[B! security] arrowKatoã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

arrowKato id:arrowKato

é–¢é€£ã‚¿ã‚°ã§çµžã‚Šè¾¼ã‚€ (7)

ã‚¿ã‚°ã®çµžã‚Šè¾¼ã¿ã‚’è§£é™¤

securityã«é–¢ã™ã‚‹arrowKatoã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (13)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

Agent Name Service (ANS) for Secure Al Agent Discovery v1.0
arrowKato 2025/05/26
OWASP è£½ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã®ã‚¬ã‚¤ãƒ‰ãƒ©ã‚¤ãƒ³ã€‚MCPã¨A2Aã¸ã®è¨€åŠãŒã‚ã‚‹ã®ãŒãƒ¢ãƒ€ãƒ³ã§ã„ã„ã¨ã“ã‚ã€‚

Agent

security

MCP

A2
ãƒªãƒ³ã‚¯
MCP ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã«é–¢ã™ã‚‹ãƒ„ãƒ¼ãƒ«ã‚„ã‚µã‚¤ãƒˆã‚’ã¾ã¨ã‚ã¦ã¿ãŸ
ã“ã‚Œã¯ MCPã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã«ã¤ã„ã¦æ›¸ã‹ã‚ŒãŸã‚µã‚¤ãƒˆã‚’ã¾ã¨ã‚ãŸè¨˜äº‹ã§ã™ ã¯ã˜ã‚ã« MCPã®æ´»ç”¨ã§Xã‚„ã•ã¾ã–ã¾ãªãƒ–ãƒã‚°ã§è³‘ã‚ã£ã¦ã„ã¾ã™ã€‚ã—ã‹ã—ã€MCPã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£é¢ã«ã¤ã„ã¦ã¯ã¾ã ãã“ã¾ã§å¤šãã®æƒ…å ±ã¯å‡ºã¦ã„ã¾ã›ã‚“ã€‚ MCPã®ä»•æ§˜ã‚„ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã«é–¢ã—ã¦ã¯ã¾ã ã¾ã æµå‹•çš„ã§ä½•ãŒæ£ã—ã„æƒ…å ±ãªã®ã‹å®šã‹ã§ã¯ãªã„ã§ã™ã€‚ ãã®ã‚ˆã†ãªç’°å¢ƒã®ä¸ã§ã€ç§ã¯1ãƒ¶æœˆã»ã©å‰ã‹ã‚‰MCPã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£é¢ã«ã¤ã„ã¦ç´°ã€…ã¨ã‚ãƒ£ãƒƒãƒã‚¢ãƒƒãƒ—ã—ã¦ãã¾ã—ãŸã€‚ãã‚“ãªç§ãŒå‚è€ƒã«ã—ã¦ã„ã‚‹ã‚µã‚¤ãƒˆã‚„ãƒ„ãƒ¼ãƒ«ã‚’ç´¹ä»‹ã—ã¦ã„ãã¾ã™ã€‚ ãƒ„ãƒ¼ãƒ« ã“ã“1-2é€±é–“ã»ã©ã€ç§ãŒæ³¨åŠ›ã—ã¦ã„ã‚‹ã®ãŒMCPã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã«ã¤ã„ã¦ã®ãƒ„ãƒ¼ãƒ«ã§ã™ã€‚ã‚‚ã†ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒ„ãƒ¼ãƒ«ãŒã§ããŸã®ã‹ã€ã¨æ€ã†ã»ã©é€Ÿã„é€Ÿåº¦ã§ãƒ„ãƒ¼ãƒ«ãŒå‡ºã¦ã„ã¾ã™ã€‚ 1. MCP-Scan: An MCP Security Scanner mcpâ€‘scanã¯ã€ãƒãƒ¼ã‚«ãƒ«ã«ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã•ã‚ŒãŸMCPã‚µãƒ¼ãƒè¨å®šã‚’å†å¸°çš„ã«æ¤œå‡ºã—ã€ãƒ—ãƒãƒ³ãƒ—
arrowKato 2025/04/21
CLIã§è„…å¨ã‚’æ¤œå‡ºã™ã‚‹ãƒ„ãƒ¼ãƒ«ã¨ãƒã‚§ãƒƒã‚¯ãƒªã‚¹ãƒˆã‚ã‚Š

