Shows
The Generative AI Security PodcastExploring GenAI Security: Agentic Top 10, Threat Modeling & Community HackathonsJoin us on the latest episode of the GenAI Security Podcast as Aubrey King chats with John Sotiropoulos, co-lead of the Agentic Security Initiative. Dive deep into AI agent security, the groundbreaking Agentic Top 10 (coming soon!), and how the OWASP GenAI Security Project is shaping the future of safe AI development.Get insights on threat modeling, hackathons, innovative community initiatives, and how YOU can contribute to this growing global movement. Whether you’re in AI, cybersecurity, or just curious, there’s something here for everyone!📌 Learn more and get involved: OWASP GenAI SecurityDon’t forget to like, share, and subscribe...2025-07-3121 min
HiWay – Wegweiser für Digitalisierung und SicherheitGute KI – Schlechte KI
In Folge 16 von HiWay spricht Rengbar Hardam über Chancen und Risiken von Künstlicher Intelligenz – und darüber, warum der Mensch dabei immer der Entscheider bleiben muss.
Als Security Consultant bei HiSolutions schult Rengbar Organisationen im sicheren Umgang mit KI und kennt die Vorteile genauso wie die Schattenseiten: Wo kann KI kreativ unterstützen – und wo wird sie zum Risiko?
Ein Gespräch über Halluzinationen, Biases und das Missverständnis, dass KI mehr weiß als wir selbst. Und über die klare Botschaft: Wer KI einsetzt, braucht ein eigenes Urteilsvermögen – und Verantwortung.
Moderation: Valerie Knapp
Shownotes...2025-07-3012 min
LLM Apps Top 10 Bi-Weekly Project MeetingsEp.41 Meeting Jul 16 2025: Roadmap, Black Hat Prep & Compass LaunchIn this episode of the OWASP Generative AI Security Project podcast, we dive into exciting updates and advancements in AI security. From the upcoming OWASP Compass launch to Black Hat and DEFCON preparations, this meeting spotlighted progress across initiatives like agentic security, the roadmap for future deliverables, and community efforts to enhance industry awareness.📌 Highlights include:🛠️ OWASP Compass 1.0: A strategic dashboard to guide AI adoption securely.🌍 Black Hat & DEFCON updates: New workshops, hackathons, and outreach efforts.🌟 Agentic Security: Threat modeling advancements and a preview of the upcoming Agentic Top 10 list.📋 Solutions Landscape: Expanding tools and resources for cybersecurity practitioners.🌐 Ready to get involve...2025-07-1645 min
The MLSecOps PodcastBreaking and Securing Real-World LLM AppsSend us a textFresh off their OWASP AppSec EU talk, Rico Komenda and Javan Rasokat join Charlie McCarthy to share real-world insights on breaking and securing LLM-integrated systems.Full transcript, video, and links to episode resources available at https://mlsecops.com/podcast/breaking-and-securing-real-world-llm-appsAsk ChatGPTThanks for checking out the MLSecOps Podcast! Get involved with the MLSecOps Community and find more resources at...2025-07-1653 minLLM Apps Top 10 Bi-Weekly Project MeetingsEp.40 Meeting Jul 2 2025: OWASP Compass Tool & Exciting UN Week HighlightsDiscover the latest in AI and cybersecurity as we unpack cutting-edge tools and global collaborations. This episode introduces the OWASP Compass, a unique framework for operationalizing AI strategies, alongside highlights from UN Open Source Week and upcoming events like Black Hat and DEFCON.Whether you’re into red teaming, AI governance, or free training resources, this episode has something for everyone!📌 Learn more: OWASP GenAILet’s shape a safer AI-powered future!2025-07-0245 min
Blumira Briefings🦔 Blumira Briefings Ep. 13: Critical Veeam RCE, NetScaler Vulns, & Zero-Click Copilot Data Theft🔔 Welcome back for this week’s episode and your weekly security download! We're joined by Jake Ouellette, Taylor Jacobson, and Amanda Berlin to break down the week's most important security headlines with context you can actually use. 🔔What We Cover This Week:📊 Most changed weekly trends, including recurring process dumps for credential theft and suspicious IAM behavior🔧 Critical Veeam RCE vulnerability (CVE-2025-23121) with a 9.9 CVSS score - make sure to patch this one immediately!🌐 NetScaler ADC and Gateway vulnerabilities allowing token theft from internet-facing devices📲 Cisco Meraki MX and...2025-06-2752 minLLM Apps Top 10 Bi-Weekly Project MeetingsEp.39 Meeting Jun 18 2025: UN Panel, Compass Tool Progress & AI Red Teaming FrameworkCatch the latest updates from the OWASP GenAI Security Project, including global partnerships, tools, and groundbreaking AI security research:🔍 Key topics:UN Open Source Week: OWASP takes the stage to discuss AI security in supply chain and generative AI advancements.Compass Tool Update: Simplifying AI threat strategies with profiles and streamlined workflows.AI Incident Response Guide: Now open for core team review—aiming for a July release.AI Red Teaming Framework: New initiatives to enhance vulnerability testing in generative AI systems.Stay informed as we push the boundaries of AI security innovation!#OWASP #GenAI #AISecurity #CompassTool #RedTeaming #UNOpenSource #GenerativeAI2025-06-2027 minLLM Apps Top 10 Bi-Weekly Project MeetingsEp.38 Meeting Jun 04 2025: Compass Tool, AI Incident Response & Exploit Generation AdvancesThis episode dives into the latest milestones from the OWASP GenAI Security Project, focusing on AI security tools, responses, and emerging challenges in the world of generative AI:🔍 Key topics:Compass Tool Updates: Streamlining AI threat identification and strategy building.AI Incident Response Guide: A specialized framework for preparing and managing AI-enabled breaches.Exploit Generation Research: Advancing LLM and agentic AI testing to benchmark cybersecurity risks.Don’t miss actionable insights from evolving initiatives like red teaming and agentic security. Stay updated on the forefront of AI safety!#AISecurity #OWASP #GenAI #AIIncidentResponse #CompassTool #ExploitGeneration2025-06-2030 minLLM Apps Top 10 Bi-Weekly Project MeetingsEp.37 Meeting May 21 2025: Compass Tool, AI Red Teaming, and Post-RSA InsightsIn this episode, we discuss the latest developments in AI security from the OWASP GenAI Security Project, featuring updates on the Compass Tool, AI Red Teaming efforts, and the evolving landscape of generative AI risks.🔍 Key topics:Compass Tool: An operationalized version of the CISO checklist for prioritizing generative AI threats.AI Red Teaming Handbook: Progress on testing frameworks for LLMs and AI systems.Post-RSA reflections: Key takeaways and future initiatives in AI security.Stay ahead in the dynamic field of AI security with these actionable insights!#OWASP #GenAI #AISecurity #AIRedTeaming #CompassTool #RSA20252025-06-2031 minLLM Apps Top 10 Bi-Weekly Project MeetingsEp.36 Meeting May 07 2025: AI Security Trends, Agentic AI, and Post-RSA UpdatesCatch the latest updates from the OWASP GenAI Security Project following RSA, including discussions on AI security trends, Agentic AI workflows, and project highlights like the Compass Tool.🛡️ Key insights include:The evolving intersection of AppSec and LLM security.Updates on Agentic AI workshops and Peer-reviewed AI guidance.Behind the scenes of OWASP’s initiatives shaping the future of generative AI security.Stay informed on the latest in AI security and learn how to get involved! 🌍#AISecurity #OWASP #GenAI #AgenticAI #RSA2025 #RedTeaming #AppSec2025-06-2052 minLLM Apps Top 10 Bi-Weekly Project MeetingsEp.35 Meeting Apr 23 2025: Agentic AI, Red Teaming & RSA 2025 HighlightsIn this podcast, we dive into key updates from the OWASP GenAI Security Project, including the latest on Agentic AI, red teaming best practices, upcoming events at RSA 2025, and exciting tools like the Compass for AI security maturity. 🌐🛡️ Highlights:Insights into red teaming vulnerabilities and testing strategies.The importance of Agentic AI security frameworks.Exclusive RSA 2025 workshops, parties, and live streams.Tools to enhance AI governance and navigate AI risks effectively.Stay ahead in the AI security game!#AISecurity #OWASP #GenAI #RSA2025 #RedTeaming #AgenticAI2025-06-2048 min
