# api-security

標記為「api-security」的 26 篇文章

Function Calling Exploitation

Overview of how LLM function/tool calling works, the attack surface it creates, and systematic approaches to exploiting function calling interfaces in AI systems.

function-callingtool-useagentsexploitationapi-security

中級

Infrastructure Security Assessment (Assessment)

Test your knowledge of AI infrastructure security including model serving, API security, deployment architectures, and supply chain risks with 10 intermediate-level questions.

assessmentinfrastructureapi-securitydeploymentsupply-chain

中級

LLMOps Security Assessment (Assessment)

Test your understanding of MLOps pipeline security, model deployment attacks, API security, monitoring gaps, model registry poisoning, and CI/CD for ML with 10 questions.

assessmentllmopsmlopspipeline-securitymodel-deploymentapi-security

中級

Security of AI-Generated API Endpoints

Analysis of security vulnerabilities in AI-generated REST and GraphQL API code, covering authentication bypass, BOLA, mass assignment, and rate limiting failures.

code-gen-securityapi-securityrest-apiauthentication

中級

June 2026: Cloud AI Security Challenge

Find and document vulnerabilities in a cloud-deployed AI service covering API security, model serving infrastructure, authentication, and data handling.

challengecloudinfrastructureapi-securitydeploymentjune-2026

中級

AI API Abuse Detection

Detecting and mitigating API abuse patterns targeting AI inference endpoints including prompt extraction and model theft.

infrastructureapi-securityabuse-detectionrate-limiting

中級

LLM API Security Testing

Security testing methodology for LLM APIs, covering authentication, rate limiting, input validation, output filtering, and LLM-specific API vulnerabilities.

api-securityauthenticationrate-limitingtestinginfrastructure

中級

Integration & Webhook Security

Methodology for exploiting SSRF through LLM tools, webhook hijacking, insecure function dispatch, output parsing vulnerabilities, OAuth/API key management flaws, and MCP server security in AI pipelines.

ssrfwebhooksfunction-callingmcpoauthapi-securityllm-integrationstool-use

進階

AI Infrastructure Security

Overview of security concerns in AI infrastructure, covering model supply chains, API security, deployment architecture, and the unique attack surfaces of ML systems.

infrastructuresupply-chainapi-securitydeploymentmlops

入門

Lab: Cloud AI Security Assessment

Conduct an end-to-end security assessment of a cloud-deployed AI service, covering API security, model vulnerabilities, data handling, and infrastructure configuration.

labcloudassessmentend-to-endapi-securityadvancedhands-on

進階

Simulation: Financial AI Platform

Expert-level red team engagement simulation targeting a fictional fintech AI-powered financial advisor, covering API mapping, advice manipulation, credential extraction, and regulatory impact assessment.

simulationfinancialfintechapi-securityregulatory

專家

Simulation: SaaS AI Product

Red team engagement simulation targeting a B2B SaaS platform with AI-powered document analysis, search, and automation features, covering multi-tenant isolation, API security, and cross-tenant data leakage.

simulationsaasb2bmulti-tenantapi-security

進階

Function Calling Parameter Injection

Walkthrough of manipulating function call parameters through prompt-level techniques, injecting malicious values into LLM-generated API calls.

function-callingparameter-injectionapi-securityagent-securitywalkthrough

中級

Rate Limiting and Abuse Prevention for LLM APIs

Walkthrough for implementing rate limiting and abuse prevention systems for LLM API endpoints, covering token bucket algorithms, per-user quotas, cost-based limiting, anomaly detection, and graduated enforcement.

rate-limitingabuse-preventionapi-securitytoken-bucketcost-controldefensewalkthrough

中級

函式呼叫攻擊（Function Calling Exploitation）

概述 LLM 函式/工具呼叫的運作方式、其產生的攻擊面，以及對 AI 系統中函式呼叫介面進行利用的系統化方法。

function-callingtool-useagentsexploitationapi-security

中級

安全 of AI-Generated API Endpoints

Analysis of security vulnerabilities in AI-generated REST and GraphQL API code, covering authentication bypass, BOLA, mass assignment, and rate limiting failures.

code-gen-securityapi-securityrest-apiauthentication

中級

June 2026: Cloud AI 安全 Challenge

Find and document vulnerabilities in a cloud-deployed AI service covering API security, model serving infrastructure, authentication, and data handling.

