{"id":212,"date":"2025-09-25T06:00:22","date_gmt":"2025-09-25T06:00:22","guid":{"rendered":"https:\/\/haco.club\/?p=212"},"modified":"2025-09-25T06:00:22","modified_gmt":"2025-09-25T06:00:22","slug":"tinker-tailor-llm-spy-investigate-respond-to-attacks-on-genai-chatbots","status":"publish","type":"post","link":"https:\/\/haco.club\/?p=212","title":{"rendered":"Tinker Tailor LLM Spy: Investigate &amp; Respond to Attacks on GenAI Chatbots"},"content":{"rendered":"\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Tinker Tailor LLM Spy: Investigate &amp; Respond to Attacks on GenAI Chatbots\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/QfUdKtkBRjA?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>In the &#8220;Tinker Tailor LLM Spy: Investigate &amp; Respond to Attacks on GenAI Chatbots&#8221; talk by Black Hat, Ellen Scott discusses the increasing ubiquity of Generative AI chatbots and the security incidents that can arise from their misuse. The talk outlines three main incident scenarios and provides a playbook for investigation and response [<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=242\">04:02<\/a>].<\/p>\n\n\n\n<p>Here&#8217;s a summary of the key takeaways:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Chatbot Risk Classification<\/strong> [<a href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=379\" target=\"_blank\" rel=\"noreferrer noopener\">06:19<\/a>]:\n<ul class=\"wp-block-list\">\n<li><strong>Low Risk<\/strong>: Chatbots providing general information (e.g., a weather chatbot). Incidents primarily involve brand damage, like a chatbot giving Taylor Swift-themed weather reports [<a href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=468\" target=\"_blank\" rel=\"noreferrer noopener\">07:48<\/a>].<\/li>\n\n\n\n<li><strong>Medium Risk<\/strong>: Chatbots with access to personalized or sensitive data (e.g., PII or PHI).<\/li>\n\n\n\n<li><strong>High Risk<\/strong>: Chatbots capable of performing actions or having &#8220;agency&#8221; (e.g., an event planning chatbot that can execute SQL queries or remote code) [<a href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=1125\" target=\"_blank\" rel=\"noreferrer noopener\">18:45<\/a>].<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"507\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-32-1024x507.png\" alt=\"\" class=\"wp-image-213\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-32-1024x507.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-32-300x149.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-32-768x380.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-32-1536x761.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-32-2048x1014.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Logging is Crucial<\/strong> [<a href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=531\" target=\"_blank\" rel=\"noreferrer noopener\">08:51<\/a>]:\n<ul class=\"wp-block-list\">\n<li>Log user prompts, conversation history (with message thread IDs), user web sessions (IP address, user agent), chatbot outputs, model used, timestamps, and chatbot versions. This enables investigation and correlation of security events.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"561\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-33-1024x561.png\" alt=\"\" class=\"wp-image-214\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-33-1024x561.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-33-300x164.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-33-768x421.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-33-1536x842.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-33.png 1916w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Guardrails for Defense<\/strong> [<a href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=771\" target=\"_blank\" rel=\"noreferrer noopener\">12:51<\/a>]:\n<ul class=\"wp-block-list\">\n<li><strong>Rule-based metrics<\/strong>: Simple filters for keywords or phrases, but easily bypassed [<a href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=787\" target=\"_blank\" rel=\"noreferrer noopener\">13:07<\/a>].<\/li>\n\n\n\n<li><strong>LLM as a judge<\/strong>: An LLM is used to assess and score inputs and outputs based on specific criteria, providing a more robust defense against inappropriate topics [<a href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=841\" target=\"_blank\" rel=\"noreferrer noopener\">14:01<\/a>].<\/li>\n\n\n\n<li><strong>System prompt<\/strong>: A set of instructions given to the model that defines its purpose, behavioral guidelines, and operational constraints [<a href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=976\" target=\"_blank\" rel=\"noreferrer noopener\">16:16<\/a>]. Explicit denials are more effective, but LLMs can still be influenced by strong natural language commands in user prompts [<a href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=1060\" target=\"_blank\" rel=\"noreferrer noopener\">17:40<\/a>].<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"391\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-37-1024x391.png\" alt=\"\" class=\"wp-image-218\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-37-1024x391.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-37-300x115.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-37-768x293.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-37-1536x587.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-37.png 1896w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"579\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-35-1024x579.png\" alt=\"\" class=\"wp-image-216\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-35-1024x579.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-35-300x170.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-35-768x434.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-35-1536x868.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-35-2048x1158.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"559\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-36-1024x559.png\" alt=\"\" class=\"wp-image-217\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-36-1024x559.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-36-300x164.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-36-768x419.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-36-1536x838.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-36-2048x1117.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Common Attacks<\/strong> [<a href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=1256\" target=\"_blank\" rel=\"noreferrer noopener\">20:56<\/a>]:\n<ul class=\"wp-block-list\">\n<li><strong>Prompt Injection<\/strong>: Concatenating untrusted user input with a trusted prompt (like a system prompt) to manipulate the LLM&#8217;s behavior. This becomes serious when the chatbot has access to sensitive data or can take actions [<a href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=1297\" target=\"_blank\" rel=\"noreferrer noopener\">21:37<\/a>].<\/li>\n\n\n\n<li><strong>Jailbreaking<\/strong>: Bypassing guardrails to make the LLM output harmful or inappropriate dialogue. Often used for &#8220;screenshot attacks&#8221; that cause PR incidents [<a href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=1331\" target=\"_blank\" rel=\"noreferrer noopener\">22:11<\/a>].<\/li>\n\n\n\n<li><strong>Model Inversion Attacks<\/strong>: An attacker repeatedly asks questions to reconstruct sensitive information from the LLM&#8217;s training data. This is particularly difficult to detect as prompts appear innocuous [<a href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=1782\" target=\"_blank\" rel=\"noreferrer noopener\">29:42<\/a>].