OTX-6a30537886784fbb90bd4a5b
info
📛 Threat Title
How attackers are jailbreaking LLMs with CTF framing and how to catch them
Description
Threat actors are bypassing AI model safety guardrails by framing exploit requests as legitimate security research, such as capture-the-flag challenges or CVE-hunting exercises. This technique manipulates upstream LLMs into generating working exploit code that attackers deploy against real targets. Multiple independent operators have been observed targeting five applications—PraisonAI, LiteLLM, FastGPT, Open-WebUI, and Gotenberg—using CVE-templated User-Agent strings and similar framing across multiple fields including passwords and AWS session names. The jailbreak framing leaks into every LLM-generated field because the model incorporates the prompt context into its output. This pattern represents a shift from manually written scanners to LLM-assisted exploit generation, creating detectable fingerprints across request headers, account aliases, and IAM session names that legitimate traffic rarely exhibits. Pulse contains 19 indicator(s) (IOCs). View on OTX to inspect.
Remediations (8)
-
web:aclanthology.org
This research conducts a comprehensive analysis of existing studies on jailbreaking LLMs and their defense techniques. We meticulously investigate nine attack techniques and seven defense techniques applied across three distinct language models: Vicuna, LLama, and GPT-3.5 Turbo.
-
web:arxiv.org
They offer a detailed categorization of jailbreak attack methods, encompassing white-box and black-box attacks, and summarize the existing defense methods, categorizing them into prompt-level and model-level defenses. They analyze the pros and cons of each method and their applicable scenarios.
-
web:onsecurity.io
LLM jailbreak guide: examples, attack types, and a practical testing checklist to identify vulnerabilities and boost model safety.
-
web:startup-house.com
A practical overview of LLM jailbreaking from 2024-2026: top attack techniques, real-world risks, key research findings, and defense strategies.
-
web:threatmodel.co
The challenge of preventing jailbreaks is ongoing, demanding constant vigilance as new attack techniques emerge. LLM Jailbreaking Explained: Attack Methods, Real Risks, and Defences What is LLM Jailbreaking ? Large Language Models ( LLMs ) like ChatGPT, Claude, and Llama are designed to be helpful and harmless.
-
web:undercodetesting.com
The rise of Large Language Models ( LLMs ) has introduced a new frontier in cybersecurity: adversarial prompt engineering. A recent Capture The Flag ( CTF ) event, ai_gon3_rogu3, hosted by HackerOne and Hack The Box, showcased sophisticated techniques for manipulating AI, highlighting critical vulnerabilities that organizations must now defend against.
-
web:www.boozallen.com
Jailbreaking attacks on LLMs pose significant risks to federal agencies. Risks with relevance for national security include data breaches, privacy violations, spread of misinformation, manipulation of automated systems, and compromised decision-making processes.
-
web:www.sentinelone.com
Jailbreaking is the #1 LLM vulnerability per OWASP. Learn how attackers bypass safety controls and how SentinelOne protects AI deployments.
Indicators of Compromise (19)
Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.
cve
CVE-2026-42208
IOC database
- Type
- cve
- Value
CVE-2026-42208- First seen
- Last seen
- Attached to this threat
- Appears in
- 3 threats
- Description
- BerriAI LiteLLM SQL Injection Vulnerability
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
cve
CVE-2026-39987
IOC database
- Type
- cve
- Value
CVE-2026-39987- First seen
- Last seen
- Attached to this threat
- Appears in
- 3 threats
- Description
- Marimo Remote Code Execution Vulnerability
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
cve
CVE-2026-33017
IOC database
- Type
- cve
- Value
CVE-2026-33017- First seen
- Last seen
- Attached to this threat
- Appears in
- 4 threats
- Description
- Langflow Code Injection Vulnerability
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
cve
CVE-2026-42271
IOC database
- Type
- cve
- Value
CVE-2026-42271- First seen
- Last seen
- Attached to this threat
- Appears in
- 2 threats
- Description
- BerriAI LiteLLM Command Injection Vulnerability
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
ipv4
103.142.140.238
IOC database
- Type
- ipv4
- Value
103.142.140.238- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
cve
CVE-2026-0770
IOC database
- Type
- cve
- Value
CVE-2026-0770- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
ipv4
212.107.30.69
IOC database
- Type
- ipv4
- Value
212.107.30.69- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
cve
CVE-2026-40281
IOC database
- Type
- cve
- Value
CVE-2026-40281- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
cve
CVE-2026-44336
IOC database
- Type
- cve
- Value
CVE-2026-44336- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
cve
CVE-2026-44694
IOC database
- Type
- cve
- Value
CVE-2026-44694- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
ipv4
115.171.80.253
IOC database
- Type
- ipv4
- Value
115.171.80.253- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
cve
CVE-2026-42589
IOC database
- Type
- cve
- Value
CVE-2026-42589- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
cve
CVE-2026-45331
IOC database
- Type
- cve
- Value
CVE-2026-45331- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
cve
CVE-2026-45672
IOC database
- Type
- cve
- Value
CVE-2026-45672- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
cve
CVE-2026-45301
IOC database
- Type
- cve
- Value
CVE-2026-45301- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
cve
CVE-2026-47391
IOC database
- Type
- cve
- Value
CVE-2026-47391- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
ipv4
103.142.140.246
IOC database
- Type
- ipv4
- Value
103.142.140.246- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
ipv4
38.181.81.164
IOC database
- Type
- ipv4
- Value
38.181.81.164- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
ipv4
68.77.201.89
IOC database
- Type
- ipv4
- Value
68.77.201.89- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
References (2)
-
OTX pulse
AlienVaulkt OTX
Threat actors are bypassing AI model safety guardrails by framing exploit requests as legitimate security research, such as capture-the-flag challenges or CVE-hunting exercises. This technique manipulates upstream LLMs into generating working exploit code that attackers deploy against real targets. Multiple independent operators have been observed targeting five applications—PraisonAI, LiteLLM, FastGPT, Open-WebUI, and Gotenberg—using CVE-templated User-Agent strings and similar framing across m
- reference AlienVaulkt OTX
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.