model security, including attacks on Whisper, speech-to-text systems, voice assistants, and the audio processing pipeline.
Video Model Attacks
Video understanding model security, frame-level vs temporal attacks, how video models process sequences, and the complete attack surface overview.
AI Attack Surface Mapping
Systematic methodology for identifying all attack vectors in AI systems: input channels, data flows, tool integrations, and trust boundaries.
Model Architecture Attack Vectors
How model architecture decisions create exploitable attack surfaces, including attention mechanisms, MoE routing, KV cache, and context window vulnerabilities.
Fine-Tuning Attack Surface
Comprehensive overview of fine-tuning security vulnerabilities including SFT data poisoning, RLHF manipulation, alignment tax, and all fine-tuning attack vectors.
Pre-training Attack Surface
Comprehensive overview of pre-training security vulnerabilities including data collection, cleaning, deduplication, and web-scale dataset compromise attack vectors.
Mapping the Attack Surface of AI Systems
Systematic walkthrough for identifying and mapping every attack surface in an AI system, from user inputs through model inference to output delivery and tool integrations.
Reconnaissance Workflow
Systematic reconnaissance workflow for AI red team engagements: system prompt extraction, model identification, capability mapping, API enumeration, and documenting the attack surface.
AI Attack Surface Enumeration Methodology
Systematic methodology for enumerating the complete attack surface of an AI-powered application.