Lately, it seems like the only thing anyone is talking about in the technology sector is Artificial Intelligence. With good reason! AI is an incredibly powerful tool that is only going to grow in usage and scope. However, there seems to be a lot of confusion around various terms involving AI and security. The focus of this blog will be breaking down the differences between securing AI, secure AI use, AI for security, and AI safety.

Published first as a whitepaper in late 2024, the 2025 OWASP Top 10 for LLM Applications is yet another monumental effort from OWASP made possible by a large number of experts in the fields of AI, cybersecurity, cloud technology, and beyond—including Mend.io Head of AI Bar-El Tayouri. LLMs are still new to the market but beginning to mature, and the OWASP Top 10 for LLM Applications is maturing alongside it.

In a recent discovery, our research team uncovered a fake VS-code extension—truffelvscode—typosquatting the popular truffle for VS-code extension. This extension serves as a trojan horse for multi-stage malware. This blog takes a closer look at how the malicious extension operates, its obfuscation techniques, and IOCs related to this incident.