challengecloudinfrastructureapi-securitydeploymentjune-2026

中級

AI API Abuse Detection

Detecting and mitigating API abuse patterns targeting AI inference endpoints including prompt extraction and model theft.

infrastructureapi-securityabuse-detectionrate-limiting

中級

LLM API 安全

大型語言模型 API 的安全——涵蓋認證、速率限制、輸入驗證、輸出過濾與 API 特定攻擊向量。

api-securityauthenticationrate-limitinginput-validation

中級

Integration & Webhook 安全

ssrfwebhooksfunction-callingmcpoauthapi-securityllm-integrationstool-use

進階

AI 基礎設施安全

AI 基礎設施安全顧慮的概覽，涵蓋模型供應鏈、API 安全、部署架構，以及 ML 系統的獨特攻擊面。

infrastructuresupply-chainapi-securitydeploymentmlops

入門

實驗室: Cloud AI 安全評量

Conduct an end-to-end security assessment of a cloud-deployed AI service, covering API security, model vulnerabilities, data handling, and infrastructure configuration.

labcloudassessmentend-to-endapi-securityadvancedhands-on

進階

Simulation: Financial AI Platform

專家-level red team engagement simulation targeting a fictional fintech AI-powered financial advisor, covering API mapping, advice manipulation, credential extraction, and regulatory impact assessment.

simulationfinancialfintechapi-securityregulatory

專家

Simulation: SaaS AI Product

simulationsaasb2bmulti-tenantapi-security

進階

Function Calling Parameter Injection

導覽 of manipulating function call parameters through prompt-level techniques, injecting malicious values into LLM-generated API calls.

function-callingparameter-injectionapi-securityagent-securitywalkthrough

中級

Rate Limiting and Abuse Prevention for LLM APIs

導覽 for implementing rate limiting and abuse prevention systems for LLM API endpoints, covering token bucket algorithms, per-user quotas, cost-based limiting, anomaly detection, and graduated enforcement.

rate-limitingabuse-preventionapi-securitytoken-bucketcost-controldefensewalkthrough

中級

# api-security

Function Calling Exploitation

Infrastructure Security Assessment (Assessment)

LLMOps Security Assessment (Assessment)

Security of AI-Generated API Endpoints

June 2026: Cloud AI Security Challenge

AI API Abuse Detection

LLM API Security Testing

Integration & Webhook Security

AI Infrastructure Security

Lab: Cloud AI Security Assessment

Simulation: Financial AI Platform

Simulation: SaaS AI Product

Function Calling Parameter Injection

Rate Limiting and Abuse Prevention for LLM APIs

函式呼叫攻擊（Function Calling Exploitation）

安全 of AI-Generated API Endpoints

June 2026: Cloud AI 安全 Challenge

AI API Abuse Detection

LLM API 安全

Integration & Webhook 安全

AI 基礎設施安全

實驗室: Cloud AI 安全 評量

Simulation: Financial AI Platform

Simulation: SaaS AI Product

Function Calling Parameter Injection

Rate Limiting and Abuse Prevention for LLM APIs

# api-security

Function Calling Exploitation

Infrastructure Security Assessment (Assessment)

LLMOps Security Assessment (Assessment)

Security of AI-Generated API Endpoints

June 2026: Cloud AI Security Challenge

AI API Abuse Detection

LLM API Security Testing

Integration & Webhook Security

AI Infrastructure Security

Lab: Cloud AI Security Assessment

Simulation: Financial AI Platform

Simulation: SaaS AI Product

Function Calling Parameter Injection

Rate Limiting and Abuse Prevention for LLM APIs

函式呼叫攻擊（Function Calling Exploitation）

安全 of AI-Generated API Endpoints

June 2026: Cloud AI 安全 Challenge

AI API Abuse Detection

LLM API 安全

Integration & Webhook 安全

AI 基礎設施安全

實驗室: Cloud AI 安全 評量

Simulation: Financial AI Platform

Simulation: SaaS AI Product

Function Calling Parameter Injection

Rate Limiting and Abuse Prevention for LLM APIs

實驗室: Cloud AI 安全評量

實驗室: Cloud AI 安全評量