U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Germany’s BSI issues guidelines to counter evasion attacks targeting LLMs

Germany’s BSI warns of rising evasion attacks on LLMs, issuing guidance to help developers and IT managers secure AI systems. Germany’s BSI warns of rising evasion attacks on LLMs, issuing guidance to help developers and IT managers secure AI systems and mitigate related risks. A significant and evolving threat to AI systems based on large […]

PTC Windchill and FlexPLM flaw German BSI LLM

Germany’s BSI warns of rising evasion attacks on LLMs, issuing guidance to help developers and IT managers secure AI systems.

Germany’s BSI warns of rising evasion attacks on LLMs, issuing guidance to help developers and IT managers secure AI systems and mitigate related risks.

A significant and evolving threat to AI systems based on large language models (LLMs) arises from evasion attacks, malicious inputs designed to subvert or bypass model safeguards. The Federal Office for Information Security (BSI) of Germany addresses this issue in its publication Evasion Attacks on LLMs – Countermeasures in Practice, which targets developers, IT managers in companies and public authorities using pre-trained models (such as GPT) and other advanced IT users.

“This document is aimed at developers and IT managers in companies and public authorities that have opted to operate a pre-trained language model such as OpenAI ‘s GPT.” reads the announcement. “Furthermore, other experienced IT users can also benefit from the recommendations. Implementing the proposed countermeasures within the LLM system can make attacks more difficult or reduce potential damage.”

The report details LLM evasion methods like prompt injection and data manipulation, recommending secure prompts, filtering, Zero Trust, and anomaly monitoring.

Implementing these measures within LLM systems does not guarantee immunity, but it significantly raises the attack cost and helps reduce potential harm. The BSI recommends integrating both technical controls (e.g., filters, sandboxing, RAG with trusted retrieval) and organizational practices (e.g., adversarial testing, governance, training) as part of a defence-in-depth strategy.

In essence, as organisations increasingly adopt LLMs, they must assume that no single control is sufficient. Rather, they should adopt layered safeguards and continuous monitoring to address the special risks of evasion attacks, otherwise even well-configured systems can be subverted.

Evasion attacks on large language models occur during runtime, not training, where adversaries use prompt injections, jailbreaks, or adversarial inputs to bypass safeguards and alter model behavior.

The BSI report explains these threats and offers countermeasures such as secure system prompts, malicious content filtering, and requiring explicit user confirmation before execution. It also includes a practical checklist and use cases to help integrate these defenses into operational AI systems.

“The BSI publication introduces the topic of evasion attacks and presents a variety of practical countermeasures.” concludes the announcement. “A checklist facilitates both theoretical and practical implementation. Use cases demonstrate how the presented countermeasures can be integrated into a user’s own system.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, LLMs)