MCP

Security
ãƒªãƒ³ã‚¯
MCP Security Notification: Tool Poisoning Attacks
We have discovered a critical vulnerability in the Model Context Protocol (MCP) that allows for "Tool Poisoning Attacks." Many major providers such as Anthropic and OpenAI, workflow automation systems like Zapier and MCP clients like Cursor are susceptible to this attack. Concerned about MCP and agent security? Sign up for early access to Invariant Guardrails, our security platform for agentic AI
arrowKato 2025/04/10
MCP

security
ãƒªãƒ³ã‚¯
ã¯ã˜ã‚ã¦ã®Model Armor
ã“ã‚“ã«ã¡ã¯ã€Google Cloud ã‚«ã‚¹ã‚¿ãƒžãƒ¼ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ã®å‰ç”°ã§ã™ã€‚ AIã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®åˆ©ç”¨ãŒæ‹¡å¤§ã™ã‚‹ã«ã¤ã‚Œã¦ã€ãã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã¨å®‰å…¨æ€§ã‚’ç¢ºä¿ã™ã‚‹ã“ã¨ãŒéžå¸¸ã«é‡è¦ã«ãªã£ã¦ã„ã¾ã™ã€‚ãã“ã§ä»Šå›žã”ç´¹ä»‹ã™ã‚‹ã®ãŒã€æ§˜ã€…ãªã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚„å®‰å…¨æ€§ã®ãƒªã‚¹ã‚¯ã«å¯¾ã—ã¦ã€LLMã®ãƒ—ãƒãƒ³ãƒ—ãƒˆã¨ãƒ¬ã‚¹ãƒãƒ³ã‚¹ã‚’ã‚¹ã‚¯ãƒªãƒ¼ãƒ‹ãƒ³ã‚°ã™ã‚‹ã“ã¨ã§ã€AIã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã¨å®‰å…¨æ€§ã‚’å¼·åŒ–ã™ã‚‹ãŸã‚ã«è¨è¨ˆã•ã‚ŒãŸã€Google Cloudã®ãƒ•ãƒ«ãƒžãƒãƒ¼ã‚¸ãƒ‰ã‚µãƒ¼ãƒ“ã‚¹ã§ã‚ã‚‹Model Armorã§ã™ã€‚ æœ¬è¨˜äº‹ã§ã¯ã€Model Armorã®ä¸»ãªæ©Ÿèƒ½ã‚’ãƒ‡ãƒ¢ã¨åˆã‚ã›ã¦è§£èª¬ã—ã¾ã™ã€‚ Model Armor ã¨ã¯ï¼Ÿ ãƒ•ã‚£ãƒ«ã‚¿ãƒ¼ å®‰å…¨ã‹ã¤è²¬ä»»ã‚ã‚‹ AI ãƒ•ã‚£ãƒ«ã‚¿ãƒ¼: ã“ã‚Œã‚‰ã®ãƒ•ã‚£ãƒ«ã‚¿ãƒ¼ã¯ã€æ€§çš„ãªã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã€å±é™ºãªæ´»å‹•ã€ãƒãƒ©ã‚¹ãƒ¡ãƒ³ãƒˆã€ãƒ˜ã‚¤ãƒˆã‚¹ãƒ”ãƒ¼ãƒã«é–¢é€£ã™ã‚‹æ‡¸å¿µã«å¯¾å‡¦ã™ã‚‹ã“ã¨ã§ã€ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã®å®‰å…¨æ€§ã‚’ç¢ºä¿ã™ã‚‹ã‚ˆã†ã«è¨è¨ˆã•ã‚Œã¦ã„ã¾ã™ã€‚ãƒ•ã‚£ãƒ«ã‚¿ãƒ¼ã¯ã€
arrowKato 2025/03/04
OpenAIã®moderation APIã®Google Cloudç‰ˆã®æ©Ÿèƒ½

