View More ASW Episodes

Rise of Compromised LLMs – Sohrob Kazerounian – ASW #340

AI is more than LLMs. Machine learning algorithms have been part of infosec solutions for a long time. For appsec practitioners, a key concern is always going to be how to evaluate the security of software or a system. In some cases, it doesn’t matter if a human or an LLM generated code — the code needs to be reviewed for common flaws and design problems. But the creation of MCP servers and LLM-based agents is also adding a concern about what an unattended or autonomous piece of software is doing. Sohrob Kazerounian gives us context on how LLMs are designed, what to expect from them, and where they pose risk and reward to modern software engineering. Resources https://www.vectra.ai/research...

Full Show Notes
Segment One

Rise of Compromised LLMs – Sohrob Kazerounian – ASW #340

AI is more than LLMs. Machine learning algorithms have been part of infosec solutions for a long time. For appsec practitioners, a key concern is always going to be how to evaluate the security of software or a system. In some cases, it doesn't matter if a human or an LLM generated code -- the code needs to be reviewed for common flaws and design problems. But the creation of MCP servers and LLM-based agents is also adding a concern about what an unattended or autonomous piece of software is doing.

Sohrob Kazerounian gives us context on how LLMs are designed, what to expect from them, and where they pose risk and reward to modern software engineering.

Resources

Guest
Distinguished AI Researcher at Vectra AI

Sohrob Kazerounian is a Distinguished AI Researcher at Vectra AI where he develops and applies novel machine learning architectures in the domain of cybersecurity. After realizing that his goal of becoming a skilled hacker was not meant to be, he focused his studies on Artificial Intelligence, with a particular interest in neural networks. After receiving his Ph.D. in  Cognitive and Neural Systems at Boston University, he held a postdoctoral fellowship at the Swiss AI Lab (IDSIA) working on Deep Learning, Recurrent Neural Networks, and Reinforcement Learning.

List of Articles

Mike Shema

  1. A mid-year 2025 look at CNCF, Linux Foundation, and the top 30 open source projects
  2. OWASP Agentic AI Top 10 Vulnerability Scoring System (AIVSS) & Comprehensive AI Security Framework

    There's a lot to unpack here and I have lots of questions about how this is intended to be consumed. It also seems to ignore a lot of the CVSSv4 changes that seem like they could accommodate some of the desired dimensions this is aiming for.

  3. PoisonSeed downgrading FIDO key authentications to ‘fetch’ user accounts | Expel

    The attack is more about account recovery and alternate authentication schemes to FIDO and passkeys.

    Nevertheless, it's a good reminder about the choices in secure design for account recovery and balancing the risks of users losing the hardware a key is bound to.

  4. Active Supply Chain Attack: npm Phishing Campaign Leads to Prettier Tooling Packages Compromise
Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Episodes

Related Content

You can skip this ad in 5 seconds