Blog - Page 3 of 121 - Krishna Gupta

The Ultimate Guide to Metasploit Alternatives for Penetration Testers

21 June 2025 by Krishna

When it comes to offensive security and penetration testing, Metasploit Framework is a name that needs no introduction. As a powerful and widely adopted open-source platform, Metasploit continues to be a staple in the arsenal of security professionals. However, in recent years, several alternatives and competitors have emerged, offering varied capabilities in red teaming, post-exploitation, command and control (C2), and exploit development.

LLM08:2025 – Vector and Embedding Weaknesses: A Hidden Threat to Retrieval-Augmented Generation (RAG) Systems

20 June 2025 by Krishna

Retrieval-Augmented Generation is an advanced technique that augments pre-trained LLMs with external, domain-specific knowledge bases. Instead of relying solely on static training data, RAG-enabled models retrieve real-time contextual information, thereby enhancing relevance and accuracy.

LLM07:2025 System Prompt Leakage – A Strategic Risk Lens for the C-Suite in the Age of LLM Applications

19 June 2025 by Krishna

System Prompt Leakage (identified as LLM07:2025 in the OWASP Top 10 for LLM Applications v2.0). This vulnerability poses a silent, potent threat not because of what it reveals superficially, but due to how it erodes the foundational principles of security design, privilege separation, and system integrity.

LLM06:2025 Excessive Agency — A Critical Vulnerability in the Age of LLM Autonomy

18 June 2025 by Krishna

The surge of Large Language Model (LLM)-driven applications has revolutionised how businesses interact with data, automate processes, and deliver enhanced user experiences. From autonomous customer service bots to intelligent data summarisation tools and generative co-pilots, LLMs are transforming enterprise workflows at an astonishing pace.
However, this rise has not come without significant risk. Among the top concerns identified in the OWASP Top 10 for LLM Applications v2.0, LLM06:2025 – Excessive Agency stands out as a particularly insidious and business-critical vulnerability. It affects systems where LLMs are entrusted not only with information retrieval or generation but with the ability to act on behalf of users — often through invoking external tools, plugins, or APIs.

LLM05:2025 – Improper Output Handling in LLM Applications: A Business Risk Executive Leaders Must Not Ignore

17 June 2025 by Krishna

At its core, Improper Output Handling refers to inadequate validation, sanitisation, and management of outputs generated by large language models before those outputs are passed downstream—whether to user interfaces, databases, APIs, third-party services, or even human recipients.