Detection Engineering DispatchDetection Dispatch Episode 52: Prompted to Fail: When LLMs Go RogueLLMs are rewriting the rules of app security—and not always in a good way.In this episode Alex sits down with Scott Rogers, a seasoned data scientist at ANvilogic to unpack why LLMs are the new wild west of application risk—and how old-school OWASP principles are making a serious comeback.We cover:Real-world prompt injection failures (yes, including Air Canada’s rogue chatbot)How RAG systems can accidentally leak sensitive dataWhy GenAI risk ≠ traditional appsec—but it rhymesHow classic tools like SAST, DAST, and logs can still save your baconWhether...2025-06-1937 min
ITSPmagazine PodcastsWhy Global Community-Led Innovation Is Driving Real Application Security Progress | An OWASP AppSec Global 2025 Conversation with Starr Brown | On Location Coverage with Sean Martin and Marco CiappelliIn this On Location episode during OWASP AppSec Global 2025 in Barcelona, Starr Brown, Director of Open Source Projects and Programs at OWASP, unpacks the real engine behind the organization’s impact: the projects and the people driving them forward.With over 130 active projects, OWASP continues to expand its open source contributions to improve software security across the board. While the OWASP Top 10 remains its most recognized initiative, Starr points out that it’s just one among many. Other significant projects include the Application Security Verification Standard (ASVS), the Software Assurance Maturity Model (SAMM), and the increasingly popular secu...2025-05-3009 min
On Location With Sean Martin And Marco CiappelliWhy Global Community-Led Innovation Is Driving Real Application Security Progress | An OWASP AppSec Global 2025 Conversation with Starr Brown | On Location Coverage with Sean Martin and Marco CiappelliIn this On Location episode during OWASP AppSec Global 2025 in Barcelona, Starr Brown, Director of Open Source Projects and Programs at OWASP, unpacks the real engine behind the organization’s impact: the projects and the people driving them forward.With over 130 active projects, OWASP continues to expand its open source contributions to improve software security across the board. While the OWASP Top 10 remains its most recognized initiative, Starr points out that it’s just one among many. Other significant projects include the Application Security Verification Standard (ASVS), the Software Assurance Maturity Model (SAMM), and the increasingly popular secu...2025-05-3009 min
The Generative AI Security PodcastAre Your Red Teaming Efforts Giving Bad Actors An Advantage? GenAI SecurityIn this episode of the Generative AI Security Podcast, we sit down with Disesdi Susanna Cox, from the OWASP AI Exchange, to explore the cutting-edge of AI security:🔍 Key topics include:The OWASP AI Exchange as a resource for understanding AI security threats.Fascinating insights on red teaming, adversarial attacks, and why full coverage may be mathematically impossible.How generative AI adoption intersects with predictive AI use cases and security risks.Learn why staying ahead of AI security trends is crucial and how tools like the OWASP AI Exchange can help!#AISecurity #GenerativeAI #OWA...2025-05-2317 min
Resilient CyberResilient Cyber w/ Vineeth Sai Narajala: Model Context Protocol (MCP) - Potential & PitfallsIn this episode, I discuss the Model Context Protocol (MCP) with the OWASP GenAI Co-Lead for Agentic Application Security, Vineeth Sai Narajala. We will discuss MCP's potential and pitfalls, its role in the emerging Agentic AI ecosystem, and how security practitioners should consider secure MCP enablement.We discussed: MCP 101, what it is and why it mattersThe role of MCP as a double-edged sword, offering opportunities but additional risks and considerations from a security perspectiveVineeth's work on the "Vulnerable MCP" project is a repository of MCP risks, vulnerabilities, and corresponding mitigations.How MCP is also of...2025-05-2118 min
The Generative AI Security PodcastOWASP Project Rebrand, RSA Conference Highlights - GenAI Security Podcast Ep.7Welcome to Episode 7 of the Generative AI Security Podcast! 🚀 This week, we dive into the rebranding of the Gen AI Security Project, upcoming highlights at RSA Conference 2023—including a must-attend Gen AI party—and discussions on cutting-edge initiatives like agentic security and red teaming guides. Join Aubrey, Steve, and Scott as they cover the evolution of this OWASP project, its impact on generative AI security, and what’s next for the community. Don’t forget to like, subscribe, and stay updated on all the latest content!2025-04-1816 minLLM Apps Top 10 Bi-Weekly Project MeetingsEp.34 Meeting Apr 09 2025: RSA Summit, New Compass Project, Community UpdatesJoin host Scott Clinton and cybersecurity community members for the latest OWASP GenAI Security Project meeting. In this episode, the team shares key updates on their upcoming activities at the RSA Conference—including a half-day summit, agentic security workshop, and special networking opportunities. Scott emphasizes community engagement, while Sandy Dunn introduces the newly established Compass Project, dedicated to operationalizing governance and security strategies in practical, effective ways.Additionally, the episode covers project updates on AI incident response with Bryan Nakayama, translation efforts for wider global accessibility, and other initiatives to build cohesive, community-driven resources. This meeting demonstrates OWASP's ongoing co...2025-04-1644 min
The Generative AI Security PodcastContinuous Red Teaming for AI: Insights from OWASP Experts - GenAI Security Ep.6In this episode of the OWASP GenAI Security Podcast, Aubrey sits down with Ante and Kris from Splx to discuss the importance of continuous red teaming for AI applications. As AI evolves with multimodal systems, agent frameworks, and retrieval-augmented generation (RAG), proactive security testing becomes essential to address vulnerabilities like jailbreaks, data poisoning, and alignment shifts.Learn how integrating automated red teaming processes and collaborating closely with security teams can help organizations stay ahead of threats. Don’t miss this deep dive into the latest strategies for safeguarding AI applications in production and beyond.2025-04-0426 min
ITSPmagazine PodcastsFrom Overload to Insight: Are We Getting Smarter, or Just Letting AI Think for Us? | A RSA Conference 2025 Conversation with Steve Wilson | On Location Coverage with Sean Martin and Marco CiappelliIn a conversation that sets the tone for this year’s RSA Conference, Steve Wilson, shares a candid look at how AI is intersecting with cybersecurity in real and measurable ways. Wilson, who also leads the OWASP Top 10 for Large Language Models project and recently authored a book published by O’Reilly on the topic, brings a multi-layered perspective to a discussion that blends strategy, technology, and organizational behavior.Wilson’s session title at RSA Conference—“Are the Machines Learning, or Are We?”—asks a timely question. Security teams are inundated with data, but without meaningful visibility—defined not just...2025-04-0427 min
