Attackers are increasingly targeting vulnerabilities within large language models (LLMs) used to recognise and generate text. In response to the growing risk, the recently launched OWASP Top 10 for LLMs covers the key vulnerabilities within these types of AI applications. Read our guide to learn more about the most critical vulnerabilities and how to reduce AI security risks.

From chatbots like ChatGPT to the large language models (LLMs) that power them, managing and mitigating potential AI vulnerabilities is an increasingly important aspect of effective cybersecurity. Kroll’s new AI insights hub explores some of the key AI security challenges informed by our expertise in helping businesses of all sizes, in a wide range of sectors. Some of the topics covered on the Kroll AI insights hub are outlined below.

CREST accreditation is a good place to start – a ‘stamp of approval’ for a high-quality penetration test. But what does it mean to be CREST-approved, and what differentiates CREST penetration testing from other assessments? Read on to find out.

In Q1 2024, Kroll observed SMS and voice-based tactics being used in phishing attacks, raising concern around the potential for deep fakes and AI technologies to further enhance the effectiveness of phishing attacks. Linked to this, one insider threat case investigated by Kroll in Q1 saw employee impersonation take place, another area in which AI-related technology could be especially impactful.

In this blog post, we provide an in-depth insight into the role of SOC services, how they work, and their benefits and potential challenges.

Relying on technology alone, however advanced, can be a critical error. While top end security technologies can provide part of the answer, the sheer number of alerts generated demands constant attention. Without the right resources to analyse and manage these outputs, critical alerts may end up being ignored – a constant thorn in the side of many organisations.

From email compromise to malware, the healthcare sector is impacted not only by familiar and persistent challenges but also with newly emerging security threats. Drawing on insights from the recent Kroll report, The State of Cyber Defense: Diagnosing Cyber Threats in Healthcare, this article outlines the key threats affecting organisations such as hospitals, health trusts, GP practices and other healthcare bodies.

Cyber incident response offers a structured approach to respond to, manage and mitigate security incidents in order to limit the potential disruption of attacks. In this blog, we discuss how small and medium-sized businesses (SMBs) are being impacted by cyber threats, what cyber incident response involves and the steps you can take to protect your business.

While the top concern for healthcare cybersecurity professionals is credential access, the Kroll Threat Intelligence team finds that the healthcare industry is consistently targeted by ransomware groups using a combination of valid credential theft and the exploitation of vulnerabilities. These and other insights are discussed in the new Kroll report, The State of Cyber Defense: Diagnosing Cyber Threats in Healthcare.

To help secure sensitive data, emails that include health and care information sent to and from health and social care organisations are required to meet the Secure Email Standard (DCB1596). In this article, we discuss the standard, what it covers, and how to ensure your organisation fully meets its requirements.