At its core, data poisoning involves the deliberate manipulation of datasets used during the pre-training, fine-tuning, or embedding stages of an LLM’s lifecycle. The objective is often to introduce backdoors, degrade model performance, or inject bias—toxic, unethical, or otherwise damaging behaviour—into outputs.
Security misconfiguration occurs when system security settings across application stacks—such as servers, databases, and networks—are inadequately implemented or left in their default states. These missteps expose critical vulnerabilities that attackers can exploit.
At its core, SSRF arises when an attacker can manipulate a server to send HTTP requests to arbitrary destinations, often bypassing firewalls, access controls, and other security measures. The vulnerability stems from improper validation of user-supplied URLs or inputs that dictate server-side request behaviour.
Path traversal, also known as directory traversal, is a vulnerability that allows an attacker to access files and directories stored outside the intended directory. By exploiting improper validation of user-supplied input, attackers can manipulate file paths to access sensitive system files, configuration files, or any other data stored on the server.
CSRF is a security vulnerability that tricks a victim into performing unintended actions on a web application where they are authenticated. By exploiting the trust that a website places in the user’s browser, attackers can force users to execute actions without their consent or knowledge.