This page collects WhisperX intelligence signals tagged #llm-security. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security flaw in the Orion-Web platform left an LLM-powered tool generation endpoint completely unauthenticated, exposing systems to arbitrary shell command execution. The vulnerability, tracked as SOC 2 corrective action CR-005, allowed attackers to craft malicious tool descriptions that the LLM would trans...
A documented security vulnerability in the glowos project leaves LLM API keys exposed in plain text within browser localStorage, creating an immediate attack surface for any cross-site scripting (XSS) exploit. The keys are persisted through the zustand state management library using its persist middleware, which writes...
Security researchers have demonstrated a novel technique leveraging Large Language Models to identify critical remote Linux kernel out-of-bounds (OOB) write vulnerabilities, uncovering multiple high-severity flaws including CVE-2026-31432 and CVE-2026-31433. The approach involves strategically perturbing LLM outputs to...