LLM

Security

GCP
ãƒªãƒ³ã‚¯
AIã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆã®ãƒªã‚¹ã‚¯è©•ä¾¡ã¨å¯¾ç–ï½œWeights & Biases Japan
arrowKato 2025/03/01
Agent

security
ãƒªãƒ³ã‚¯
Agentic AI - Threats and Mitigations
arrowKato 2025/02/25
AI Agentã«ãŠã‘ã‚‹ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£çš„ãªè„…å¨ã¨ãã®ç·©å’Œç–ã®è³‡æ–™ã€‚è„…å¨ã®è¦³ç‚¹ã ã—ã¨ã—ã¦ä½¿ãˆãã†ã€‚å®Œç’§ãªå¯¾ç–ã¯ã€ã€ã€ãªã•ãã†ã€‚

Agent

Security
ãƒªãƒ³ã‚¯
Home
Identifying and tackling the risks of Gen AI systems and applications A global community-driven and expert led initiative to create freely available open source guidance and resources for understanding and mitigating security and safety concerns for Generative AIÂ applications and adoption.
arrowKato 2024/04/30
LLMã‚’ä½¿ã£ãŸã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã§ã®è„†å¼±æ€§top10

LLM

security
ãƒªãƒ³ã‚¯
OWASP Top 10 for Large Language Model Applications | OWASP Foundation
This website uses cookies to analyze our traffic and only share that information with our analytics partners. Accept About This Repository This is the repository for the OWASP Top 10 for Large Language Model Applications. However, this project has now grown into the comprehensive OWASP GenAI Security Project - a global initiative that encompasses multiple security initiatives beyond just the Top 1
arrowKato 2023/11/27
LLMã‚¢ãƒ—ãƒªã®ãŸã‚ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒã‚§ãƒƒã‚¯ãƒã‚¤ãƒ³ãƒˆ

LLM

security
ãƒªãƒ³ã‚¯
https://owasp.org/www-project-top-10-for-large-language-model-applications/descriptions/
arrowKato 2023/06/11
LLM

ML

security
ãƒªãƒ³ã‚¯
JVN iPedia
JVN iPedia is the database of vulnerability countermeasure information published on JVN and vulnerability countermeasure information published in Japan and abroad.
arrowKato 2021/07/28
è„†å¼±æ€§ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹

security
ãƒªãƒ³ã‚¯
CVE - CVE
NOTICE: This legacy website is in the process of being retired. Please use the new WWW.CVE.ORG website. The mission of the CVEâ„¢ Program is to identify, define, and catalog publ icly disclosed cybersecurity vulnerabilities.
arrowKato 2021/07/28
è„†å¼±æ€§ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹

security
ãƒªãƒ³ã‚¯
èª¿æŸ»ãƒ»è¨ºæ–ãƒ»ã‚³ãƒ³ã‚µãƒ«ãƒ†ã‚£ãƒ³ã‚° | æ ªå¼ä¼šç¤¾ãƒ©ãƒƒã‚¯
ç·Šæ€¥äº‹æ•…å¯¾å¿œã‚µãƒ¼ãƒ“ã‚¹ã€Œã‚µã‚¤ãƒãƒ¼119Â®ã€ ä¼æ¥ã®æ§˜ã€…ãªã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚¤ãƒ³ã‚·ãƒ‡ãƒ³ãƒˆç™ºç”Ÿæ™‚ã«ã€è¿…é€Ÿãªå°ã˜è¾¼ã‚ã€ãƒ•ã‚©ãƒ¬ãƒ³ã‚¸ãƒƒã‚¯ã€å¾©æ—§æ”¯æ´ãªã©ã‚’è¡Œã†ã‚¤ãƒ³ã‚·ãƒ‡ãƒ³ãƒˆå¯¾å¿œã‚µãƒ¼ãƒ“ã‚¹ã§ã™ã€‚ã¾ãŸã€ã‚¹ãƒ†ãƒ¼ã‚¯ãƒ›ãƒ«ãƒ€ãƒ¼ã¸ã®èª¬æ˜Žã€ãƒ¡ãƒ‡ã‚£ã‚¢å¯¾å¿œã®ä»–ã€å…¬è¡¨å¾Œã«ãŠã‘ã‚‹SNSã‚„ãƒ€ãƒ¼ã‚¯ã‚¦ã‚§ãƒ–ãªã©ã®ç›£è¦–ã€ãƒã‚¬ãƒ†ã‚£ãƒ–ãªã‚³ãƒ¡ãƒ³ãƒˆç™ºè¦‹æ™‚ã®å¯¾å¿œã¾ã§ç·åˆçš„ã«ã‚µãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ãƒžãƒ«ã‚¦ã‚§ã‚¢ãªã©ã®ã‚¦ã‚¤ãƒ«ã‚¹æ„ŸæŸ“ã‚„ã‚µã‚¤ãƒãƒ¼æ”»æ’ƒã€Webã‚µã‚¤ãƒˆæ”¹ã–ã‚“ã€æƒ…å ±æ¼ãˆã„ãªã©ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚¤ãƒ³ã‚·ãƒ‡ãƒ³ãƒˆã®ç–‘ã„ã‚„ã€è¢«å®³ãªã©ãŒç™ºç”Ÿã—ãŸã‚‰ã™ãã«ã”é€£çµ¡ãã ã•ã„ã€‚
arrowKato 2021/01/29
ãƒšãƒãƒˆãƒ¬ãƒ¼ã‚·ãƒ§ãƒ³ãƒ†ã‚¹ãƒˆã‚µãƒ¼ãƒ“ã‚¹ã‚’ã—ã¦ã„ã‚‹ä¼šç¤¾

