appsec.fyi · Sources

blockchain-council.org

10 curated AppSec resources from blockchain-council.org across 1 topics on appsec.fyi.

blockchain-council.org

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-03.

AI 10
Date Added Resource Excerpt
2026-06-03 2026Guardrails for AI Agents: Safety and SecurityAILibrary providing a layered governance and security system for AI agents, acting as a runtime control to prevent issues like hallucinations, prompt injection, unsafe actions, and data leakage by validating inputs, model outputs, and tool calls. It enforces structured policies and safeguards through pre-LLM input checks, post-LLM output and action validation, and system-level controls such as least privilege and tool sandboxing. This approach treats guardrails as production infrastructure, incorporating context-grounded validation, self-correction loops, multi-agent validation, and hard constraints to ensure security, compliance with regulations like GDPR and HIPAA, and prevent operational incidents.
2026-05-28 2026Prompt Injection in 2026 for Web3 SecurityAILibrary for mitigating prompt injection in Web3 AI agents, addressing risks like wallet manipulation, DAO governance capture, and secret leakage. It emphasizes hardening the architecture around LLMs, including data flows, retrieval pipelines, and tool permissions, as model-layer defenses alone are insufficient. The library highlights common override phrases like "disregard previous instructions" as high-risk indicators and acknowledges sophisticated evasion techniques beyond simple keyword matching, particularly for indirect prompt injection via untrusted content.
2026-05-21 2026LLM Security News: Risks Incidents DefensesAILibrary of LLM security incidents and defenses details how rapid adoption of large language models has created new attack surfaces, expanding the enterprise threat landscape beyond traditional controls. It highlights risks like prompt injection, tool abuse, insecure output handling, and LLM supply chain threats, exemplified by the LiteLLM compromise and early 2025 data breaches. The OWASP LLM Top 10, including sensitive information disclosure and excessive agency, are discussed as persistent vulnerabilities, with conventional tools insufficient for addressing these LLM-specific failure modes.
2026-05-21 2026Generative AI Data Privacy and Security in LLMsAILibrary for securing Generative AI and LLM workflows, addressing data privacy risks including training data leakage, prompt injection, and output harms. It details where sensitive data appears across training data, prompts, outputs, and telemetry, and outlines practical controls like data discovery, classification, minimization, anonymization, and differential privacy. The resource highlights regulatory pressures like GDPR and the AI Act, and common risk patterns identified by MIT and Stanford HAI, emphasizing OWASP's identified critical LLM risks.
2026-05-20 2026Security for AI Agent Managers: Key ControlsAILibrary for securing AI agent managers, focusing on mitigating prompt injection, data leaks, and abuse of capabilities. It details risks inherent in agentic systems, including indirect prompt injection in browser agents and tool-chain injection, referencing industry guidance from NIST and the EU AI Act. Recommended layered mitigations include deploying an AI security gateway, enforcing context separation, hardening tool-use policies with least privilege, improving memory and RAG hygiene, and continuous monitoring and red-teaming.
2026-04-15 2026Risks of artificial intelligence securityAILibrary of security considerations for artificial intelligence, detailing risks from prompt injection and data poisoning to model stealing and generative AI misuse in deepfakes and phishing. It highlights vulnerabilities in AI systems, adversary misuse of generative AI, and unintended consequences like bias and data leakage, emphasizing challenges posed by LLM integrations with tools and third-party dependencies. The summary also touches on AI-generated code risks and the escalating concern of autonomous AI attack bots.
2026-04-03 2026Prompt Injection and LLM Jailbreaks: DefensesAISurvey of prompt injection and LLM jailbreak defenses, addressing risks in generative AI and agentic workflows. It differentiates between instruction hijacking and policy evasion, detailing why modern long-context and tool-using systems amplify attack impact. The survey outlines common attack patterns like instruction override and hidden instructions, then proposes layered defenses including inference-time filtering, independent guardrails, model-level hardening techniques like salting, and secure architectural controls for tool-using systems.
2026-04-03 2026AI Security Projects for Practice: 10 Hands-On LabsAILabs provide hands-on practice with prompt injection, including direct and indirect attacks, excessive agency, and tool invocation risks, as well as data poisoning techniques like label-flipping and backdoor trigger injection. These projects are crucial for understanding and mitigating threats outlined in the OWASP LLM Top 10 and MITRE ATLAS, covering offensive strategies and defensive hardening across various AI system components, from preprocessing to model integrity checks and DevSecOps pipelines.
2026-04-03 2026AI Security Roadmap: From Basics to Model DefenseAIReference outlining a structured AI security roadmap, progressing from fundamentals to model defense. It highlights unique threats like prompt injection and data poisoning, and maps learning paths to frameworks such as OWASP Top 10 for LLMs, NIST AI RMF, and MITRE ATLAS. The guide also details practical tooling patterns like AI Security Posture Management (AI-SPM) and adversarial testing tools such as Microsoft Counterfit and IBM Adversarial Robustness Toolbox.
2026-04-03 2026AI Security Certification Guide for 2026AIGuide to AI security certifications for 2026, detailing credentials for technical, governance, and audit roles. It highlights the growing importance of AI-specific risks like prompt injection and data leakage, and aligns certifications with frameworks such as OWASP LLM Top 10, NIST AI RMF, MITRE ATLAS, SAIF, and ISO/IEC 42001. The guide emphasizes hands-on assessment and explains how to choose the right credential based on role fit, framework alignment, cost, and industry recognition.