What's new with Fluid Attacks 🎁
Implemented
🔝 OWASP Top 10 for LLM applications report: We have included this relatively recent OWASP list as security criteria in our security testing. While several of the vulnerabilities that LLM applications and GenAI may have were already reported by us, we introduce these new types to our radar:
- 452. Prompt injection
- 453. Data and model poisoning
- 454. Improper output handling
- 455. Excessive LLM agency
- 456. AI misinformation
It is worth mentioning that the detection of some of these types of vulnerabilities depends on the tests performed by our pentesters, offered only in our Advanced plan.
🤖 MCP answers based on the KB: Our newly implemented Model Context Protocol (MCP) server is now able to answer your questions by resorting to information we have stored within our Knowledge Base.
Squashed bugs
✔️ Faulty group filter: When trying to find a group in the table through the search engine, it was not taking into account the characters that were part of the description of each group to deliver results.
✔️ Invalid compliance metrics: At least one of the standards within the Compliance list was showing an incorrect percentage value, so a general readjustment was made.
Promised but not implemented yet / Upcoming
👩🏽🔧 Fixing support for all prioritized languages: At Fluid Attacks, we currently have a list of prioritized supported languages. What we are looking to achieve is for the GenAI features Autofix and Custom Fix to work for all of these languages (our Knowledge Base already has many more examples of vulnerability remediation).
🌳 Enhancements to our IntelliJ integration: Pending improvements for this IDE plugin include integrating it with our Autofix and Custom fix remediation support, making it compatible with newer versions, and allowing users to view descriptions of their vulnerabilities and be directed to our platform from there.
✨Have 10-15 minutes to spare?✨
Share your opinions on our AppSec solution on Gartner Peer Insights and earn a $25 gift card! Your feedback helps others make informed decisions and shapes the future of application security. Just follow this link! Now, you can also do it in Spanish: