Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

LLM Attack Vectors

LLM Attack Vectors

Section titled “LLM Attack Vectors”

5 automated security scanners

LLM-hosted Web API Abuse

Section titled “LLM-hosted Web API Abuse”

Purpose: The LLM-hosted Web API Abuse Scanner is designed to safeguard against exploitation of openrouter/ollama/langchain APIs by evaluating and identifying potential vulnerabilities in terms of insecure configurations, outdated protocols, and missing security headers.

What It Detects:

  • Security Headers Analysis: Checks for the presence of critical security headers such as Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options.
  • TLS/SSL Configuration Issues: Identifies outdated TLS versions (TLSv1.0, TLSv1.1) and weak cipher suites (RC4, DES, MD5).
  • DNS Record Vulnerabilities: Analyzes TXT, MX, NS, CAA, and DMARC records for potential misconfigurations that could be exploited.
  • HTTP Response Analysis: Examines security headers in HTTP responses to ensure they are correctly implemented and checks for redirects and content that may indicate vulnerabilities or misconfigurations.
  • Port Scanning and Service Fingerprinting: Scans common ports to identify open services and potential entry points, attempting to fingerprint services running on identified ports to detect insecure configurations.

Inputs Required:

  • domain (string): The domain to scan (e.g., acme.com)
  • url (string): The specific URL to analyze (e.g., https://acme.com/api)

Business Impact: This scanner is crucial for maintaining the security and integrity of APIs hosted by LLM, preventing potential exploitation that could lead to data breaches or unauthorized access, thereby safeguarding sensitive information and business operations.

Risk Levels:

  • Critical: Conditions where outdated TLS versions are used without any fallback mechanism, significant exposure to weak cipher suites, and absence of critical security headers leading to immediate risk of exploit.
  • High: Presence of SSL/TLS protocols that do not meet current security standards, such as using only legacy SSL versions or employing ciphers considered insecure by industry standards.
  • Medium: Inadequate implementation of security headers which might lead to certain types of attacks like Cross-Site Scripting (XSS) and Clickjacking.
  • Low: Minor deviations in DNS records that do not directly impact API security but could be indicative of broader misconfigurations or lack of attention to detail in network management.
  • Info: Informal findings such as minor discrepancies in HTTP headers which, while not critical, might suggest a need for further optimization and adherence to best practices.

Example Findings:

  1. A domain with no Strict-Transport-Security header configured exposes it to the risk of SSL/TLS attacks, potentially leading to session hijacking or data leakage when accessed over insecure connections.
  2. The use of TLSv1.0 and weak cipher suites like RC4 in another instance poses significant risks as these configurations are highly vulnerable to exploits targeting legacy protocol weaknesses.

Prompt Injection

Section titled “Prompt Injection”

Purpose: The Prompt Injection Scanner is designed to detect potential vulnerabilities such as jailbreaking attempts, system prompt leakage, and instruction override vulnerabilities by analyzing various network interactions and response contents. This tool aims to ensure that systems are secure against unauthorized command execution or data exposure.

What It Detects:

  • Jailbreak Detection: Identifies signs of devices being potentially jailbroken through specific headers or content in HTTP responses and checks for known jailbreak indicators in DNS TXT records.
  • System Prompt Leakage: Analyzes HTTP responses to identify unintended leakage of system prompts or sensitive information using regex patterns.
  • Instruction Override Vulnerabilities: Examines HTTP requests and responses for signs of instruction override, such as unexpected command execution, and verifies TLS configurations for vulnerabilities that could be exploited for this purpose.
  • Security Headers Analysis: Ensures the presence and correctness of critical security headers to prevent various types of attacks.
  • TLS/SSL Configuration Issues: Checks for deprecated TLS protocols, weak cipher suites, and other configuration issues in TLS/SSL settings to maintain strong encryption standards.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • url (string): Specific URL to test for prompt injection vulnerabilities (e.g., https://acme.com/api)

Business Impact: This scanner is crucial as it helps in identifying potential security flaws that could be exploited by malicious actors, thereby safeguarding sensitive information and system integrity. The findings can lead to immediate action to mitigate risks, protecting both the organization’s assets and customer data from unauthorized access or exposure.

Risk Levels:

  • Critical: Conditions where there is a high probability of significant damage or exposure (e.g., presence of jailbreak indicators in DNS records).
  • High: Conditions where there is a moderate to high risk of exposure but with lower likelihood of severe consequences (e.g., missing critical security headers on the primary domain).
  • Medium: Conditions where risks are balanced, potentially affecting multiple systems or requiring attention for improvement (e.g., TLS configurations using deprecated protocols).
  • Low: Conditions where vulnerabilities pose minimal risk to system integrity or data privacy (e.g., minor issues with less critical security headers).
  • Info: Informative findings that do not directly impact security but can be useful for continuous improvement and compliance audits.

