OUR LATEST RESEARCH
Introducing Yasha – Yet Another Security Header Analyser
Silencing the Collective Groan Security headers. Everyone’s encountered them. Security testers find them on every web application test, and it can be tedious work identifying these weaknesses that usually have low impact and low probability [...]
BloreBank ChatBot – Introducing our Prompt Injection Game
BloreBank Chatbot is a prompt injection game where you try to trick the AI into giving away sensitive information. With 10 levels, each one adds new safeguards against these tricks, making it tougher to get [...]
Para Bailar La Bambda: Contributing to Burp Suite’s New Filtering Capabilities
A great deal of security tools involve simply finding what you need — they have magnets for needles in a haystack! PortSwigger's Burp Suite is no different, and in this post I will introduce the [...]
Guiding Secure AI: NCSC’s Framework for AI System Security
The introduction of the newly released guidelines for secure AI system development by the National Cyber Security Centre (NCSC) emphasizes the growing importance and integration of AI systems in various sectors. It acknowledges the potential [...]
Unravelling the Web: AI’s Tangled Web of Prompt Injection Woes
Ah, the marvels of technology – where Artificial Intelligence (AI) emerges as the golden child, promising solutions to problems we didn't know we had. It's like having a sleek robot assistant, always ready to lend [...]