# attack-surface
標記為「attack-surface」的 49 篇文章
LlamaIndex Attack Surface Analysis
Analysis of security vulnerabilities in LlamaIndex's RAG and agent components.
Cloud AI Security
Comprehensive overview of cloud AI security for red teamers: shared responsibility models, attack surfaces across AWS, Azure, and GCP AI services, threat models for model APIs, data pipelines, and inference endpoints.
Multi-Cloud AI Attack Surface Analysis
Comparative attack surface analysis across AWS, Azure, and GCP AI service portfolios.
Agentic Coding Tools
Security analysis of agentic coding tools like Claude Code, Devin, and Cursor Agent: expanded attack surfaces from file system access, terminal commands, MCP tool use, and autonomous operation.
AI Coding Assistant Landscape
Overview of major AI coding assistants including GitHub Copilot, Cursor, Claude Code, Windsurf, and Cody, with analysis of their architectures and attack surfaces.
LoRA & Adapter Attack Surface
Overview of security vulnerabilities in parameter-efficient fine-tuning methods including LoRA, QLoRA, and adapter-based approaches -- how the efficiency and shareability of adapters create novel attack vectors.
Model Types and Their Attack Surfaces
How text, vision, multimodal, embedding, and code generation models each present unique vulnerabilities and attack surfaces for red teamers.
Instruction Following as Attack Surface
Why the instruction-following capability of LLMs is inherently an attack surface.
Lab: Mapping an AI System's Attack Surface
Hands-on lab walking through reconnaissance of an AI system — identifying components, mapping data flows, enumerating tools, and documenting the attack surface.
Model Merging Attack Surface Analysis
Security analysis of model merging techniques including TIES, DARE, and SLERP for injecting malicious capabilities.
Tokenizer Security
How tokenization creates attack surfaces in LLM systems: BPE exploitation, token boundary attacks, encoding edge cases, and tokenizer-aware adversarial techniques.
LLMOps Security
Comprehensive overview of security across the LLMOps lifecycle: from data preparation and experiment tracking through model deployment and production monitoring. Attack surfaces, threat models, and defensive strategies for ML operations.
Claude Attack Surface
Claude-specific attack vectors including Constitutional AI weaknesses, tool use exploitation, system prompt handling, vision attacks, and XML tag injection techniques.
Gemini Attack Surface
Gemini-specific attack vectors including multimodal injection across image, audio, and video inputs, Google Workspace integration attacks, grounding abuse, and code execution exploitation.
GPT-4 Attack Surface
Comprehensive analysis of GPT-4-specific attack vectors including function calling exploitation, vision input attacks, system message hierarchy abuse, structured output manipulation, and known jailbreak patterns.
Model Deep Dives
Why model-specific knowledge matters for AI red teaming, how different architectures create different attack surfaces, and a systematic methodology for profiling any new model.
Audio Model Attack Surface
Overview of audio model security, including attacks on Whisper, speech-to-text systems, voice assistants, and the audio processing pipeline.
Video Model Attacks
Video understanding model security, frame-level vs temporal attacks, how video models process sequences, and the complete attack surface overview.
AI Attack Surface Mapping
Systematic methodology for identifying all attack vectors in AI systems: input channels, data flows, tool integrations, and trust boundaries.
Model Architecture Attack Vectors
How model architecture decisions create exploitable attack surfaces, including attention mechanisms, MoE routing, KV cache, and context window vulnerabilities.
Fine-Tuning Attack Surface
Comprehensive overview of fine-tuning security vulnerabilities including SFT data poisoning, RLHF manipulation, alignment tax, and all fine-tuning attack vectors.
Pre-training Attack Surface
Comprehensive overview of pre-training security vulnerabilities including data collection, cleaning, deduplication, and web-scale dataset compromise attack vectors.
Mapping the Attack Surface of AI Systems
Systematic walkthrough for identifying and mapping every attack surface in an AI system, from user inputs through model inference to output delivery and tool integrations.
Reconnaissance Workflow
Systematic reconnaissance workflow for AI red team engagements: system prompt extraction, model identification, capability mapping, API enumeration, and documenting the attack surface.
AI Attack Surface Enumeration Methodology
Systematic methodology for enumerating the complete attack surface of an AI-powered application.
LlamaIndex 攻擊 Surface Analysis
Analysis of security vulnerabilities in LlamaIndex's RAG and agent components.
MCP 安全:新的攻擊面
深入探討模型上下文協議安全——分析工具註冊攻擊、傳輸層風險、跨伺服器利用與實務強化策略。
多模態攻擊版圖
隨著 AI 系統處理圖片、音訊與影片以及文字,攻擊面已大幅擴展。紅隊員需要知道的事。
雲端 AI 安全
給紅隊員的雲端 AI 安全完整概覽:共同責任模型、跨 AWS、Azure 與 GCP AI 服務的攻擊面、模型 API、資料管線與推論端點的威脅模型。
Multi-Cloud AI 攻擊 Surface Analysis
Comparative attack surface analysis across AWS, Azure, and GCP AI service portfolios.
代理式編碼工具
對代理式編碼工具(如 Claude Code、Devin、Cursor Agent)的安全分析:自檔案系統存取、終端指令、MCP 工具使用,以及自主操作而擴展之攻擊面。
LoRA & Adapter 攻擊 Surface
概覽 of security vulnerabilities in parameter-efficient fine-tuning methods including LoRA, QLoRA, and adapter-based approaches -- how the efficiency and shareability of adapters create novel attack vectors.
模型類型與其攻擊面
文字、視覺、多模態、embedding 與程式碼生成模型如何各呈現紅隊員獨特之漏洞與攻擊面。
Instruction Following as 攻擊 Surface
Why the instruction-following capability of LLMs is inherently an attack surface.
實作:繪製 AI 系統的攻擊面
對 AI 系統進行偵察的實作課程——辨識元件、繪製資料流、枚舉工具,並撰寫攻擊面文件。
模型 Merging 攻擊 Surface Analysis
安全 analysis of model merging techniques including TIES, DARE, and SLERP for injecting malicious capabilities.
Tokenizer 安全
How tokenization creates attack surfaces in LLM systems: BPE exploitation, token boundary attacks, encoding edge cases, and tokenizer-aware adversarial techniques.
LLMOps 安全
Comprehensive overview of security across the LLMOps lifecycle: from data preparation and experiment tracking through model deployment and production monitoring. 攻擊 surfaces, threat models, and defensive strategies for ML operations.
Claude 攻擊面
Claude 特有攻擊向量,含憲法 AI 弱點、工具使用利用、系統提示處理、視覺攻擊與 XML 標籤注入技術。
Gemini 攻擊面
Gemini 特有攻擊向量,含跨圖像、音訊與視訊輸入之多模態注入、Google Workspace 整合攻擊、接地濫用,與程式碼執行利用。
GPT-4 攻擊面
GPT-4 特有攻擊向量之完整分析,包括函式呼叫攻擊、視覺輸入攻擊、系統訊息階層濫用、結構化輸出操弄,以及已知 jailbreak 模式。
模型深入探討
為何模型特定知識對 AI 紅隊演練重要、不同架構如何建立不同的攻擊面,以及為任何新模型剖析的系統化方法論。
影片模型攻擊
影片理解模型的安全性、影格層級攻擊與時序攻擊的差異、影片模型如何處理序列資訊,以及完整的攻擊面概觀。
AI 攻擊面繪製
辨識 AI 系統中所有攻擊向量之系統化方法論:輸入通道、資料流、工具整合與信任邊界。
微調攻擊面
微調安全漏洞的全面概觀,包括 SFT 資料投毒、RLHF 操弄、對齊稅,以及所有微調攻擊向量。
預訓練攻擊面
預訓練安全漏洞的全面概觀,涵蓋資料蒐集、清理、去重,以及 Web 規模資料集入侵攻擊向量。
Mapping the 攻擊 Surface of AI Systems
Systematic walkthrough for identifying and mapping every attack surface in an AI system, from user inputs through model inference to output delivery and tool integrations.
偵察工作流程
為 AI 紅隊委任之系統化偵察工作流程:系統提示提取、模型辨識、能力繪製、API 列舉,與記錄攻擊面。
AI 攻擊 Surface Enumeration Methodology
Systematic methodology for enumerating the complete attack surface of an AI-powered application.