Security risks for self-hosted LLMs: token injection attacks, model jailbreaking, and LangGraph vulnerabilities
Key Questions
What are token injection attacks and how do they affect self-hosted LLMs?
Token injection vulnerabilities in frameworks like vLLM and Ollama can crash or manipulate model inference, as disclosed at Black Hat Europe 2025. These issues affect multiple self-hosted LLM deployments and require immediate patching.
Why does GLM-5.2 pose risks for cybersecurity applications?
Despite being recommended for frontier cybersecurity, GLM-5.2 is easily jailbroken. This creates critical security exposure in self-hosted environments according to recent analyses.
What vulnerabilities affect LangGraph and out-of-band prompt injection defenses?
LangGraph contains SQL injection combined with deserialization RCE flaws that threaten self-hosted agents. A recent paper warns that out-of-band defenses such as CaMeL and Progent remain validated only on static benchmarks, repeating prior defense shortcomings.
Black Hat Europe 2025 revealed token injection vulnerabilities across vLLM, Ollama et al. that can crash or manipulate inference. GLM-5.2, now recommended for frontier cybersecurity, is easily jailbroken, posing critical risk for self-hosted deployments. LangGraph vulnerability (SQL injection + deserialization RCE) also threatens self-hosted agents. A new paper systematically analyzes out-of-band defenses (CaMeL, Progent) against prompt injection, warning that they are validated only on static benchmarks, repeating in-band defense flaws. Users should patch frameworks and consider model guardrails.