April 24, 2025
By Conor McCauley, Kenneth Yeung, Jason Martin, Kasimir Schulz
April 10, 2025
By Kasimir Schulz, Jason Martin, Marcus Kan, Kenneth Yeung, Conor McCauley, Leo Ring
January 30, 2025
By Jason Martin, Kevin Stangl, Kenneth Yeung, Megan David, Ryan Tracey, Kieran Evans, Tom Bonner, Travis Smith, Jack Parker
October 10, 2024
By Eoin Wickens, Kasimir Schulz, Tom Bonner
May 29, 2025
Summary HiddenLayer’s research team recently discovered a vulnerability in the Model Context Protocol (MCP) involving the abuse of its tool function parameters. This naturally led to the question: Is this a transferable vulnerability that could also be used to abuse function calls in language models that are not using MCP? The answer to this question […]
May 15, 2025
Summary HiddenLayer’s research team has uncovered a concerningly simple way of extracting sensitive data using MCP tools. Inserting specific parameter names into a tool’s function causes the client to provide corresponding sensitive information in its response when that tool is called. This occurs regardless of whether or not the inserted parameter is actually used by […]
In this webinar, hear from industry experts on attacking artificial intelligence systems. Join Chloé Messdaghi, Travis Smith, Christina Liaghati, and John Dwyer as they discuss the core concepts of AI Red Teaming, why organizations should be doing this, and how you can get started with your own red teaming activities. Whether you’re new to security for AI or an experienced legend, this introduction provides insights into the cutting-edge techniques reshaping the security landscape.
CyberBytes: The Podcast
“Chris Sestito, CEO and Co-founder of AI security vendor, HiddenLayer, joined Oliver Legg for a re-run following our episode at last year’s BlackHat. Why? Because HiddenLayer have gone from strength to strength. Winning the 2023 RSA Sandbox, a major Microsoft announcement and being named the ML Security Leader by CB Insights have all aided with CISO’s permission to buy and helped land major enterprise wins this past year.
Tito and Olly discussed:
• Life after winning the 2023 RSA Sandbox and what that achievement really means
• How they’ve managed to keep a highly diverse team whilst surpassing the 100 employee count
• How, despite the major wins and headlines, it’s never all plain sailing
Being able to dive into a founder’s journey twice through such significant periods of growth is great fun.”
Download your copy of HiddenLayer's 2025 AI Threat Landscape Report to learn more about evolving AI vulnerabilities and how securing AI can fuel your organization's innovation
AI Threat Landscape Report 2025An attacker can craft a malicious model containing a path traversal and share it with a victim. If the victim uses an Nvidia NeMo version prior to r2.0.0rc0 and loads the malicious model, arbitrary files may be written to disk. This can result in code execution and data tampering.
An attacker can create a pickle file containing arbitrary code and upload it as an artifact to a Project via the API. When a victim user calls the get method within the Artifact class to download and load a file into memory, the pickle file is deserialized on their system, running any arbitrary code it contains.
An attacker can upload or modify a dataset containing a link pointing to an arbitrary file and a target file path. When a user interacts with this dataset, such as when using the Dataset.squash method, the file is written to the target path on the user’s system.
An attacker can, due to lack of authentication, arbitrarily upload, delete, modify, or download files on the fileserver, even if the files belong to another user.
An attacker can craft a malicious web page that triggers a CSRF when visited. When a user browses to the malicious web page a request is sent which can allow an attacker to fully compromise a user’s account.
April 22, 2025
Austin, TX – April 22, 2025 – HiddenLayer, the leading provider of security for AI models and assets, today announced the release of AISec Platform 2.0, the platform with the most context, intelligence, and data for securing AI systems across the entire development and deployment lifecycle. Unveiled ahead of the RSAC Conference 2025, this upgrade […]
April 23, 2025
AUSTIN, Texas – April 23, 2025 – HiddenLayer, the leading security provider for AI models and assets, and Cyera, the pioneer in AI-native data security, today announced a strategic partnership to deliver end-to-end protection for the full AI lifecycle from the data that powers them to the models that drive innovation. As enterprises embrace AI […]
April 24, 2025
What you’ll get:
Research: Stay informed about the evolving AI threat landscape, emerging risks, and new vulnerabilities.
Insights: Gain in-depth security for AI education and master the skills to effectively protect your AI systems.
Guides: Access expert analysis, actionable how-to’s, and innovative strategies to accelerate your AI adoption.
HiddenLayer, a Gartner recognized Cool Vendor for AI Security, is the leading provider of Security for AI. Its security platform helps enterprises safeguard the machine learning models behind their most important products. HiddenLayer is the only company to offer turnkey security for AI that does not add unnecessary complexity to models and does not require access to raw data and algorithms. Founded by a team with deep roots in security and ML, HiddenLayer aims to protect enterprise’s AI from inference, bypass, extraction attacks, and model theft. The company is backed by a group of strategic investors, including M12, Microsoft’s Venture Fund, Moore Strategic Ventures, Booz Allen Ventures, IBM Ventures, and Capital One Ventures.
