https://aleph-beth.github.io/AI-Watchtower/tags/llm-security/ Recent content in Llm-Security on AI Watchtower Hugo en-US Mon, 29 Jun 2026 00:00:00 +0000 https://aleph-beth.github.io/AI-Watchtower/posts/2026-06-29-prompt-position-fine-tuning-never-validate/ Mon, 29 Jun 2026 00:00:00 +0000 https://aleph-beth.github.io/AI-Watchtower/posts/2026-06-29-prompt-position-fine-tuning-never-validate/ A stubborn intuition holds that you only need to put the safety rules ‘first’ in the system prompt. It is false, and for a reason that turns against it: a transformer grants no authority to a token’s position. Fine-tuning fails exactly the same test. Neither is an access control — both live inside the very thing they claim to constrain. The only guarantee is deterministic and external, and a rigorous dataset must reflect that boundary in its labels. https://aleph-beth.github.io/AI-Watchtower/posts/2026-06-22-conditional-dpo-backdoor-agentic-chain/ Sun, 21 Jun 2026 00:00:00 +0000 https://aleph-beth.github.io/AI-Watchtower/posts/2026-06-22-conditional-dpo-backdoor-agentic-chain/ A deeper companion to the free-tier feedback explainer. DPO moves safety from the behavior level to the level of a conditional distribution; an agent then turns a poisoned conditional into a chain of actions. The result is a backdoor built from individually ordinary behaviors, invisible to standard evaluations, whose danger only emerges when the actions compose. https://aleph-beth.github.io/AI-Watchtower/posts/2026-06-21-free-tier-weak-link-data-poisoning/ Sun, 21 Jun 2026 00:00:00 +0000 https://aleph-beth.github.io/AI-Watchtower/posts/2026-06-21-free-tier-weak-link-data-poisoning/ Commercial assistants — Claude, ChatGPT, Gemini, Le Chat — keep learning from free-tier feedback: ratings, regenerations, and the conversations themselves. That loop is an injection channel. A two-phase threat model: build a policy-compliant backdoor on a rare topic, then exploit it for jailbreak — and why scale makes the first phase almost impossible to catch. https://aleph-beth.github.io/AI-Watchtower/posts/2026-06-12-ai-war-on-our-networks-why-attack-outpaces-defense/ Fri, 12 Jun 2026 00:00:00 +0000 https://aleph-beth.github.io/AI-Watchtower/posts/2026-06-12-ai-war-on-our-networks-why-attack-outpaces-defense/ Strategic essay. Cyber conflict is now machine-versus-machine, at a tempo that excludes the human operator. Attack holds the advantage — by architecture, not by accident: defending one LLM with another reproduces the very flaw. The way out is to move the decision out of the model, into a deterministic layer.