🤓 Prompts are everywhere in modern AI systems.
Chatbots. Automations. Agentic workflows...

But they are also a new attack surface!

I introduced a common standard: Indicators of Prompt Compromise (IoPCs) – Adversarial Prompts

Here is a thread to explain👇 When we talk about adversarial prompts, most people think of prompt injection or prompt jailbreaking.

These are common AI attacks, but they are only the tip of the iceberg!

Prompt Injection is one of the first attack vectors used to exploit weaknesses or bypass behavior in AI models.

Here is an illustrated thread with 5 different prompt injection techniques 👇 1️⃣ Direct Prompt Injection

The classic one, the attacker directly inserts malicious text into the input field of the AI model, the model interprets it as a legitimate instruction!

👉 Very simple but effective. It can bypass restrictions, force unwanted outputs or reveal sensitive data.

🤓 Last week, Anthropic released a report on malicious uses of Claude.

The report is very interesting, but I think it is missing critical actionable insights to make it useful for threat analysts.

I broke down my POV in a blog, quick thread 👇🧵

blog.securitybreak.io/why-prompts-ar… Before jumping into the details, if you want to learn more about AI and threat intelligence, I am running an advanced training at BlackHat USA.

Drop me a message if you have any questions.

➡️ store.securitybreak.io/ctiai

Analyzing data leaks is a very interesting Intel challenge, especially when you’re dealing with a foreign language 🤓

The I-SOON leak, which contains mostly PNG files of screenshots of documents, is a good example 🔎

Last night, I created a Notebook to automatically process and analyze the data to speed up your investigation.

Here is my process 👇 🧵

If you don't want to read the thread, you can directly jump to the notebook here:
#infosec #isoon #leak #threatintel #llm #python #jupyterjupyter.securitybreak.io/ISOON_DataLeak… As always, when analyzing new data, check out the structures and formats, and spend time to understand what kind of data you're dealing with. THIS is crucial!🔍

With Python, you can easily peek into the content 💻

Here I created two simple chart to visualize the repartition of the data:

- .md: 70
- .png: 489
- .log: 6
- .txt: 11
- No Extension: 1

#dataanalysis #python #infosec

📢I recently investigated a campaign targeting the cryptocurrency industry. I wrote a detailed report that includes TTP, IOC and more. Here is a thread about this attack! 🧵👇

@MsftSecIntel @MicrosoftAU #infosec #cryptocurrency #threatintelligence #apt

microsoft.com/en-us/security… The attack started on Telegram to identify the targets, then they deployed a weaponized Excel document which finally delivered the final backdoor through multiple mechanisms. ☠☠️ #infosec #malware #backdoor

🧵Thread: 10 underestimated resources about malware techniques.

This is a list of various resources to learn more about malware techniques, how to analyse them and how to improve your detection! 🤓 #infosec #malware #threatintel #malwareanalysis #cybersecurity #1: The Unprotect Project

Of course, I couldn't start this thread without talking about this project we started in 2015. Unprotect Project is a database about Malware Evasion techniques with code snippets and detection rules. cf: @DarkCoderSc

🌐unprotect.it

Visualizing #cybersecurity concepts can be a great way to learn more about specific tools, methodologies, and techniques! Here is a thread that shows 6 useful infographics on threat intelligence and related topics!🧵👇#infosec #threatintel

1⃣ - Practical Threat Intel 2⃣ - Tactics, Techniques and Procedures is an important concept to understand when you are working on threat intelligence to understand the capabilities of threat actors! 🤓 #Infosec #ttp

The #sunburst case is interesting and demonstrates how threat actors can rely on evasion techniques or defense evasion to spy on or make damage. #UnprotectProject Thread 👇 First of all, the use of the supply chain attack made the attack super stealthy and difficult to detect. This is another red flag to increase and improve trust with partners and suppliers, although it is difficult to resolve.