On Location With Sean Martin And Marco CiappelliFrom Overload to Insight: Are We Getting Smarter, or Just Letting AI Think for Us? | A RSA Conference 2025 Conversation with Steve Wilson | On Location Coverage with Sean Martin and Marco CiappelliIn a conversation that sets the tone for this year’s RSA Conference, Steve Wilson, shares a candid look at how AI is intersecting with cybersecurity in real and measurable ways. Wilson, who also leads the OWASP Top 10 for Large Language Models project and recently authored a book published by O’Reilly on the topic, brings a multi-layered perspective to a discussion that blends strategy, technology, and organizational behavior.Wilson’s session title at RSA Conference—“Are the Machines Learning, or Are We?”—asks a timely question. Security teams are inundated with data, but without meaningful visibility—defined not just...2025-04-0427 min
AI FridayAI Friday LIVE w/ Steve Wilson - Vibe Coding, Agentic AI Security And MoreWelcome to AI Friday! In this episode, we dive into the latest developments in Generative AI Security, discussing the implications and challenges of this emerging technology. Join Aubrey from DevCentral and the OWASP GenAI Security Project, along with an expert panel including Byron, Ken, Lori, and special guest Steve Wilson, as they explore the complexities of AI in the news and the evolving landscape of AI security.We also take a closer look at the fascinating topic of vibe coding, its impact on software development, and the transformative potential of AI-assisted coding practices. Whether you're a developer, security professional...2025-03-2853 min
DevCentralAI Friday LIVE w/ Steve Wilson - Vibe Coding, Agentic AI Security And MoreWelcome to AI Friday! In this episode, we dive into the latest developments in Generative AI Security, discussing the implications and challenges of this emerging technology. Join Aubrey from DevCentral and the OWASP GenAI Security Project, along with an expert panel including Byron, Ken, Lori, and special guest Steve Wilson, as they explore the complexities of AI in the news and the evolving landscape of AI security.
We also take a closer look at the fascinating topic of vibe coding, its impact on software development, and the transformative potential of AI-assisted coding practices. Whether you're a developer, security professional, or...2025-03-2753 minLLM Apps Top 10 Bi-Weekly Project MeetingsEp.33 Meeting Mar 26 2025 - Project Updates: Governance, Sponsorship & GrowthIn this episode, join Scott Clinton, Steve Wilson, John Sotiropoulos, and Aubrey King as they discuss the latest updates and achievements in the OWASP GenAI Security Project. From the introduction of new governance structures to insights on sponsorship growth, this episode provides an in-depth look at how the project is evolving to tackle the challenges in AI security.Learn about the various initiatives and milestones, including the success of the Agentic AI initiative, the upcoming events at RSA, and the impressive community engagement metrics. Whether you're a cybersecurity professional, AI enthusiast, or someone interested in contributing to the project...2025-03-2657 minThe Generative AI Security PodcastExploring Agentic AI Security with OWASP: Insecure Agent Hackathon Apr 1 In NYCIn this episode of our podcast, Aubrey from the OWASP GenAI Security Project sits down with Ali Howe, the founder of Growth Cyber and contributor to the project. Alie shares her journey from software engineering to becoming a vCISO, emphasizing the importance of AI security and SOC 2 compliance for startups. She discusses the upcoming OWASP Insecure Agents Hackathon in New York City, where developers will explore building AI agents with a focus on identifying and mitigating security threats.Join us to learn more about the OWASP Gen AI Security Project, the significance of AI security in modern startups, and...2025-03-2515 minLLM Apps Top 10 Bi-Weekly Project MeetingsEp.32 Meeting Mar 12 2025: AI Red Teaming, Securing AI Models, and Best Practices in AI SecurityIn this episode, Scott Clinton leads the discussion on the latest trends and challenges in the AI security landscape. They kick things off with a friendly catch-up before diving into important topics like AI red teaming, the security of AI models, and the best practices for ensuring robust AI security frameworks.Throughout the discussion, our experts share their insights on how to tackle the evolving threats in the AI space. From the lack of security measures in many organizations to the innovative approaches being developed to counter these threats, this episode is a treasure trove of information for anyone...2025-03-251h 00LLM Apps Top 10 Bi-Weekly Project MeetingsEp.31 Meeting Feb 26 2025: Red Teaming Guide Updates, Agentic Security InsightsWelcome to our latest podcast episode where we delve into the nuances of AI security and the exciting developments in the field. In this episode, we discuss the recent meeting of our AI security team, highlighting key projects such as the Red Teaming Guide, the Agent Security Insights (ASI) document, and the ongoing efforts to translate and refine our resources for global use. Steve Wilson, Sandy Dunn, and Scott Clinton share their insights on the latest advancements and the collaborative efforts that are driving the future of AI security.Join us as we explore the intricacies of defining AI...2025-03-1149 minThe Generative AI Security PodcastSandboxing AI Models with Dyana & OWASP Top 10 for LLM Apps - Ep.4Welcome back to our Generative AI Security Podcast! In this episode, Aubrey sits down with Ads Dawson, a respected member of the AI community, to delve into the OWASP Top Ten for LLM Applications and Generative AI. They discuss the latest security challenges and showcase Dyana, an open-source utility developed by Dreadnode for profiling and securing machine learning models.Ads gives a comprehensive demo of Diana, explaining its functionalities and how it can sandbox and profile a wide range of files, including models from Hugging Face. Discover how Diana can help detect backdoored models and provide detailed insights into...2025-03-0622 minLLM Apps Top 10 Bi-Weekly Project MeetingsEp.30 Meeting Feb 12 2025: AI Security Guidelines, Agentic Security, RSA SummitJoin us for an insightful discussion in our latest podcast episode featuring our core team and many others from the AI security community. This episode dives deep into various exciting topics, including the introduction of new AI security guidelines, the advancements in agentic security, and the latest developments in AI red teaming. We explore the collaborative efforts in creating practical and consumable security documentation, the impact of AI security standards alignment, and the roadmap for future AI security projects.In addition to these discussions, we also highlight the upcoming AI Security Summit at RSA Conference, the integration of AI...2025-02-2553 minLLM Apps Top 10 Bi-Weekly Project MeetingsEp. 29: Meeting Jan 29 2025: Glossary Initiative, RSA Summit, and New SponsorsJoin us for an engaging episode where the OWASP LLM and Gen AI Project Team discuss key initiatives, updates, and collaborative efforts. This episode dives into various topics such as the ongoing development of the Agentic Security Landscape, the importance of creating a standardized glossary for AI terminology, and the exciting collaborations with organizations like IBM and the Cloud Security Alliance. The team also explores the potential of producing educational videos to enhance understanding of AI concepts and terms.In this meeting, the team emphasizes the need for consensus and community feedback in refining AI definitions, while also discussing...2025-02-2456 min
ibl.aiOWASP: LLM Applications Cybersecurity and Governance ChecklistSummary of https://genai.owasp.org/resource/llm-applications-cybersecurity-and-governance-checklist-english
Provides guidance on securing and governing Large Language Models (LLMs) in various organizational contexts. It emphasizes understanding AI risks, establishing comprehensive policies, and incorporating security measures into existing practices.
The document aims to assist leaders across multiple sectors in navigating the challenges and opportunities presented by LLMs while safeguarding against potential threats. The checklist helps organizations formulate strategies, improve accuracy, and reduce oversights in their AI adoption journey.
It also includes references to external resources like OWASP and MITRE to facilitate a robust cybersecurity plan...2025-02-1820 min
Project GammaEpisode 5 | AI-Engineered: Building Applications, Tackling Tech Debt, and Securing SoftwareJoin host Warner Moore on Project Gamma as he chats with tech veteran Jason Montgomery about how GenAI is revolutionizing engineering and cybersecurity. Discover how GenAI accelerates development, builds applications from scratch, and creates AI agents to tackle technical debt. We also explore strategies for introducing GenAI into your engineering team, modern security practices, and the essentials of DevSecOps.Podcast topics:Using GenAI to accelerate engineeringBuilding an application from scratch using GenAICreating AI agents to tackle technical debtIntroducing GenAI to your engineering organizationSecurity...2025-02-1842 min
CISO Stories Podcast (Video)AI Governance: Navigating Risks, Frameworks, and the Future - Rock Lambros - CSP #209In this episode, we sit down with author and AI expert Rock Lambros to explore the evolving landscape of AI governance. We discuss the risks of AI chatbots, comparing OpenAI and DeepSeek, and examine current and emerging governance frameworks. As AI adoption accelerates, organizations must determine the right guardrails and critical questions to ask. This conversation provides insights into how companies are shaping their AI strategies for a more secure and responsible future. Segment Resources: https://www.youtube.com/@RockOnCyber https://genai.owasp.org https://owaspai.org Show Notes: https://cisostoriespodcast.com/csp-2092025-02-1029 min
CISO Stories Podcast (Audio)AI Governance: Navigating Risks, Frameworks, and the Future - Rock Lambros - CSP #209In this episode, we sit down with author and AI expert Rock Lambros to explore the evolving landscape of AI governance. We discuss the risks of AI chatbots, comparing OpenAI and DeepSeek, and examine current and emerging governance frameworks. As AI adoption accelerates, organizations must determine the right guardrails and critical questions to ask. This conversation provides insights into how companies are shaping their AI strategies for a more secure and responsible future. Segment Resources: https://www.youtube.com/@RockOnCyber https://genai.owasp.org https://owaspai.org Visit https://cisostoriespodcast.com for all the latest...2025-02-1029 min
Non-AdjectiveOWASP Reporting: ReCursive GenAi Podcast Deep DiveRobots discuss what robots talked about last time... Part Two of Two!2025-02-0333 minNon-AdjectiveOWASP Reporting: OverReliance at ChemeketaA generated conversation about GenAi at Chemeketa. Part One of Two!2025-02-0357 minLLM Apps Top 10 Bi-Weekly Project MeetingsEp. 28: Meeting Jan 15 2025 - Red Teaming, Deepfake, RSA 2025 Updates And MoreJoin the core team as they dive into a comprehensive discussion on recent workshops, AI advancements, and the significance of industry conferences. This episode unpacks the latest feedback from cybersecurity sessions and sets the stage for RSA 2025 and other upcoming events. Scott Clinton and Bryan Nakayama add depth with insights into AI red teaming and deepfake initiatives as well as community growth metrics.
Don't miss out on this engaging conversation that bridges the gap between cybersecurity strategy and practical implementation. Subscribe for more expert insights!2025-01-2159 minThe Generative AI Security PodcastExploring AI Security: Red Teaming & Offensive Agents with Ads | GenAI Security Ep.3Join us for the third episode of our podcast, where Aubrey from the OWASP Top Ten for Large Language Model Applications and Generative AI dives into the evolving world of AI security. In this episode, we chat with Ads, a seasoned AI security researcher from Dreadnode, who shares his journey from network engineering to AI security. Gain insights into the latest trends in AI red teaming, offensive agents, and the exciting developments at Dreadnode.
Explore the fascinating world of AI security with real-world examples, the importance of agentic AI, and how innovative tools like RoboPages and Burpference...2025-01-0932 min
The Security RepoThe Updated OWASP Top 10 for LLM Applications and the AI landscape - Talesh SeeparsanIn this episode of the Security Repo Podcast, the team dives into the OWASP Top 10 for Large Language Model Applications with special guest Talesh Seeparsan, an expert in cybersecurity and AI safety. Talesh shares insights into why a specialized top 10 for LLM vulnerabilities is essential, delves into unique challenges like system prompt leakage and AI supply chain risks, and provides practical advice for small companies navigating AI compliance. The conversation wraps up with reflections on security best practices, including collaboration and skepticism about industry norms.
With over a decade in cybersecurity, Talesh is a trusted expert in protecting enterprise...2025-01-0842 minLLM Apps Top 10 Bi-Weekly Project MeetingsEp. 27: Meeting Dec 18 2024 - OWASP Recognition, AI Red Teaming, RSA And MoreWelcome to our latest episode, recorded on December 18th, where we dive into the exciting progress and future plans for our project as we wrap up 2024. We discuss the incredible work done by our community, the recognition from the OWASP Foundation, and our ambitious roadmap for 2025. Highlights include updates on the project's progress, insights from our check-in with Andrew, the Executive Director of OWASP, and plans for promoting the project and increasing community engagement. We also cover the launch of our new AI Red Teaming Initiative and updates to the AI cybersecurity and governance checklist.We touch on our...2024-12-191h 02
Chain of ThoughtHow AI Assistants Can Enhance Human Connection | Twilio’s Vinnie GiarrussoCan AI assistants actually enhance human connection?
