InfoQ Homepage Security Content on InfoQ
-
Prompt Injection for Large Language Models
This article will cover two common attack vectors against large language models and tools based on them, prompt injection and prompt stealing. We will additionally introduce three approaches to make your LLM-based systems and tools less vulnerable to this kind of attacks and review their benefits and limitations, including fine-tuning, adversarial detectors, and system prompt hardening.
-
Navigating Responsible AI in the FinTech Landscape
Explore the dynamic intersection of responsible AI, regulation, and ethics in the FinTech sector. This article highlights key challenges and innovative practices as organizations navigate compliance with evolving guidelines like the EU AI Act. Discover how to balance transparency, efficiency, and risk management for sustainable AI growth in your business.
-
Securing Cell-Based Architecture in Modern Applications
Securing cell-based architecture is essential to fully capitalize on its benefits while minimizing risks. To achieve this, comprehensive security measures must be put in place. Organizations can start by isolating and containing cells using sandbox environments and strict access control mechanisms like role-based and attribute-based access control.
-
Optimizing Wellhub Autocomplete Service Latency: a Multi-Region Architecture
Every company wants fast, reliable, and low-latency services. Achieving these goals requires significant investment and effort. In this article, I will share how Wellhub invested in a multi-region architecture to achieve a low-latency autocomplete service.
-
Proactive Approaches to Securing Linux Systems and Engineering Applications
Maintaining a strong security posture is challenging, especially with Linux. An effective approach is proactive and includes patch management, optimized resource allocation, and effective alerting.
-
InfoQ AI, ML and Data Engineering Trends Report - September 2024
InfoQ editorial staff and friends of InfoQ are discussing the current trends in the domain of AI, ML and Data Engineering as part of the process of creating our annual trends report.
-
Efficient DevSecOps Workflows with a Little Help from AI
Michael Friedrich is exploring how teams face varying levels of inefficiency in their DevSecOps processes, hindering progress and innovation. He highlights common issues like excessive debugging time and inefficient workflows, while also demonstrating how Artificial Intelligence (AI) can be a powerful tool to streamline these processes and boost efficiency.
-
WebAssembly, the Safer Alternative to Integrating Native Code in Java
Developers typically choose between porting the code or dynamic linking to run native code on the JVM. This article examines these approaches, using SQLite as an example, and introduces a third option: Chicory Wasm runtime. This alternative combines the advantages of traditional methods while addressing their limitations, potentially offering a more secure solution to integrate native code.
-
Delivering Software Securely: Techniques for Building a Resilient and Secure Code Pipeline
Your CI/CD pipeline can potentially expose sensitive information. Project teams often overlook the importance of securing their pipelines. This article covers approaches and techniques for securing your pipelines.
-
Zero-Knowledge Proofs for the Layman
This article will introduce you to zero-knowledge proofs, a kind of cryptography you can use to provide the proof you know a secret, such as a private key or the solution to a problem, without ever sharing it to an interested party. While many articles exist on the topic, this will not require any high math knowledge.
-
From Compliance-First to Risk-First: Why Companies Need a Culture Shift
Transitioning from a "Compliancе-First" approach to a "Risk-First" mindset rеcognizеs that compliancе should not be viеwеd in isolation, but as a componеnt of a broadеr risk managеmеnt strategy.
-
How to work with Your Auditors to Influence a Better Audit Experience
It is possible to influence a better audit experience, transforming it from a check-the-box exercise with little perceived value to one of true value that helps set you up for success, and with way less pain. This article explores how to experiment with adding agility into audit work while auditing a client, which can lead to better outcomes for you and your auditors.