New preprint: AI_Bleeding — inference cost amplification via OOD linguistic payload

TL;DR: send queries in Grecanico or Farsi to an LLM endpoint → TTFT +59.8%, compute cost +2.8%, statistically significant. No vuln, no volumetric signature, evades all standard detection.

Worst case: exposed unauthenticated Ollama instance with num_predict=4096 + keep_alive=300s → Amplification Factor 17.56 Wh/KB. 3KB of attacker bandwidth → enough energy to charge a phone 5%.

Especially nasty for:
- PA/judicial chatbots on fixed budgets
- Pay-per-use API deployments with client-side exposed keys
- PNRR-funded public sector AI with zero inference monitoring

Four scenarios: EDoS, browser JS distribution, Ollama open-proxy relay, frontier providers as involuntary relays.

All tests on self-hosted Ollama, no commercial endpoints touched.

Paper (CC BY 4.0): https://doi.org/10.13140/RG.2.2.26767.96166

#llmsecurity #infosec #threatmodeling #ollama #ood #AI #AIResearch #aisecurity

Does anyone here have experience with Indirect Prompt Injection / Prompt Honeypots?

I'm looking to hear your experiences or get pointed to some good material on the matter.

I'd like to know what possibilities there are, especially aimed towards docx and pdf files.

The goal is to make it harder (time consuming / inaccurate / impossible) to do inference on those types of documents.

I'd appreciate boosting to get better reach.

#AI #LLM #AIsecurity #PromptInjection #LLMsecurity #AISafety

Worth a read if you're building with AI agents.

🔗 https://graylog.org/post/what-is-the-owasp-top-10-agentic-ai/

#AgenticAI #OWASP #CyberSecurity #AppSec #LLMSecurity

⚡ Fresh Talk Alert for BSides Luxembourg 2026!

“𝗕𝗘𝗬𝗢𝗡𝗗 𝗧𝗛𝗘 𝗣𝗥𝗢𝗠𝗣𝗧: 𝗔 𝗙𝗥𝗔𝗠𝗘𝗪𝗢𝗥𝗞 𝗙𝗢𝗥 𝗔𝗚𝗘𝗡𝗧𝗜𝗖 𝗔𝗜 𝗔𝗧𝗧𝗔𝗖𝗞 𝗔𝗡𝗗 𝗗𝗘𝗙𝗘𝗡𝗦𝗘 𝗦𝗧𝗥𝗔𝗧𝗘𝗚𝗜𝗘𝗦” – 𝗝𝗘𝗥𝗘𝗠𝗬 𝗦𝗡𝗬𝗗𝗘𝗥

As AI systems evolve into autonomous agents capable of executing code, calling APIs, and managing long-term memory, the attack surface extends far beyond prompt injection and jailbreaks. This AI Security Village session explores a full-stack approach to securing agentic AI systems.

Jeremy Snyder will break down how attackers target not just the LLM itself, but the broader agent architecture — including tools, memory, workflows, and cross-system integrations. The session introduces a practical framework for assessing agent attack surfaces, validating outputs, enforcing constraints during system handoffs, and building more resilient AI-driven applications.

Jeremy Snyder is the founder and CEO of FireTail, an AI security platform focused on securing modern AI applications and autonomous systems.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #AISecurity #AgenticAI #LLMSecurity #CyberSecurity #AppSec #OWASP

⚡ Fresh Talk Alert for BSides Luxembourg 2026!

“𝗘𝗩𝗘𝗥𝗬 𝗚𝗨𝗔𝗥𝗗𝗥𝗔𝗜𝗟 𝗘𝗩𝗘𝗥𝗬𝗪𝗛𝗘𝗥𝗘 𝗔𝗟𝗟 𝗔𝗧 𝗢𝗡𝗖𝗘: 𝗗𝗘𝗦𝗜𝗚𝗡𝗜𝗡𝗚 𝗔𝗡𝗗 𝗧𝗘𝗦𝗧𝗜𝗡𝗚 𝗚𝗨𝗔𝗥𝗗𝗥𝗔𝗜𝗟𝗦 𝗙𝗢𝗥 𝗟𝗟𝗠 𝗔𝗣𝗣𝗟𝗜𝗖𝗔𝗧𝗜𝗢𝗡𝗦” – 𝗗𝗢𝗡𝗔𝗧𝗢 𝗖𝗔𝗣𝗜𝗧𝗘𝗟𝗟𝗔

Modern GenAI applications are no longer simple chatbots — they involve complex chains of LLM calls, tools, and autonomous workflows. In this AI Security Village session, Donato Capitella explores why prompt-based guardrails alone are not enough and how security controls must be designed around the entire application workflow.

The talk focuses on practical strategies for designing and testing guardrails across multi-step LLM systems, including how data flows between chains, how permissions are enforced, and how applications can detect and respond to prompt attacks. Attendees will also see how these concepts can be tested in practice using spikee, an open-source tool built for testing LLM applications against prompt-based attacks.

Donato Capitella is a Principal Security Consultant at Reversec with extensive experience in offensive security and AI application testing. He is also the lead developer of the open-source project spikee.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #AISecurity #LLMSecurity #PromptInjection #CyberSecurity #OWASP #OpenSource #AppSec

⚡ Fresh Talk Alert for BSides Luxembourg 2026!