As Season 1 of Chain of Thought comes to a close, Conor Bronsdon and Vinnie Giarrusso (Twilio) explore the transformative potential of AI assistants in the workplace.
Discover how these assistants function as "async junior digital employees," taking on specific tasks and contributing to the organizational structure. But will AI assistants ultimately replace human connection? Vinnie argues the opposite is true, suggesting that AI can liberate employees from mundane tasks, allowing them to focus on building meaningful relationships and providing personalized experiences.
This thought-provoking conversation takes a...2024-12-1842 minThe Generative AI Security PodcastEffective AI Red Teaming Best Practices With Krishna Sankar - GenAI Security Ep.2In this second episode of our podcast series, we introduce the Red Teaming Initiative with special guest Krishna Sankar. Discover the nuances of red teaming in the context of generative AI, explore best practices, and understand what it takes to develop a mature red teaming strategy. Krishna also shares his rich background in autonomous systems, AI in financial services, and his passion for Legos!
Don't miss out on this informative discussion that also touches on the exciting (and somewhat daunting) concept of Artificial General Intelligence (AGI) and its implications.
For the latest insights and updates in generative AI security...2024-12-1235 min
Application Security Weekly (Video)AI's Junk Vulns, Web3 Backdoor, LLM CTFs, 5 GenAI Mistakes, Top Ten for LLMs - ASW #310Curl and Python (and others) deal with bad vuln reports generated by LLMs, supply chain attack on Solana, comparing 5 genAI mistakes to OWASP's Top Ten for LLM Applications, a Rust survey, and more! Show Notes: https://securityweekly.com/asw-3102024-12-1029 minApplication Security Weekly (Video)AI's Junk Vulns, Web3 Backdoor, LLM CTFs, 5 GenAI Mistakes, Top Ten for LLMs - ASW #310Curl and Python (and others) deal with bad vuln reports generated by LLMs, supply chain attack on Solana, comparing 5 genAI mistakes to OWASP's Top Ten for LLM Applications, a Rust survey, and more! Show Notes: https://securityweekly.com/asw-3102024-12-1029 min
Security Weekly Podcast Network (Audio)Looking Back on 2024 - ASW #310We do our usual end of year look back on the topics, news, and trends that caught our attention. We covered some OWASP projects, the ongoing attention and promises of generative AI, and big events from the XZ Utils backdoor to Microsoft's Recall to Crowdstrike's outage. Segment resources https://prods.ec https://owasp.org/www-project-spvs/ https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/ https://securitychampions.owasp.org/ https://deadliestwebattacks.com/appsec/2024/11/14/ai-and-llms-asw-topic-recap https://www.scworld.com/podcast-episode/3017-infosec-myths-mistakes-and-misconceptions-adrian-sanabria-asw-279 Curl and Python (and others) deal with bad vuln reports generated by LLMs, supply chain attack on Solana...2024-12-1059 min
Application Security Weekly (Video)Looking Back on 2024 - ASW #310We do our usual end of year look back on the topics, news, and trends that caught our attention. We covered some OWASP projects, the ongoing attention and promises of generative AI, and big events from the XZ Utils backdoor to Microsoft's Recall to Crowdstrike's outage. Segment resources https://prods.ec https://owasp.org/www-project-spvs/ https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/ https://securitychampions.owasp.org/ https://deadliestwebattacks.com/appsec/2024/11/14/ai-and-llms-asw-topic-recap https://www.scworld.com/podcast-episode/3017-infosec-myths-mistakes-and-misconceptions-adrian-sanabria-asw-279 Show Notes: https://securityweekly.com/asw-3102024-12-1030 minApplication Security Weekly (Video)Looking Back on 2024 - ASW #310We do our usual end of year look back on the topics, news, and trends that caught our attention. We covered some OWASP projects, the ongoing attention and promises of generative AI, and big events from the XZ Utils backdoor to Microsoft's Recall to Crowdstrike's outage. Segment resources https://prods.ec https://owasp.org/www-project-spvs/ https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/ https://securitychampions.owasp.org/ https://deadliestwebattacks.com/appsec/2024/11/14/ai-and-llms-asw-topic-recap https://www.scworld.com/podcast-episode/3017-infosec-myths-mistakes-and-misconceptions-adrian-sanabria-asw-279 Show Notes: https://securityweekly.com/asw-3102024-12-1030 min
Application Security Weekly (Audio)Looking Back on 2024 - ASW #310We do our usual end of year look back on the topics, news, and trends that caught our attention. We covered some OWASP projects, the ongoing attention and promises of generative AI, and big events from the XZ Utils backdoor to Microsoft's Recall to Crowdstrike's outage. Segment resources https://prods.ec https://owasp.org/www-project-spvs/ https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/ https://securitychampions.owasp.org/ https://deadliestwebattacks.com/appsec/2024/11/14/ai-and-llms-asw-topic-recap https://www.scworld.com/podcast-episode/3017-infosec-myths-mistakes-and-misconceptions-adrian-sanabria-asw-279 Curl and Python (and others) deal with bad vuln reports generated by LLMs, supply chain attack on Solana...2024-12-1059 minLLM Apps Top 10 Bi-Weekly Project MeetingsEpisode 26: Meeting December 4 2024 Launch Updates, New GenAI Security Podcast And MoreWelcome to the latest bi-weekly meeting for the OWASP Top Ten for Generative AI and Application Security, recorded on December 4th, 2024. Join us as we dive into key updates, project developments, and community engagement activities. This meeting covers updates on meeting link changes, recent launch statistics, social media metrics, and community growth. We also discuss new initiatives like the upcoming podcast series, LinkedIn engagement strategies, future webinars, and our plans for 2025 outreach.
We highlight the progress on the Red Teaming document, data security best practices white paper, and explore translation services for broader accessibility. Additionally, we share...2024-12-0429 minThe Generative AI Security Podcast2025 LLM Apps Top 10, Evolving AI Architectures - GenAI Security Ep.1Welcome to the first episode of the Gen AI Security Podcast! 🎉 Join Aubrey King, Sandy Dunn, and Scott Clinton as they discuss Thanksgiving plans and dive into the OWASP Top Ten for LLM apps. We'll cover our recent 2025 release, deepfake guidance, and evolving AI architectures like RAG. Perfect for a mix of holiday cheer and cutting-edge cybersecurity insights!
🔗 Resources:
OWASP GenAI Project: genai.owasp.org
#GenAISecurity #Cybersecurity #Podcast #Thanksgiving #AI #OWASP
Theme song, 'Crumbling Castle,' freely usable by King Gizzard And The Lizard Wizard, as per https://kinggizzardandthelizardwizard.com/bootlegger.2024-11-2829 minLLM Apps Top 10 Bi-Weekly Project MeetingsEpisode 25: Meeting November 20 2024 Version 2025 Released This WeekThe session covers key updates and lively discussions among team members. Steve Wilson welcomes attendees and discusses recent travels and the prepared slide deck. The team celebrates the release of the new Top 10 list and its positive reception.
