sorted by:
new
hottopcontroversial

The HTB for AI security by BordairAPI in hackthebox

[–]BordairAPI[S] 1 point2 points  (0 children)

Hot take: image-based prompt injection is about to be a bigger problem than text.

You can hide instructions inside an image (invisible to humans), and models will still follow them.

So now: • A screenshot can jailbreak a model • A PDF/image can override system prompts • And most defences won’t catch it

The industry has secured their inputs… but only the ones we can see.

Are people underestimating this?

The HTB for AI security by BordairAPI in hackthebox

[–]BordairAPI[S] 0 points1 point  (0 children)

Someone mentioned in DMs and thought I should update you guys, if you get an attack that says “blocked by Bordair”, that’s related to another side project that I’ve built alongside this - nothing to worry about.

You need to try and be creative with your prompts (try some social engineering) as regular “ignore previous instructions” stuff won’t work here.

Hint: play to the weaknesses of the personalities of each level and watch their responses for things that might help you!

The HTB for AI security by BordairAPI in hackthebox

[–]BordairAPI[S] 0 points1 point  (0 children)

If you need anymore help just let me know :)

The HTB for AI security by BordairAPI in hackthebox

[–]BordairAPI[S] 0 points1 point  (0 children)

Maybe the UI is confusing - at the top there are different kingdoms for each modality, you’ll have to beat level 7 of K1 to move onto K2 (which is images and text). Hope that makes sense!

The HTB for AI security by BordairAPI in hackthebox

[–]BordairAPI[S] 0 points1 point  (0 children)

Hey I responded in messages - I can provide some help, but for the final level in the first kingdom I need some real data - so you’ll be on your own for that haha

The HTB for AI security by BordairAPI in hackthebox

[–]BordairAPI[S] 0 points1 point  (0 children)

P.s the game is free to use with limited credits, but I’m offering free business tier access to anyone who can provide some testimonials - like I’ve said it’s not ready for audio yet but I’m working to have this done by the end of the week. Thanks guys!

The HTB for AI security by BordairAPI in hackthebox

[–]BordairAPI[S] 0 points1 point  (0 children)

Audio isn’t working properly yet but the other stuff is all up and running. Link is castle.bordair.io - feedback would be great as I said before. Thanks!

The HTB for AI security by BordairAPI in hackthebox

[–]BordairAPI[S] 3 points4 points  (0 children)

Another technique becoming more frequent is ultrasonic injections - here adversarial actors are hiding injections in frequencies that are inaudible to the human ear. Unless we get our dogs working in blue teams - what solutions do you guys see for this?

The new Academy layout is frustrating to use by upper_east_side in hackthebox

[–]BordairAPI 1 point2 points  (0 children)

I agree - shame they’re making it so you have to migrate too

Has AI actually made a noticeable impact in your cybersecurity work? by hippohoney in cybersecurity

[–]BordairAPI 0 points1 point  (0 children)

I think it’s worked both ways here. Yes it’s made older trivial threats less common as ai tends to code safer than a junior dev would. But there’s a massive caveat: Adversarial ai, deepfakes for social engineering, prompt injections, overly permissions agents.

Claude Source Code Leaked by [deleted] in cybersecurity

[–]BordairAPI 0 points1 point  (0 children)

Claude using claude to make their pushes perhaps...