Security Boulevard

via the cosmic humor & dry-as-the-desert wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Baker’s Units’ appeared first on Security Boulevard.

Black screen of DRM: Privacy-first messenger blocks Microsoft Recall

The post Signal Gives Microsoft a Clear Signal: Do NOT Recall This appeared first on Security Boulevard.

Discover why machine identities are the new security frontier from KuppingerCole EIC 2025. Learn about secrets sprawl, AI agents, and why traditional IAM fails to protect NHIs in this GitGuardian recap.

The post Navigating the New Frontiers of Identity: Insights from KuppingerCole EIC Summit 2025 appeared first on Security Boulevard.

Miami, Florida, 22nd May 2025, CyberNewsWire

The post Halo Security Achieves SOC 2 Type 1 Compliance, Validating Security Controls for Its Attack Surface Management Platform appeared first on Security Boulevard.

International law enforcement agencies and cybersecurity vendors seized thousands of domains used to run the MaaS operations of the widely popular Lumma Stealer malware, which was used to facilitate ransomware, malvertising, and phishing attacks around the globe.

The post Law Enforcement, Microsoft Disrupt Operations of Popular Lumma Stealer appeared first on Security Boulevard.

Author/Presenter: Cecilie Wian

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – PasswordsCon – Picking A Fight With The Banks appeared first on Security Boulevard.

Transform your B2B SaaS growth trajectory with 10 battle-tested strategies derived from business classics and proven by market leaders. Learn how these frameworks can be specifically adapted for AI startups, with actionable tactics that drive sustainable revenue growth in competitive landscape.

The post 10 Proven Growth Strategies for B2B SaaS: Lessons from Business Classics & Applications for AI Startups appeared first on Security Boulevard.

Tonic Textual provides advanced Named Entity Recognition (NER) and synthetic replacement of sensitive free-text data. Today, we are excited to announce that Tonic Textual is now available on the Snowflake Data Platform via Snowpark Container Services (SPCS). SPCS enables you to run containerized workloads directly within Snowflake, ensuring that your data doesn’t leave your Snowflake account for processing.

The post How to prevent data leakage in your AI applications with Tonic Textual and Snowpark Container Services appeared first on Security Boulevard.

Discover how Tonic Textual revolutionizes data privacy in Snowflake. Learn to create and implement a UDF for secure, compliant free-text data use in our latest article.

The post De-Identifying Your Text Data in Snowflake Using Tonic Textual appeared first on Security Boulevard.

Cary, North Carolina, 22nd May 2025, CyberNewsWire

The post INE Security Partners with Abadnet Institute for Cybersecurity Training Programs in Saudi Arabia appeared first on Security Boulevard.

Are We Maximizing Our Security Investments? Organizations must justify their security spend and ensure the effective use of their budget. With growing reliance on the cloud and increased utilization of Non-Human Identities (NHIs), the question arises: are we truly getting the most out of our security measures? Exploring the Nuances of Non-Human Identities NHIs, a […]

The post Are Your Security Spendings Justified and Effective? appeared first on Entro.

The post Are Your Security Spendings Justified and Effective? appeared first on Security Boulevard.

Why is Security Certainty a Necessity in Today’s Cybersecurity Landscape? Where data breaches are increasing at an alarming rate, maintaining cybersecurity certainty has become a daunting task. But what if you could ensure certainty? Enter Non-Human Identities (NHIs) and Secrets Security Management, a data-protection methodology that not only provides a robust defense against cyberattacks but […]

The post Gaining Certainty in Uncertain Security Landscapes appeared first on Entro.

The post Gaining Certainty in Uncertain Security Landscapes appeared first on Security Boulevard.

Open Banking is accelerating innovation, and fraud—with API abuse, credential stuffing, and fake account creation now among the top threats fintechs must defend against in real time.

The post Securing Open Banking: How Fintechs Can Defend Against Automated Fraud & API Abuse appeared first on Security Boulevard.

Cut through SaaS security complexity. Discover how to protect data, avoid costly missteps, and evaluate the right tools—plus get a free ebook with practical templates and checklists.

The post SaaS Security Made Simple: Build Your Case, Choose Your Vendor, and Protect Your Data appeared first on AppOmni.

The post SaaS Security Made Simple: Build Your Case, Choose Your Vendor, and Protect Your Data appeared first on Security Boulevard.

Authors/Presenters: Troy Defty, Kathy Zhu

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – PasswordsCon – Detecting Credential Abuse appeared first on Security Boulevard.

7 min readAI agents don’t neatly fit into your IAM chart. They switch roles, borrow authority, and rewrite what identity means at runtime. Here's what that means for you.

The post What Kind of Identity Should Your AI Agent Have? appeared first on Aembit.

The post What Kind of Identity Should Your AI Agent Have? appeared first on Security Boulevard.

As we step into the new year, it's time to explore the exciting trends that will shape the world of Quality Engineering in 2024. Here’s what we’ve been seeing in our work with Quality Engineering teams around the globe.

The post How 2024 will impact quality engineering teams appeared first on Security Boulevard.

The financial services industry is in the midst of a thrilling transformation, and Artificial Intelligence (AI) is the spark igniting it all! Picture this: in...Read More

The post The Role of AI in FinTech: Innovation, Transformation, and the Ethics You Can’t Ignore appeared first on ISHIR | Software Development India.

The post The Role of AI in FinTech: Innovation, Transformation, and the Ethics You Can’t Ignore appeared first on Security Boulevard.

A survey of 2,058 security leaders finds nearly half of respondents (46%) are spending more time maintaining tools than they do defending their organization from actual cyberattacks.

The post Survey: Too Much Time Being Spent on Managing Cybersecurity Tools appeared first on Security Boulevard.

May 21, 2025 - Lina Romero - LLM03: Supply Chain
20/5/2025
Excerpt
The OWASP Top 10 List of Risks for LLMs helps developers and security teams determine where the biggest risk factors lay. In this blog series from FireTail, we are exploring each risk one by one, how it manifests, and mitigation strategies. This week, we’re focusing on LLM03: Supply Chain vulnerabilities.
Summary
Supply Chain vulnerabilities can refer to a variety of different risks in the Supply Chains of LLMs. LLMs are unique in that they require third parties to develop the models, and these third parties open the LLMs up to a host of new risks…
Blog text
It is no secret that in 2025, AI is both the biggest advancement and biggest risk in the cyber landscape. LLMs are rising in popularity and with this rise comes a parallel increase in incidents. AI security is still largely misunderstood, but the OWASP LLM Top 10 is a great resource on the biggest risks in the space and how to mitigate them.
What is a Supply Chain Vulnerability?
LLMs require a lot of groundwork to get them up and running. Part of this process includes third-party applications that help connect different components of the LLM, feed it data, etc. However, with these components come risks, as each part is open to its own host of vulnerabilities.
Types of Vulnerabilities
There are a variety of different risks that fall under the category of supply chain vulnerabilities. Traditional Third-Party Package Vulnerabilities: these can include third-party applications with outdated components left vulnerable to exploitation. Licensing Risks: a common risk we see in the space is that developers do not realize some of their data falls under different licensing or compliance requirements. In addition to this, third-party packages also have their own licensing, such as source code licenses and more. When developers have to keep track of all these different licenses, it is easy for things to fall through the cracks, leading to compliance issues and/or vulnerabilities.
Vulnerable Pre-Trained Models: these models are binary black boxes and offer limited security capabilities. Like open-source software, pre-trained models often contain vulnerabilities that developers may not be aware of. Weak Model Provenance: since AI security is still a fairly new concern, there are currently no established provenance assurance standards. Because of this, attackers can compromise supplier accounts or find other ways to insert malicious content into the supply chain using social engineering. Vulnerable LoRA adapters: the Low-Rank Adaptation, or “LoRA” method can make development more efficient, but also introduces new risks. This is because it works by only training a small number of new parameters, rather than the entire model, which saves time but can lead to unpredictable results down the line. Exploit Collaborative Development: model merge and model handling subjects, such as conversions introduce even more vulnerabilities to the LLMs involved. Services such as conversion bot and others similar to it have also been found to create new risks. LLM Model on Device: repackaged LLMs that work on smaller devices and applications often come with new risks that users and developers did not expect. Unclear T&Cs and Policies: when the terms and conditions and data privacy policies are not expressly stated, this can cause confusion and lead to misconfigurations, sensitive information exposure, and risking copyright infringement and more due to murky compliance and licensing requirements.
Mitigation Methods
Most of the mitigation measures recommended to prevent Supply Chain Vulnerabilities boil down to thoroughly vetting and checking all third-party sources and suppliers, using the most up-to-date versions of every software, and staying on top of compliance requirements and more by educating both developers and security teams about their terms, conditions, and similar documentation. Evaluate each third-party model provider by a set of carefully selected criteria to minimize new risks. Implement strict monitoring on third-party LLMs for any irregularities or vulnerabilities. A detailed inventory can also help developers and security teams keep track of the requirements, terms and conditions, security features, and data privacy policies of each model. Compiling all this information into one central, organized space is critical for ensuring everyone involved stays on the same page. Other typical mitigation strategies such as encryption, patching policies, and more can also help security teams stay on top of supply chain vulnerabilities.
Bottom Line
Supply chain vulnerabilities are potentially a huge risk when it comes to LLM adoption. LLMs are complicated to develop, and given the intense competition and speed of evolution, developers may take shortcuts such as using third-party models, repackaged LLMs on devices, and others that can introduce new risks. Supply chain vulnerabilities can refer to a wide range of risks introduced from third-party model vulnerabilities, data quality, licensing issues, outdated models, and more. Essentially, a supply chain vulnerability is any vulnerability that occurs in the process of creating an LLM. Mitigation techniques for supply chain vulnerabilities range from researching third-party models, gathering information into an inventory, vetting each new model, and avoiding things like outdated models, poorly repackaged LLMs on devices, and more. Stay tuned for our next installment on this series next week, where we’ll be deep-diving LLM04: Data and Model Poisoning. If you want to see how FireTail can help you with your AI security posture, schedule a demo or start using our free tier, today!

The post LLM03: Supply Chain – FireTail Blog appeared first on Security Boulevard.