Example Findings:

  1. The scanner identified missing Strict-Transport-Security header on the primary domain, which could lead to potential man-in-the-middle attacks if intercepted traffic is vulnerable.
  2. DNS records revealed several TXT entries containing indicators of a jailbroken device, highlighting significant security risks and potential exposure of sensitive data stored in the system’s prompts.

LLM-to-LLM Exploitation

Section titled “LLM-to-LLM Exploitation”

Purpose: The LLM-to-LLM Exploitation Scanner is designed to identify potential security vulnerabilities in infrastructure that involves multiple Large Language Model (LLM) instances interacting through API calls, DNS queries, HTTP requests, TLS/SSL configurations, socket connections, and API interactions. This tool aims to detect model daisy chaining, reflexive loops, and model manipulation by analyzing various network activities for suspicious patterns and anomalies.

What It Detects:

  • Model Daisy Chaining: Identifies multiple LLM instances chained together through API calls, detecting sequential model interactions indicated by HTTP requests.
  • Reflexive Loops: Analyzes DNS queries and HTTP redirects to identify loops where a request is repeatedly sent back to the same or similar endpoints, including recursive API calls that could indicate reflexive loops.
  • Model Manipulation: Examines TLS/SSL configurations for weak cipher suites and protocol versions, as well as inspects security headers in HTTP responses for missing or misconfigured protections.
  • DNS Record Anomalies: Scans DNS records (TXT, MX, NS, CAA, DMARC) for suspicious patterns that might indicate model manipulation or unauthorized access.
  • API Interaction Vulnerabilities: Analyzes socket connections and API interactions to detect unusual behavior such as excessive requests or unexpected data flows.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • url (string): Specific URL for detailed analysis (e.g., https://acme.com/api)

Business Impact: This scanner is crucial as it helps in identifying potential security threats posed by the interaction of multiple LLMs, which could lead to unauthorized data access, privacy breaches, and system manipulation. It enhances the overall security posture by proactively detecting vulnerabilities that might be exploited for malicious purposes.

Risk Levels:

  • Critical: Conditions where model daisy chaining or reflexive loops are identified in critical systems could lead to immediate denial of service, unauthorized data access, or other severe impacts.
  • High: Significant risks associated with weak TLS configurations and missing security headers that can be exploited for data interception or manipulation.
  • Medium: Vulnerabilities in DNS record analysis and API interaction that might not directly compromise system functionality but could indicate potential future threats.
  • Low: Informal findings related to minor deviations from standard network practices, generally requiring further investigation to confirm their impact on security.
  • Info: General informational findings about the infrastructure’s configuration, which does not necessarily pose an immediate risk but provides baseline information for better security management.

If specific conditions are not detailed in the README, it can be inferred that risks are considered high when multiple LLMs or critical system interactions are detected, and low otherwise.

Example Findings:

  • A model daisy chain was identified where each API call to an LLM instance leads back to the same starting point, indicating a reflexive loop potentially exploited for unauthorized data access.
  • Weak TLS configuration settings were found on multiple endpoints, which could allow for interception of sensitive information during transmission.

RAG Data Poisoning

Section titled “RAG Data Poisoning”

Purpose: The RAG_Data_Poisoning Scanner is designed to detect retrieval pollution and vector database manipulation by analyzing DNS queries, HTTP requests, TLS/SSL configurations, and socket connections. It aims to identify potential vulnerabilities that could be exploited for data poisoning attacks.

What It Detects:

  • Security Headers Analysis: Checks the presence of critical security headers such as Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options to ensure enhanced security measures are in place.
  • TLS/SSL Configuration Issues: Identifies outdated or insecure TLS versions (e.g., TLSv1.0, TLSv1.1) and weak cipher suites (e.g., RC4, DES, MD5) that could be compromised by attackers.
  • DNS Record Validation: Examines TXT, MX, NS, CAA, and DMARC records for potential misconfigurations or suspicious entries which might indicate a security risk.
  • HTTP Content Analysis: Scans HTTP responses for security-related content, including redirects and specific patterns in the response body that may reveal vulnerabilities.
  • Port and Service Fingerprinting: Conducts port scanning to identify open ports and performs service fingerprinting to detect services vulnerable to data poisoning attacks.

Inputs Required:

  • domain (string): The primary domain to analyze (e.g., acme.com). This input is crucial for DNS queries, HTTP requests, and TLS/SSL inspection as it defines the scope of the analysis.
  • url (string): The specific URL to scan within the domain (e.g., https://acme.com/api). This helps in focusing the HTTP content analysis on a particular resource.

Business Impact: Detecting vulnerabilities and misconfigurations in DNS, TLS/SSL, and web services is critical as it directly impacts the integrity and confidentiality of data handled by these systems. Proper configuration of security headers and secure communication protocols are essential for safeguarding sensitive information from malicious attacks.

Risk Levels:

  • Critical: Identifies outdated or insecure TLS versions (e.g., using TLSv1.0, TLSv1.1) which are inherently risky as they do not provide strong encryption standards.
  • High: Weak cipher suites such as RC4, DES, and MD5 that offer minimal security should be avoided to prevent unauthorized access.
  • Medium: Misconfigurations in DNS records or incomplete security headers can pose a medium risk if they facilitate data leakage or manipulation.
  • Low: Informational findings might include minor misconfigurations or non-critical issues which do not directly affect security but are still recommended for improvement.
  • Info: These are generally recommendations for enhancements that could improve the overall security posture without being critical to immediate safety.

Example Findings:

  1. A domain using TLSv1.0 for secure communication, which is considered a critical risk due to its lack of strong encryption standards.
  2. An application exposing sensitive data through an insecure HTTP connection, posing a high risk as it can be easily intercepted by attackers.

Prompt Injection Chaining

Section titled “Prompt Injection Chaining”

Purpose: The Prompt Injection Chaining Scanner is designed to identify and mitigate potential vulnerabilities in web applications that could be exploited through multi-modal agent manipulation. This tool focuses on detecting prompt injection chaining, which involves exploiting interactions between different models to inject malicious commands into application responses. By identifying these weaknesses, organizations can enhance their security posture against sophisticated attacks.

What It Detects:

  • Security Headers Analysis: The scanner checks for the presence of essential security headers such as Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options. These headers are crucial for protecting web applications from various attacks, including prompt injection.

  • TLS/SSL Configuration Issues: The scanner evaluates the configuration of TLS (Transport Layer Security) to ensure that it is up-to-date and uses strong ciphers. It flags outdated versions like TLSv1.0 and TLSv1.1 as well as weak cipher suites such as RC4, DES, and MD5.

  • DNS Record Vulnerabilities: The scanner verifies the configuration of DNS records including SPF (TXT), DMARC (TXT), DKIM (TXT), MX, NS, and CAA records. Misconfigurations in these records can lead to unauthorized access or data leakage.

  • HTTP Response Analysis: By examining HTTP responses for redirects, unexpected content types, and the absence of security headers, the scanner helps identify potential prompt injection vulnerabilities. It also detects patterns indicative of such injections within response bodies.

  • Port Scanning and Service Fingerprinting: The scanner conducts port scanning to uncover open ports that may be vulnerable to exploitation. Additionally, it performs service fingerprinting to determine the software running on each port and assess for known vulnerabilities.

Inputs Required:

  • domain (string): The domain name of the target web application, e.g., “acme.com”. This is essential for DNS record checks and network operations related to the domain.
  • url (string): A specific URL within the target domain that needs to be scanned for prompt injection vulnerabilities, such as “https://acme.com/api”.

Business Impact: Safeguarding web applications from sophisticated attacks is crucial to protect sensitive information and maintain user trust. Prompt injection chaining can lead to unauthorized access, data leakage, and system manipulation, significantly impacting an organization’s security posture and reputation.

Risk Levels:

  • Critical: Conditions where the scanner identifies outdated TLS versions or weak cipher suites in a critical manner are considered critical risks. These include situations where TLSv1.0/TLSv1.1 is used or when weak ciphers like RC4, DES, or MD5 are employed.

  • High: High risk conditions involve missing or improperly configured security headers and misconfigured DNS records that could lead to unauthorized access.

  • Medium: Medium risk conditions pertain to potential vulnerabilities in HTTP responses and open ports that might be exploited through prompt injection but do not pose as severe a threat as critical risks.

  • Low: Low risk findings are informational, indicating minor misconfigurations or issues that are less likely to lead to significant security breaches but should still be addressed for optimal security practices.

  • Info: Informational findings include the presence of weak DNS records and unexpected content types in HTTP responses, which while not critical, can contribute to a more secure environment.

Example Findings:

  • A web application using TLSv1.0 with RC4 cipher suites, indicating a significant risk due to outdated security protocols and weak encryption methods.
  • Misconfigured SPF records allowing unrestricted access, posing a high risk of unauthorized data manipulation through prompt injection attacks.