When your AI chatbot does more than chat: The security of tool usage by LLMs

Tue, 23 Sep 2025

It is common for companies to have some kind of large language model (LLM) application exposed in their public-facing systems, often as a chatbot. LLMs usually have access to additional tools and MCP servers to call external systems or perform specialized operations. These tools are an underestimated yet critical part of the attack surface and can be exploited by attackers to compromise the application via the LLM.

Behind the scenes: How Invicti built the security engine of the future

Wed, 30 Jul 2025

Next.js middleware authorization bypass vulnerability: Are you vulnerable?

Tue, 25 Mar 2025

First tokens: The Achilles’ heel of LLMs

Fri, 10 Jan 2025

Ducks, dinosaurs, and XSS: A little knowledge is a dangerous thing in security

Tue, 03 Dec 2024

Brainstorm tool release: Optimizing web fuzzing with local LLMs

Tue, 26 Nov 2024

System prompt exposure: How AI image generators may leak sensitive instructions

Tue, 12 Nov 2024

Cache bypass techniques for time-based SQL injection

Thu, 07 Nov 2024

Analyzing WordPress hack access logs with NotebookLM

Tue, 29 Oct 2024