Scott Clinton shares success stories and goals from the sponsorship program, while social media growth, project roadmap, and community contributions are highlighted. Krishna updates on the newsletter and future plans for webinars and outreach. The growth of the solutions landscape and the onboarding of a new web team are also discussed.
The team brainstorms new initiatives, including workshops and virtual events...2024-11-2145 minLLM Apps Top 10 Bi-Weekly Project MeetingsEpisode 24: Meeting November 6 2024 Deepfake Guidance, Solutions Landscape And MoreJoin us for an engaging meeting discussing the November 6th edition of the OWASP Top 10 for LLM (Large Language Model) applications. Steve Wilson leads the session, providing updates on the latest developments, including the release candidate, feedback collection, and expectations for the final version. Key points include the importance of the OWASP Top 10 list for 2025, feedback on errors and formatting, and insights into the traction generated by recent press releases and media coverage. The team also discusses the solutions landscape document, the searchable directory of solutions, and upcoming announcements for the new OWASP Top 10 list.
Contributions from team members...2024-11-0822 min
Cyber BitesCyber Bites - 8th November 2024* Cloud Security Concerns Surge in APAC as Data Breaches Remain High* AI-Powered Scams: A Growing Threat* Western Sydney University Suffers Major Data Breach* New FakeCall Malware Targets Android Users for Financial Fraud* UK Regulator Warns Financial Firms After CrowdStrike Outage* OWASP Releases GenAI Security Guidelines This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com2024-11-0709 min
CyberHub Podcast🚨 Nokia & Schneider Electric Investigate Data Breaches, MoneyGram Replaces Leadership, Spyware Legal Barriers🚨 Nokia & Schneider Electric Investigate Data Breaches, MoneyGram Replaces Leadership, Spyware Legal Barriers 🎙️ Join us on the CyberHub Podcast as we delve into the latest headlines for cybersecurity practitionersToday’s episode will discuss the latest news as Nokia & Schneider Electric investigate claims of data breach with more news below:• Cisco Notified Customers of Data Breach • SEC Moves to get more testimony against SolarWinds• Google Patches Vulnerabilities For more information, please visit our website: https://www.cyberhubpodcast.com/ ✅ Story Links: https://www.bl...2024-11-0518 minLLM Apps Top 10 Bi-Weekly Project MeetingsEpisode 23: Meeting October 23 2024 Finalizing The 2025 Top 10 And More!In this meeting, the team finalizes the 2025 version of the OWASP Top 10 list for large language models (LLMs), highlighting key updates to the entries and ongoing efforts to refine the document's graphical layout. They also discuss the integration of the solutions catalog, which now features over 40 contributions from both open-source and commercial entities. Additionally, plans for a robust PR and media outreach campaign are outlined, including potential briefings with press and analysts, and the announcement of a sponsorship program in November. The team is also considering hosting a virtual event in December to highlight the new 2025 list and other...2024-10-2817 minLLM Apps Top 10 Bi-Weekly Project MeetingsEpisode 22: Meeting October 9 2024 Prompt Injection Redefined, AI Bill Of MaterialsCatch up on the latest OWASP Top 10 for Large Language Models (LLMs) meeting! Russell Tait and Rachel discuss AI Incident response, while Steve Wilson updates on transitioning to the 2024 version. Key topics include prompt injection redefinition, red teaming progress, AI Bill of Materials proposal, and updates on the Deepfake Guide, AI-enhanced Cyber Attack Guidance, and exploit generation for AI. Sandy Dunn provides an AI Security Checklist update and proposes a centralized definitions page, and Scott Clinton announces the new Center of Excellence guide and encourages contributions to the Solutions Guide.
For more details, check out the Deepfake Guide and...2024-10-2558 min
PromptCast: The Voice of AI and SecurityAubrey King, PR Lead at OWASP and Community Evangelist at F5 on AI as defensive and offensive toolItamar hosted Aubrey King, PR Lead at OWASP and Community Evangelist at F5 for a fascinating episode on AI and Security all around: from how attackers are using AI to attack organizations, to defending organizations with AI, or why haven't we seen *yet* the WannaCry or SolarWinds of GenAI.
Don't miss a unique musical recommendation by Aubrey: King Gizzard & the Lizard Wizard
--------------------------------------------------------------------
Learn more about Prompt Security: https://prompt.security2024-10-1535 min
CISO Tradecraft®#199 - How to Secure Generative AIJoin G. Mark Hardy in Torremolinos, Spain, for a deep dive into the security of Generative AI. This episode of CISO Tradecraft explores the basics of generative AI, including large language models like ChatGPT, and discusses the key risks and mitigation strategies for securing AI tools in the workplace. G. Mark provides real-world examples, insights into the industry's major players, and practical steps for CISOs to balance innovation with security. Discover how to protect sensitive data, manage AI-driven hallucinations, and ensure compliance through effective governance and ethical guidelines. Plus, get a glimpse into the future of AI vulnerabilities and...2024-09-2327 minLLM Apps Top 10 Bi-Weekly Project MeetingsEpisode 21: Meeting September 11 2024 Prompt Leakage, Agent Interaction, Supply ChainIn our recent session, we discussed the ever-evolving landscape of AI and machine learning security. Key highlights include:
1. Prompt Leakage: Addressing vulnerabilities where AI systems inadvertently disclose sensitive information.
2. Agent Interaction Risks: Focusing on excessive agency and the complexities of multi-agent systems.
3. Supply Chain Vulnerabilities: Ensuring robust security measures in AI development pipelines.2024-09-1357 minLLM Apps Top 10 Bi-Weekly Project MeetingsEpisode 20: Meeting August 28 2024 Defining AI Incidents, Deep Fake GuidanceIn our recent meeting, we covered crucial topics such as defining AI incidents, publishing deep fake guidance, and innovative research on AI exploitation. Our community continues to drive forward with impactful initiatives. Also, a special mention to our beautiful new HQ in Colorado! 🌄 #AI #CyberSecurity #OWASP2024-09-1353 minLLM Apps Top 10 Bi-Weekly Project MeetingsEpisode 19: Meeting August 15, 2024 AI-Enhanced Cyber Attack ResponsesIn our recent meeting, we explored several key topics, including AI-enhanced cyber attack responses, the importance of automated PDF generation for documentation, and welcoming new members to our community. These discussions are crucial for staying ahead in AI and cybersecurity. Dive in and contribute to shaping the future of AI security with us. #AI #CyberSecurity #OWASP #TechInnovation2024-09-1334 minLLM Apps Top 10 Bi-Weekly Project MeetingsEpisode 18: Meeting August 1 2024: Multi-Agent Architectures In AIIn our recent meeting, we explored the evolving landscape of agentic workflows and multi-agent architectures in AI. From discussing the orchestration of tools to the complexities of fully autonomous agents, our team is at the forefront of AI innovation. Dive into the discussion, share your insights, and help shape the future of AI governance. #AI #MachineLearning #AIInnovation #AIResearch2024-09-1357 min
Changelog Master FeedCybersecurity in the GenAI age (Practical AI #286)Dinis Cruz drops by to chat about cybersecurity for generative AI and large language models. In addition to discussing The Cyber Boardroom, Dinis also delves into cybersecurity efforts at OWASP and that organization’s Top 10 for LLMs and Generative AI Apps.