<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"601\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-38-1024x601.png\" alt=\"\" class=\"wp-image-219\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-38-1024x601.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-38-300x176.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-38-768x451.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-38-1536x902.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-38.png 1866w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"497\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-39-1024x497.png\" alt=\"\" class=\"wp-image-220\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-39-1024x497.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-39-300x146.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-39-768x373.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-39-1536x746.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-39-2048x995.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"587\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-40-1024x587.png\" alt=\"\" class=\"wp-image-221\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-40-1024x587.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-40-300x172.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-40-768x440.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-40-1536x881.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-40.png 1932w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"631\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-41-1024x631.png\" alt=\"\" class=\"wp-image-222\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-41-1024x631.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-41-300x185.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-41-768x473.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-41-1536x947.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-41.png 2008w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"608\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-42-1024x608.png\" alt=\"\" class=\"wp-image-223\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-42-1024x608.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-42-300x178.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-42-768x456.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-42-1536x912.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-42-2048x1216.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"565\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-43-1024x565.png\" alt=\"\" class=\"wp-image-224\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-43-1024x565.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-43-300x165.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-43-768x423.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-43-1536x847.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-43.png 2042w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"595\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-46-1024x595.png\" alt=\"\" class=\"wp-image-227\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-46-1024x595.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-46-300x174.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-46-768x446.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-46-1536x893.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-46.png 1886w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"599\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-44-1024x599.png\" alt=\"\" class=\"wp-image-225\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-44-1024x599.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-44-300x175.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-44-768x449.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-44-1536x898.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-44.png 2014w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"561\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-45-1024x561.png\" alt=\"\" class=\"wp-image-226\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-45-1024x561.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-45-300x164.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-45-768x421.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-45-1536x841.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-45-2048x1122.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"595\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-47-1024x595.png\" alt=\"\" class=\"wp-image-228\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-47-1024x595.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-47-300x174.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-47-768x446.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-47-1536x893.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-47.png 1930w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Additional Considerations<\/strong> [<a href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=1837\" target=\"_blank\" rel=\"noreferrer noopener\">30:37<\/a>]:\n<ul class=\"wp-block-list\">\n<li><strong>Retrieval Augmented Generation (RAG)<\/strong>: Chatbots can connect to external data sources to enrich their context. It&#8217;s crucial to understand how these are architected and their permissions [<a href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=1844\" target=\"_blank\" rel=\"noreferrer noopener\">30:44<\/a>].<\/li>\n\n\n\n<li><strong>External Tool Safety<\/strong>: Many out-of-the-box LLM tools (e.g., Langchain&#8217;s LLM math) were not designed for publicly facing chatbots and can be exploited for system execution [<a href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=1591\" target=\"_blank\" rel=\"noreferrer noopener\">26:31<\/a>]. Always sanitize user inputs before tools run.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"584\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-48-1024x584.png\" alt=\"\" class=\"wp-image-229\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-48-1024x584.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-48-300x171.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-48-768x438.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-48-1536x877.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-48.png 2036w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Incident Response Playbook<\/strong> [<a href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=2023\" target=\"_blank\" rel=\"noreferrer noopener\">33:43<\/a>]:\n<ul class=\"wp-block-list\">\n<li><strong>Review Inputs<\/strong>: Examine user prompts and feedback for patterns or attempts to bypass security filters.<\/li>\n\n\n\n<li><strong>Investigate Outputs<\/strong>: Check chatbot responses for inappropriate content, manipulation, or evidence of data exfiltration.<\/li>\n\n\n\n<li><strong>Analyze Guardrail Metrics<\/strong>: Review decision scores and reasons to identify subtle bypass attempts.<\/li>\n\n\n\n<li><strong>Examine Tool Execution<\/strong>: Understand what APIs and external sources tools are connected to, their inputs, outputs, and any commands executed.<\/li>\n\n\n\n<li><strong>Investigate Data Sources<\/strong>: Ensure sensitive information in training data or external RAG sources is redacted.<\/li>\n\n\n\n<li><strong>Contain and Remediate<\/strong>: Utilize rule-based metrics, LLM judges, system prompts, and external tool safety measures.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"525\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-49-1024x525.png\" alt=\"\" class=\"wp-image-230\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-49-1024x525.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-49-300x154.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-49-768x394.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-49-1536x787.