llm-security — AI 紅隊文章

Defense-in-Depth for LLM Apps

Layered defense strategy for AI applications covering network, application, model, and output layers, how each layer contributes, and why single-layer defense always fails.

defense-in-depthlayered-defensearchitecturesecurity-strategyllm-security

進階

Prompt Injection & Jailbreaks

A comprehensive introduction to prompt injection — the most fundamental vulnerability class in LLM applications — and its relationship to jailbreak techniques.

prompt-injectionjailbreakllm-securityfundamentals

入門

Building a Production Input Sanitizer

Step-by-step walkthrough for building a production-grade input sanitizer that cleans, normalizes, and validates user prompts before they reach an LLM, covering encoding normalization, injection pattern stripping, length enforcement, and integration testing.

input-sanitizationprompt-injectiondefensellm-securityinput-validationwalkthrough

中級

Threat Modeling for LLM-Powered Applications

Step-by-step walkthrough for conducting threat modeling sessions specifically tailored to LLM-powered applications, covering data flow analysis, trust boundary identification, AI-specific threat enumeration, risk assessment, and mitigation planning.

threat-modelingllm-securityrisk-assessmentmethodologySTRIDEwalkthrough

中級

Using Burp Suite for LLM API Endpoint Testing

Walkthrough for using Burp Suite to intercept, analyze, and attack LLM API endpoints, covering proxy configuration, request manipulation, automated scanning for injection flaws, and custom extensions for AI-specific testing.

burp-suiteapi-testingllm-securityproxyweb-securitywalkthrough

中級

LLM 應用之縱深防禦

AI 應用之分層防禦策略，涵蓋網路、應用、模型與輸出層，各層的貢獻，以及為何單層防禦必然失敗。

defense-in-depthlayered-defensearchitecturesecurity-strategyllm-security

進階

提示詞注入與越獄

提示詞注入的完整入門——大型語言模型應用程式中最根本的漏洞類別——以及它與越獄技術的關係。

prompt-injectionjailbreakllm-securityfundamentals

入門

Building a Production Input Sanitizer

Step-by-step walkthrough for building a production-grade input sanitizer that cleans, normalizes, and validates user prompts before they reach an LLM, covering encoding normalization, injection pattern stripping, length enforcement, and integration testing.

input-sanitizationprompt-injectiondefensellm-securityinput-validationwalkthrough

中級

Threat 模型ing for LLM-Powered Applications

Step-by-step walkthrough for conducting threat modeling sessions specifically tailored to LLM-powered applications, covering data flow analysis, trust boundary identification, AI-specific threat enumeration, risk assessment, and mitigation planning.

threat-modelingllm-securityrisk-assessmentmethodologySTRIDEwalkthrough

中級

Using Burp Suite for LLM API Endpoint Testing

導覽 for using Burp Suite to intercept, analyze, and attack LLM API endpoints, covering proxy configuration, request manipulation, automated scanning for injection flaws, and custom extensions for AI-specific testing.

burp-suiteapi-testingllm-securityproxyweb-securitywalkthrough

中級

# llm-security

Defense-in-Depth for LLM Apps

Prompt Injection & Jailbreaks

Building a Production Input Sanitizer

Threat Modeling for LLM-Powered Applications

Using Burp Suite for LLM API Endpoint Testing

LLM 應用之縱深防禦

提示詞注入與越獄

Building a Production Input Sanitizer

Threat 模型ing for LLM-Powered Applications

Using Burp Suite for LLM API Endpoint Testing

# llm-security

Defense-in-Depth for LLM Apps

Prompt Injection & Jailbreaks

Building a Production Input Sanitizer

Threat Modeling for LLM-Powered Applications

Using Burp Suite for LLM API Endpoint Testing

LLM 應用之縱深防禦

提示詞注入與越獄

Building a Production Input Sanitizer

Threat 模型ing for LLM-Powered Applications

Using Burp Suite for LLM API Endpoint Testing