Leave us a commentChangelog++ members save 7 minutes on this episode because they made the ads disappear. Join today!Sponsors:Speakeasy – Production-ready, enterprise-resilient, best-in-class SDKs crafted in minutes. Speakeasy takes care of the entire SDK workflow to save you significant time, delivering SDKs to your customers in minutes with just a fe...2024-09-1151 min
Practical AICybersecurity in the GenAI ageDinis Cruz drops by to chat about cybersecurity for generative AI and large language models. In addition to discussing The Cyber Boardroom, Dinis also delves into cybersecurity efforts at OWASP and that organization’s Top 10 for LLMs and Generative AI Apps.Join the discussionChangelog++ members save 7 minutes on this episode because they made the ads disappear. Join today!Sponsors:Speakeasy – Production-ready, enterprise-resilient, best-in-class SDKs crafted in minutes. Speakeasy takes care of the entire SDK workflow to save you significant time, delivering SDKs to your customers in minutes with just a few clic...2024-09-1151 min
Trustworthy AI : De-risk business adoption of AISecuring GenAI: Secure our FutureThis episode of Trustworthy AI : De-risk business adoption of AI is brought to you by Trusted AI. Securing Generative AI, LLMs is a critical topic for adopting AI.Host Pamela Gupta, CEO Trusted AI talks with Steve Wilson leader of the LLM Governance & Cybersecurity OWASP , Product officer at Exabeam, author Developers Playbook for LLM security, O’ReillyWhy is Securing GenAI critical?Organizations are increasingly prioritizing value creation and demanding tangible results from their Generative AI initiatives. This requires them to scale up their Generative AI deployments— advancing beyond experimentation, pilots and proofs of co...2024-09-1022 min
Colorado = Security Podcast266 - 9/9 - Joseph Dhanapal, CEO at SecureAuthJoseph Dhanapal, CEO at SecureAuth is our feature interview this week. News from Casa Bonita, SpaceX, Blackpoint Cyber, Lares, Optiv, NCC and a lot more.
Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends.
Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com
T...2024-09-091h 11Resilient CyberResilient Cyber w/ Steve Wilson - Securing the Adoption of GenAI & LLM'sIn this episode we sit down with GenAI and Security Leader Steve Wilson to discuss securing the explosive adoption of GenAI and LLM's. Steve is the leader of the OWASP Top 10 for LLM's and the upcoming book The Developer's Playbook for LLM Security: Building Secure AI Applications-- First off, for those not familiar with your background, can you tell us a bit about yourself and what brought you to focusing on AI Security as you have currently?- Many may not be familiar with the OWASP LLM Top 10, can you tell...2024-08-2828 minLLM Apps Top 10 Bi-Weekly Project MeetingsEpisode 17: Core Member Meeting July 10 2024 - v2.0 New Threat ConversationWe took a break from the standard meeting and had a meeting of the core member team to hash out some of the new threats that have come up in conversation for v2.0 ranking.2024-07-1158 min
WE'RE IN!Ads Dawson on developing the OWASP Top 10 for Large Language ModelsAds Dawson, release lead and founding member for the Open Web Application Security Project (OWASP) Top 10 for Large Language Model Applications project, has no shortage of opinions on securing generative artificial intelligence (GenAI) and LLMs. With rapid adoption across the tech industry, GenAI and LLMs are dominating the conversation in the infosec community. But Ads says the security approach is similar to other attack vectors like APIs. First, you need to understand the context of AI-related vulnerabilities and how an attacker might approach hacking a particular AI model. In the latest episode of WE’RE IN!, Ads tal...2024-06-2636 minLLM Apps Top 10 Bi-Weekly Project MeetingsEpisode 16: Meeting June 20 2024 - v2.0 Voting, Conferences & CFPs, PDF PipelinesThe team discussed the progress of the large language models expert group project, focusing on the voting phase for new entries and the future publication. They also discussed the importance of the top 10 list, the outreach roadmap, and the need for upcoming calls for papers. Lastly, they explored potential solutions for managing multiple PDF pipelines, the use of templating, and the team's presence at an upcoming conference in Lisbon.2024-06-2040 min
ITSPmagazine PodcastsIt's Just Software, What Could Possibly Go Wrong? Exploring Deterministic GenAI and AI Trust Cards | An OWASP AppSec Global Lisbon 2024 Conversation with Isabel Praça, Dinis Cruz, and Rob van der Veer | On Location CoverageGuests:Isabel Praça, Coordinator Professor, ISEP - Instituto Superior de Engenharia do PortoOn LinkedIn | https://www.linkedin.com/in/isabel-pra%C3%A7a-07b86310/At OWASP | https://owaspglobalappseclisbon2024.sched.com/speaker/icpDinis Cruz, Chief Scientist at Glasswall [@GlasswallCDR] and CISO at Holland & Barrett [@Holland_Barrett]On LinkedIn | https://www.linkedin.com/in/diniscruz/On Twitter | https://twitter.com/DinisCruzAt OWASP | https://owaspglobalappseclisbon2024.sched.com/speaker/dinis.cruzRob van der Veer, Senior director at Software Improvement Group [@sig_eu]2024-06-1934 min
Redefining CyberSecurityIt's Just Software, What Could Possibly Go Wrong? Exploring Deterministic GenAI and AI Trust Cards | An OWASP AppSec Global Lisbon 2024 Conversation with Isabel Praça, Dinis Cruz, and Rob van der Veer | On Location CoverageGuests:Isabel Praça, Coordinator Professor, ISEP - Instituto Superior de Engenharia do PortoOn LinkedIn | https://www.linkedin.com/in/isabel-pra%C3%A7a-07b86310/At OWASP | https://owaspglobalappseclisbon2024.sched.com/speaker/icpDinis Cruz, Chief Scientist at Glasswall [@GlasswallCDR] and CISO at Holland & Barrett [@Holland_Barrett]On LinkedIn | https://www.linkedin.com/in/diniscruz/On Twitter | https://twitter.com/DinisCruzAt OWASP | https://owaspglobalappseclisbon2024.sched.com/speaker/dinis.cruzRob van der Veer, Senior director at Software Improvement Group [@sig_eu]2024-06-1934 min
On Location With Sean Martin And Marco CiappelliIt's Just Software, What Could Possibly Go Wrong? Exploring Deterministic GenAI and AI Trust Cards | An OWASP AppSec Global Lisbon 2024 Conversation with Isabel Praça, Dinis Cruz, and Rob van der Veer | On Location CoverageGuests:Isabel Praça, Coordinator Professor, ISEP - Instituto Superior de Engenharia do PortoOn LinkedIn | https://www.linkedin.com/in/isabel-pra%C3%A7a-07b86310/At OWASP | https://owaspglobalappseclisbon2024.sched.com/speaker/icpDinis Cruz, Chief Scientist at Glasswall [@GlasswallCDR] and CISO at Holland & Barrett [@Holland_Barrett]On LinkedIn | https://www.linkedin.com/in/diniscruz/On Twitter | https://twitter.com/DinisCruzAt OWASP | https://owaspglobalappseclisbon2024.sched.com/speaker/dinis.cruzRob van der Veer, Senior director at Software Improvement Group [@sig_eu]2024-06-1934 min