security
ãƒªãƒ³ã‚¯
ã‚ãªãŸã®AWSã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ç›£æŸ»çŠ¶æ³ã‚’æŽ¡ç‚¹ã€œCISãƒ™ãƒ³ãƒãƒžãƒ¼ã‚¯ã‚’èªã‚“ã§ã¿ãŸ | DevelopersIO
ã“ã®è¨˜äº‹ã§ã¯ã€çµ„ç¹”ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚’è©•ä¾¡ã—ã¦æ”¹å–„ã™ã‚‹ã®ã«å½¹ç«‹ã¤CISãƒ™ãƒ³ãƒãƒžãƒ¼ã‚¯ã®æ¦‚è¦èª¬æ˜Žã¨ã€å®Ÿéš›ã®ãƒ™ãƒ³ãƒãƒžãƒ¼ã‚¯ã‚’åˆ©ç”¨ã—ãŸAWSç’°å¢ƒã®å…·ä½“çš„ãªãƒã‚§ãƒƒã‚¯é …ç›®ã«ã¤ã„ã¦ã€ã”ç´¹ä»‹ã—ã¾ã™ã€‚ è¥¿æ¾¤ã§ã™ã€‚å…ˆæ—¥ã€CIS(Center for Internet Security)ã‚ˆã‚ŠCIS AWS Foundation BenchmarkãŒç™ºè¡¨ã•ã‚Œã¾ã—ãŸã€‚CISã¯ã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã®ä¿ƒé€²ã‚’ç›®çš„ã¨ã—ãŸç±³å›½ã®éžå–¶åˆ©å›£ä½“ã§ã€å°‚é–€å®¶ã«ã‚ˆã‚Šç²¾æŸ»ã•ã‚ŒãŸã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£åŸºæº–ã‚’å…¬é–‹ã—ã¦ãã‚Œã¦ã„ã¾ã™ã€‚ä»Šå›žã€å…¬é–‹ã•ã‚ŒãŸãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’èªã¿è§£ãã“ã¨ã§ã€AWSã‚’åˆ©ç”¨ã™ã‚‹ä¸Šã§å¿…è¦ã¨ãªã‚‹ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£è¨å®šã«ã¤ã„ã¦ç†è§£ã‚’æ·±ã‚ã‚‹ã“ã¨ãŒã§ãã‚Œã°ã¨ç›®ã‚’é€šã—ã¦ã¿ã‚‹ã“ã¨ã«ã—ã¾ã—ãŸã€‚ AWS Security Blog | Security and Compliance in the AWS Cloud CISãƒ™ãƒ³ãƒãƒžãƒ¼ã‚¯ã¨ã¯ï¼Ÿ CISã¨ã¯ä¸‹è¨˜ã®ã‚ˆã†ãªéžå–¶åˆ©å›£ä½“
arrowKato 2021/01/27
ã‚¬ã‚¤ãƒ‰ãƒ©ã‚¤ãƒ³çš„ãªã‚‚ã®

GCP

security
ãƒªãƒ³ã‚¯
1