“𝗦𝗘𝗖𝗨𝗥𝗜𝗧𝗬 𝗙𝗢𝗥 𝗔𝗜: 𝗔𝗜𝗗𝗥 𝗕𝗔𝗦𝗧𝗜𝗢𝗡 𝗔𝗦 𝗢𝗣𝗘𝗡 𝗦𝗢𝗨𝗥𝗖𝗘 𝗟𝗟𝗠 𝗙𝗜𝗥𝗘𝗪𝗔𝗟𝗟 / 𝗔𝗜 𝗣𝗥𝗢𝗠𝗣𝗧𝗦 𝗥𝗘𝗩𝗘𝗥𝗦𝗘 𝗣𝗥𝗢𝗫𝗬” – Andrii Bezverkhyi

As AI adoption accelerates, so do the risks — from prompt injections to malicious AI agents and adversarial abuse. This AI Security Village session explores AIDR Bastion, an open-source GenAI protection system designed to secure AI workloads through layered detection and prompt filtering.

The talk covers how AIDR Bastion acts as an LLM firewall and reverse proxy for AI prompts, using Sigma and Roota rules to detect malicious behavior, harmful content, prompt injection attacks, and AI-assisted malware generation. Attendees will also see how the system integrates with MITRE ATLAS, OWASP LLM Top 10 guidance, and existing detection engineering workflows.

Andrii Bezverkhyi is the founder of SOC Prime and a long-time contributor to the threat detection and cybersecurity community, known for projects such as Uncoder and DetectFlow.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #AISecurity #LLMSecurity #PromptInjection #OWASP #CyberSecurity #DetectionEngineering #OpenSource

⚡ Fresh Village Alert for BSides Luxembourg 2026!

𝗔𝗜 𝗦𝗘𝗖𝗨𝗥𝗜𝗧𝗬 𝗩𝗜𝗟𝗟𝗔𝗚𝗘 – 𝗢𝗣𝗘𝗡 𝗩𝗜𝗟𝗟𝗔𝗚𝗘 / 𝗤&𝗔
🧠 Interactive AI Security Playground • Live Demos • Hands-on Attacks • Real-Time Defense

Step into a live, open-floor AI Security Village dedicated to exploring the real-world security risks of Agentic AI, MCP architectures, LLM workflows, and autonomous systems. Unlike a traditional workshop or talk, this village is designed as a continuously running interactive environment where attendees can freely drop in, attack systems, observe defenses, and shape the direction of the sessions in real time.

Across two days, participants will interact with intentionally vulnerable AI systems, RAG pipelines, MCP servers, and autonomous agents while exploring attack paths such as prompt injection, goal hijacking, instruction manipulation, tool abuse, and trust boundary failures — all aligned with the OWASP LLM Top 10 and AI Security Exchange guidance.

The village includes:
🔹 Live exploitation of LLM and Agentic AI systems
🔹 Interactive walkthroughs from organizers
🔹 Real-time defensive patching and mitigation demos
🔹 Hands-on labs with Dreadnode Crucible, Lakera Gandalf, and Agent Breaker
🔹 Beginner-to-advanced learning paths running in parallel
🔹 Community-driven Q&A and collaborative defense discussions

Parth Shukla is a Senior Security Researcher specializing in AI Security and Adversarial Machine Learning, focusing on the security architecture of Agentic Systems and LLMs. Joining him is Nagarjun Rallapalli, who focuses on automating security and building — and breaking — AI agents to test their limits.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #AISecurity #LLMSecurity #AgenticAI #OWASP #RedTeam #CyberSecurity #PromptInjection #MCP #AIVillage

⚡ Fresh Talk Alert for BSides Luxembourg 2026!

𝗕𝗨𝗜𝗟𝗗𝗜𝗡𝗚 𝗧𝗛𝗘 𝗨𝗟𝗧𝗜𝗠𝗔𝗧𝗘 𝗔𝗜 𝗙𝗜𝗥𝗘𝗪𝗔𝗟𝗟: 𝗜𝗡𝗦𝗜𝗗𝗘 𝗦𝗢𝗩𝗘𝗥𝗘𝗜𝗚𝗡𝗦𝗛𝗜𝗘𝗟𝗗, 𝗜𝗡𝗧𝗘𝗡𝗧𝗦𝗛𝗜𝗘𝗟𝗗, 𝗔𝗡𝗗 𝗟𝗢𝗚𝗜𝗖𝗦𝗛𝗜𝗘𝗟𝗗 – Mattijs Moens

As AI agents evolve into autonomous systems capable of executing code and interacting with APIs, traditional security controls are struggling to keep up. This AI Security Village session dives into the architecture behind the SovereignShield ecosystem — a multi-layered framework built to secure modern AI applications against prompt injection, malicious actions, and data exfiltration.

The talk explores how LogicShield enforces semantic boundaries to stop jailbreaks and prompt attacks, how IntentShield audits outbound AI actions before execution, and how the unified SovereignShield Firewall combines both layers into a deterministic defense model for production AI systems.

Mattijs Moens is an AI security researcher and founder of SovereignShield, focused on building semantic firewalls for AI systems. He also contributes to the OWASP AI Security and Privacy Guide (AISVS).

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #AISecurity #LLMSecurity #PromptInjection #OWASP #CyberSecurity #AIAgents

Releasing AgentGuard: architectural safety layer for AI agents.

Not prompt engineering. Code.

@protect
def delete_db(): ...

The LLM cannot call this. Ever. No prompt bypasses a raise.

Blocks: irreversible tool calls, prompt injection, context dilution, cross-agent contamination.

Rust core + pure Python fallback. 31/31 e2e tests with real Ollama.

https://github.com/psychomad/AgentGuard

"Don't blame the knife. Fix the architecture."

#InfoSec #LLMSecurity #AIAgents #PromptInjection #OpenSource #Rust