Subscribe
Sign in
Home
Notes
Chat
AI Sec 101
Glossary
Disclaimer
Premium
Archive
About
CIA Triad for LLM Security: Real-World AI Attack Failures
Confidentiality, integrity, and availability map every documented LLM attack failure. Here’s how prompt injection breaks each pillar.
4 hrs ago
•
ToxSec
10
3
2
AI Governance Frameworks in 2026: What Compliance Actually Requires
The EU AI Act, NIST AI RMF, and ISO 42001 hit enforcement deadlines this year. Here’s what they demand and where programs quietly fail.
Apr 9
•
ToxSec
35
33
12
Promptfoo Red Teaming: DAST for Your LLM Pipeline
YAML config, one command, 50+ attack plugins. OpenAI just bought the company. Still MIT licensed.
May 9
•
ToxSec
20
1
7
Mozilla Mythos Harness: AI Bug Hunting Without The Slop
Inside the agentic loop Mozilla wrapped around Mythos to surface 271 Firefox bugs, and why the harness mattered more than the model.
May 12
•
ToxSec
21
9
6
40:52
Token-Level AI Security: The Opus 4.7 Tokenizer Graveyard
A new tokenizer ships fresh dead zones, and every model now carries a graveyard of glitch tokens nobody has mapped yet.
Apr 24
•
ToxSec
26
7
11
Latest
Top
Discussions
Is Vibe Coding Safe? 3 Security Checks Every AI Coder Needs
Hardcoded secrets, hallucinated packages, and insecure code patterns ship by default. Here’s the free tooling that catches all three.
May 15
•
ToxSec
26
14
12
Garak Vulnerability Scanner: Nessus for LLMs
Point it at a model. Pick your probes. Watch every guardrail break in JSONL.
May 6
•
ToxSec
19
1
9
PyRIT AI Red Teaming: Metasploit for LLMs
Microsoft’s AI red team framework breaks down targets, converters, scorers, and orchestrators for bug bounty work.
May 3
•
ToxSec
17
1
6
What is Slopsquatting? AI Hallucinations Ship Malware
Attackers pre-register the fake package names AI coding tools invent, then wait for the copy-paste. slopcheck blocks it at the install boundary.
Apr 28
•
ToxSec
and
Karen Spinner
32
18
15
Is Claude Code Secretly Installing Spyware?
A researcher caught Claude Desktop installing browser bridges silently. Plus the MCP RCE Anthropic won’t patch.
Apr 26
•
ToxSec
and
Exploring ChatGPT
47
18
18
47:15
How to Jailbreak Claude Opus 4.7: A Bug Bounty Field Guide
Five jailbreak families, the tools bounty hunters actually use, and the mindset that turns a prompt into a payday.
Apr 20
•
ToxSec
24
1
8
You Downloaded Gemma 4 from Hugging Face. Is It Safe to Run?
Pickle files, backdoored weights, and sleeper agents turn your privacy win into an attack surface. Gemma 4 security.
Apr 15
•
ToxSec
35
18
13
6:49
See all
ToxSec - AI and Cybersecurity
Security for a world run by machines that lie.
Subscribe
Recommendations
View all 25
Nate’s Substack
Nate
Cash & Cache
Ashwin Francis
Product with Attitude
Karo (Product with Attitude)
Next Kick Labs
Fernando Lucktemberg
Slow AI
Dr Sam Illingworth
ToxSec - AI and Cybersecurity
Subscribe
About
Archive
Recommendations
Sitemap
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts
