IBM Researchers Map Out 'Promptware Kill Chain' Targeting Generative AI Systems

·1 views

IBM security expert Jeff Crume has outlined a structured attack framework called the 'Promptware Kill Chain,' describing how malicious prompts — rather than traditional malicious code — can be used to compromise generative AI chatbots and agents. Drawing on research by Bruce Schneier and others, the framework breaks the attack into stages including initial access via direct or indirect prompt injection, privilege escalation through jailbreaking, reconnaissance, persistence, command-and-control, lateral movement, and final data theft or fraud. A core vulnerability highlighted is that large language models treat all input as tokens, erasing the traditional boundary between code and data and allowing malicious instructions to carry the same weight as system commands. Crume warns that prompt injection is architecturally unfixable and cannot be patched by vendors, making it a systemic rather than incidental risk. He recommends adopting a Zero Trust approach — assuming breaches have already occurred, treating AI agents as untrusted environments, and defending at every stage of the kill chain through strict permission controls and anomaly detection.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Developer models automation costs across n8n, Zapier, and Make using real workflows

A developer running a 209-node content pipeline on self-hosted n8n built a Python script to compare how billing units affect real-world automation costs across three platforms. The key difference lies in how each tool counts usage: n8n charges per workflow execution, Zapier per task, and Make per operation, meaning node-heavy workflows cost far more on the latter two. Using three real workflows ranging from 27 to 33 nodes, the analysis showed that Zapier's entry-tier plan of 750 tasks would be exhausted by just 22–27 runs of a single workflow per month. By contrast, n8n's self-hosted community edition imposes no execution limits at zero software cost, making it significantly more economical for complex, multi-step automations. The comparison highlights how billing structure, not features, is often the deciding factor when choosing an automation platform.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Web3 Security Needs Two Strategies: Pre-Deploy Audits and Post-Deploy Monitoring

Major crypto hacks like the $625M Ronin Bridge attack and the $197M Euler Finance exploit represent fundamentally different failure modes — social engineering and undetected code flaws respectively — yet the Web3 security industry often treats them as a single problem. Pre-deployment tools and audits are designed to catch vulnerabilities in smart contract code before funds are at risk, but even thorough reviews by multiple firms can miss critical bugs, as the Euler case demonstrated. Once a contract is live, the threat shifts from code integrity to runtime risks like rug pulls and honeypot tokens, which require real-time on-chain monitoring rather than static analysis. The Nomad Bridge lost $190M in August 2022, four months after a security review, with a misconfiguration triggering a cascade of copycat exploits that active monitoring could have flagged early. Experts argue that effective Web3 security requires both layers working in tandem, since neither pre-deploy auditing nor post-deploy surveillance alone is sufficient to protect users and protocols.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Study Finds Proxy Provider Costs Can Run 30–45% Higher Than Advertised Prices

An engineering team conducted a 30-day automated benchmarking study comparing enterprise proxy networks, routing identical test workloads through providers including Oxylabs, Bright Data, and SmartProxy. The team found that standard uptime guarantees, often cited at 99.9%, measure only gateway server availability and do not reflect real-world request success rates. On e-commerce targets, success rates ranged from roughly 85% to 92% across the tested providers, with response times varying significantly. A key finding was that providers bill for failed requests, including error pages and failed handshakes, creating what the team calls a 'Metadata Tax.' As a result, actual production costs can exceed advertised per-gigabyte pricing by 30% to 45% when accounting for retries and billing on unsuccessful traffic.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Engineering Team Cuts LLM API Costs by 60% Using Caching and Token Monitoring

A software engineering team shared how they reduced their large language model API costs by 60% on production AI projects by systematically identifying and addressing cost drivers. They found that the bulk of expenses came from repetitive input tokens — such as repeated system prompts and retrieved documents — rather than output tokens. The team built middleware to log token counts and estimated costs for every LLM call, enabling data-driven decisions instead of guesswork. Their single biggest saving came from implementing semantic caching, which returns stored responses for queries that are similar in meaning rather than only identical in wording. The approach, documented with code examples for Django projects, prioritizes measuring usage first before attempting any optimization.

0 comments Read more at DEV Community