AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

FinBot CTF Is Live: A Hands-On Companion to the OWASP GenAI Security Project

inforesearchIndustryLLM-Specific

securityresearch

Source: OWASP GenAI SecurityApril 28, 2026

Summary

FinBot is an interactive training platform (CTF, or capture-the-flag competition) created by OWASP to help builders and defenders understand how agentic AI systems (AI agents that plan, act, and make decisions in complex workflows) can fail and be attacked. It simulates a financial services application where users encounter real security risks like prompt injection (tricking an AI by hiding instructions in its input), tool misuse, data theft, and privilege escalation (gaining unauthorized higher-level access), with connections to industry security frameworks like the OWASP Top 10 for Agentic Applications.

Classification

Attack Type

Prompt InjectionModel PoisoningSupply ChainRAG Poisoning

Affected Vendors

Related Issues

medium

CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e

Similar attackNVD/CVE Database

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Similar attack

Monthly digest — independent AI security research

Original source: https://genai.owasp.org/2026/04/28/finbot-ctf-is-live-a-hands-on-companion-to-the-owasp-genai-security-project/?utm_source=rss&utm_medium=rss&utm_campaign=finbot-ctf-is-live-a-hands-on-companion-to-the-owasp-genai-security-project

First tracked: April 28, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 92%