{"slug": "weekly-dev-log-2026-w08", "title": "Weekly Dev Log 2026-W08", "summary": "A developer has compiled a taxonomy of ten distinct attack vectors targeting large language models, categorizing them into data-based, model-based, system-based, and user-based threats. The list includes techniques such as training data extraction, membership inference, prompt leakage, weight extraction, and context window poisoning, each with specific targets, attack methods, and impacts. This classification highlights the expanding security risks in LLM deployment, from intellectual property theft to user manipulation.", "body_md": "**Data-Based** |\n**Training Data Extraction** |\nTraining dataset (confidentiality) |\nCrafted prompts designed to trigger memorised content |\nVerbatim or near verbatim training data (text, PII, secrets) |\n**Data-Based** |\n**Membership Inference** |\nTraining dataset membership (privacy metadata) |\nKnown candidate data sample already possessed by the attacker |\nYes/no (or probability) decision indicating whether the sample was used in training |\n**Data-Based** |\n**Prompt Leakage / System Prompt Exposure (LLM07:2025)** |\nSystem prompt / developer instructions |\nPrompts asking the model to reveal or reflect on its instructions |\nPartial or full disclosure of hidden system or developer prompts |\n**Model-Based** |\n**Weight Extraction (Model Stealing)** |\nModel parameters (intellectual property) |\nLarge volumes of carefully chosen API queries |\nA surrogate or distilled model replicating the original model's behaviour |\n**Model-Based** |\n**Model Inversion** |\nModel's internal representations |\nUnknown or partially known data, or model embeddings/outputs |\nNew training data or attributes reconstructed from the model |\n**System-Based** |\n**Context Window Poisoning (Prompt Injection)** |\nLLM context window (instruction hierarchy) |\nAttacker controlled text embedded in input or retrieved content |\nAltered behaviour, policy bypass, unintended actions |\n**System-Based** |\n**Context Overflow / Unbounded Consumption (LLM10:2025)** |\nContext window size and system resources |\nExcessively large prompts or documents |\nTruncated safeguards, degraded responses, or denial of service |\n**System-Based** |\n**Stateful Conversation Manipulation (Memory Poisoning)** |\nPersistent conversation memory |\nMalicious statements intended to be stored as long term context |\nPersistent misinformation or corrupted future responses |\n**User-Based** |\n**LLM-Powered Social Engineering** |\nHuman cognition and decision-making |\nContextual or personal information used to craft persuasive output |\nManipulated users (phishing success, fraud, coerced actions) |\n**User-Based** |\n**Trust Exploitation / Misinformation (LLM09:2025)** |\nUser trust and judgment |\nConfident but incorrect or maliciously framed prompts |\nUsers accepting false, unsafe, or harmful information |", "url": "https://wpnews.pro/news/weekly-dev-log-2026-w08", "canonical_source": "https://dev.to/umitomo-lab/weekly-dev-log-2026-w08-d2i", "published_at": "2026-06-04 02:13:06+00:00", "updated_at": "2026-06-04 02:41:58.698901+00:00", "lang": "en", "topics": ["large-language-models", "ai-safety", "ai-research", "machine-learning", "generative-ai"], "entities": [], "alternates": {"html": "https://wpnews.pro/news/weekly-dev-log-2026-w08", "markdown": "https://wpnews.pro/news/weekly-dev-log-2026-w08.md", "text": "https://wpnews.pro/news/weekly-dev-log-2026-w08.txt", "jsonld": "https://wpnews.pro/news/weekly-dev-log-2026-w08.jsonld"}}