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-49.png 1908w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"547\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-50-1024x547.png\" alt=\"\" class=\"wp-image-231\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-50-1024x547.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-50-300x160.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-50-768x410.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-50-1536x821.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-50.png 1886w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"535\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-51-1024x535.png\" alt=\"\" class=\"wp-image-232\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-51-1024x535.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-51-300x157.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-51-768x401.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-51-1536x802.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-51.png 1888w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"522\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-52-1024x522.png\" alt=\"\" class=\"wp-image-233\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-52-1024x522.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-52-300x153.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-52-768x392.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-52-1536x783.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-52.png 1816w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"593\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-53-1024x593.png\" alt=\"\" class=\"wp-image-234\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-53-1024x593.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-53-300x174.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-53-768x445.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-53-1536x890.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-53.png 1888w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"524\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-54-1024x524.png\" alt=\"\" class=\"wp-image-235\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-54-1024x524.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-54-300x154.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-54-768x393.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-54-1536x786.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-54.png 1680w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"571\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-55-1024x571.png\" alt=\"\" class=\"wp-image-236\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-55-1024x571.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-55-300x167.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-55-768x428.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-55-1536x856.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-55-2048x1142.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"571\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-57-1024x571.png\" alt=\"\" class=\"wp-image-238\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-57-1024x571.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-57-300x167.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-57-768x428.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-57-1536x856.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-57.png 1708w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"592\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-56-1024x592.png\" alt=\"\" class=\"wp-image-237\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-56-1024x592.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-56-300x173.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-56-768x444.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-56-1536x888.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-56.png 2030w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"613\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-59-1024x613.png\" alt=\"\" class=\"wp-image-240\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-59-1024x613.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-59-300x180.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-59-768x460.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-59-1536x919.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-59.png 1938w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"456\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-58-1024x456.png\" alt=\"\" class=\"wp-image-239\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-58-1024x456.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-58-300x134.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-58-768x342.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-58-1536x684.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-58.png 1972w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>The talk concludes by emphasizing the importance of understanding chatbot architecture, data access, and potential attacks, and ensuring proper logging and robust guardrails are in place to prepare for generative AI chatbot incidents [<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"http:\/\/www.youtube.com\/watch?v=QfUdKtkBRjA&amp;t=2207\">36:47<\/a>].<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"470\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-60-1024x470.png\" alt=\"\" class=\"wp-image-241\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-60-1024x470.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-60-300x138.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-60-768x352.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-60-1536x705.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-60.png 1914w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"638\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-61-1024x638.png\" alt=\"\" class=\"wp-image-242\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-61-1024x638.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-61-300x187.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-61-768x478.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-61-1536x956.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2025\/09\/image-61.png 1998w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><a href=\"https:\/\/linktr.ee\/meoward\">https:\/\/linktr.ee\/meoward<\/a><\/p>\n<\/blockquote>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the &#8220;Tinker Tailor LLM Spy: Investigate &amp; Respond to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[35,5,10],"class_list":["post-212","post","type-post","status-publish","format-standard","hentry","category-black-hat","tag-llm","tag-security","tag-toolchain"],"_links":{"self":[{"href":"https:\/\/haco.club\/index.php?rest_route=\/wp\/v2\/posts\/212","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/haco.club\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/haco.club\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/haco.club\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/haco.club\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=212"}],"version-history":[{"count":1,"href":"https:\/\/haco.club\/index.php?rest_route=\/wp\/v2\/posts\/212\/revisions"}],"predecessor-version":[{"id":243,"href":"https:\/\/haco.club\/index.php?rest_route=\/wp\/v2\/posts\/212\/revisions\/243"}],"wp:attachment":[{"href":"https:\/\/haco.club\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=212"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/haco.club\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=212"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/haco.club\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=212"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}