Security Weekly Podcast Network (Audio)GenAI, Security, and More Lies - Aubrey King - PSW #832We will discuss LLM security in general and some of the issues covered in the OWASP Top 10 for LLMs! Segment Resources: https://genai.owasp.org/ Skyrocketing IoT vulnerabilities, bricked computers?, MACBORG!, raw dogging source code, PHP strikes again and again, if you have a Netgear WNR614 replace it now, Arm Mali, new OpenSSH feature, weird headphones, decrypting firmware, and VPNs are still being hacked! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-8322024-06-142h 54
Paul's Security Weekly (Video)GenAI, Security, and More Lies - Aubrey King - PSW #832We will discuss LLM security in general and some of the issues covered in the OWASP Top 10 for LLMs! Segment Resources: https://genai.owasp.org/ Show Notes: https://securityweekly.com/psw-8322024-06-131h 03
Paul's Security Weekly (Audio)GenAI, Security, and More Lies - Aubrey King - PSW #832We will discuss LLM security in general and some of the issues covered in the OWASP Top 10 for LLMs! Segment Resources: https://genai.owasp.org/ Skyrocketing IoT vulnerabilities, bricked computers?, MACBORG!, raw dogging source code, PHP strikes again and again, if you have a Netgear WNR614 replace it now, Arm Mali, new OpenSSH feature, weird headphones, decrypting firmware, and VPNs are still being hacked! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-8322024-06-122h 54LLM Apps Top 10 Bi-Weekly Project MeetingsEpisode 15: Meeting June 6 2024 - v2.0 Candidates, Top AI Tools List, CSA AI Summit And MoreThe team discussed the call for new vulnerability candidates for the OASP top 10 for large language models expert group, the challenges of accommodating all nominations for the AI Safety Institute's task force, and the ongoing process of creating a list of top AI tools. They also reviewed the progress of the organization's sponsorship program, plans for outreach, and the upcoming publication of a blog based on research from the University of Illinois. Lastly, they discussed the upcoming CSA AI summit, improving existing vulnerabilities, and the idea of creating a top 20 list to recognize emerging vulnerabilities.2024-06-0854 minLLM Apps Top 10 Bi-Weekly Project MeetingsEpisode 14: Meeting May 23 2024 - RSA Recap, New Website, v2.0 EffortsThis week, Scott leads the bi-weekly meeting for May 23, 2004. We recap the RSA happenings, talk about the new website and get a bit of an update on the v2.0 efforts! Check out Episode 14 of the Bi-weekly Meeting Podcast!2024-05-2334 min
Security Weekly Podcast Network (Audio)Node.js Secure Coding - Oliver Tavakoli, Chris Thomas, Liran Tal - ASW #286Secure coding education should be more than a list of issues or repeating generic advice. Liran Tal explains his approach to teaching developers through examples that start with exploiting known vulns and end with discussions on possible fixes. Not only does this create a more engaging experience, but it also relies on code that looks familiar to developers rather than contrived or overly simplistic examples. Segment resources: https://github.com/lirantal https://cheatsheetseries.owasp.org/cheatsheets/NPMSecurityCheat_Sheet.html https://lirantal.com/blog/poor-express-authentication-patterns-nodejs The challenge of evaluating threat alerts in aggregate – what a collection an...2024-05-211h 09
Application Security Weekly (Audio)Node.js Secure Coding - Oliver Tavakoli, Chris Thomas, Liran Tal - ASW #286Secure coding education should be more than a list of issues or repeating generic advice. Liran Tal explains his approach to teaching developers through examples that start with exploiting known vulns and end with discussions on possible fixes. Not only does this create a more engaging experience, but it also relies on code that looks familiar to developers rather than contrived or overly simplistic examples. Segment resources: https://github.com/lirantal https://cheatsheetseries.owasp.org/cheatsheets/NPMSecurityCheat_Sheet.html https://lirantal.com/blog/poor-express-authentication-patterns-nodejs The challenge of evaluating threat alerts in aggregate – what a collection an...2024-05-211h 09LLM Apps Top 10 Bi-Weekly Project MeetingsEpisode 13: Meeting April 25 2024 - v2 Updates, RSA Planning, New WebsiteSteve Wilson's back to lead the discussion for our April 25 2024 meeting for Episode 13. We talk about the v2 updates - even some survey response discussions. RSA Planning was a significant topic as well, as it's coming up quickly. We also talked the new website efforts and a whole lot more.2024-04-2952 minLLM Apps Top 10 Bi-Weekly Project MeetingsEpisode 12: Meeting April 11 2024 - RSA, OWASP Media BlitzThe team, led by Scott, discussed upcoming activities including the RSA conference, a virtual summit on AI, and a website refresh. They also reviewed the success of their recent social media campaign and planned for future promotions. Lastly, they addressed the improvement of their data gathering methodology and looked forward to the next week's catch-up through Slack.2024-04-1513 minLLM Apps Top 10 Bi-Weekly Project MeetingsEpisode 11: Meeting March 28 2024 - OWASP Top 10 For LLM ApplicationsThis month was huge. We talked about the returning core members and early data from our volunteer interest survey, as well as possible charter expansion. We've also got an AI summit coming up at RSA that is not to miss! Also, the leads gave reports, too!2024-03-2852 minLLM Apps Top 10 Bi-Weekly Project MeetingsEpisode 10: Meeting March 14 2024 - OWASP Top 10 For LLM ApplicationsSteve wasn't able to make the meeting this week, so Sandy Dunn ran the meeting. We talked about how to share any speaking opportunities you may have with the team and had great discussion around prompt injection and "AI-washing" from vendors.2024-03-1540 minLLM Apps Top 10 Bi-Weekly Project MeetingsMeeting Announcement! Thursday March 14, 2024 - 11am Eastern / 8am PacificSet your Alexa alarms, AI Community! We've got a meeting this Thursday and want to see YOU there!
Meetings Link:
https://github.com/OWASP/www-project-top-10-for-large-language-model-applications/wiki/Meetings2024-03-1300 min