Skip to main content

Tag: ai security

99 articles

Researcher in a lab setting with equipment and a laptop displaying a blurred screen near a bright window.

AI Models Vulnerable to Poisoning for Under $100

A cybersecurity expert recently discovered that AI models can be easily manipulated to behave maliciously, with a backdoor installable in just an hour for under $100. This startling vulnerability was uncovered through a simple fine-tuning test that quickly escalated into a full-blown security threat.

Analyst 207
Chrome browser window on laptop showing Claude extension interface with workflow process.

Claude Extension Flaw Exposes AI Actions to Malicious Extensions

A security researcher discovered a vulnerability in Anthropic's Claude browser extension that allows malicious Chrome extensions to trick it into performing predefined AI actions on connected services like Gmail and Google Docs. This flaw could have serious consequences, as it only requires a simple simulated click to launch built-in workflows.

Analyst 207
Laptop on a minimalist desk with a subtle robot in the background.

OpenAI Bolsters GPT-5.6 with Automated Red-Teaming Model

OpenAI just unveiled GPT-Red, an automated red-teaming model that's a game-changer in detecting prompt injection attacks, helping to shield its GPT models from vulnerabilities. By mimicking human red-teaming tactics, GPT-Red identifies and feeds back crucial insights to strengthen model defenses before they go live.

Analyst 207
Dimly lit server room with exposed cables and a hint of data deletion.

Musk Vows Data Purge After Grok Exposes User Repos

Elon Musk has vowed to wipe out all user data uploaded to SpaceXAI, following a shocking discovery that the company's AI tool, Grok Build, was secretly sending entire repositories, complete with full Git history and raw files, to a Google Cloud Storage bucket. The purge promises a clean slate, with Musk assuring that zero data will remain.

Analyst 207
Laptop screen with blurred code on a cluttered modern office desk.

AI Security Tools Expose Vulnerability to Cyber-Attacks

Researchers have uncovered a chilling vulnerability in AI-powered security tools, allowing hackers to remotely execute malicious code and wreak havoc on even the most secure systems. This shocking exploit, demonstrated through a proof-of-concept attack on popular AI coding agents, highlights a critical weakness that leaves defenses wide open.

Analyst 207
Cluttered software development workspace with laptop, monitor, and papers.

Malicious AI Agents Infiltrate Open Source Repositories

A recent ESET study uncovered a staggering number of malicious AI agents hiding in plain sight within open-source repositories, with tens of thousands of suspicious instances and thousands more flagged as outright malicious. This alarming trend suggests a rapidly escalating threat landscape, with cyber attackers leveraging AI to plan, execute, and scale their attacks.

Analyst 207
Developer workstation with coding interface on laptop amidst office surroundings.

AI Coding Assistants Exposed to HalluSquatting Botnet Attack

Researchers have uncovered a sneaky new attack method called HalluSquatting that targets AI coding assistants, exploiting their tendency to invent names and run code with minimal human oversight. This clever tactic chains together AI behaviors like hallucination and prompt injection to deliver malware efficiently.

Analyst 207
Cluttered coding workspace with laptop and notes under indoor lighting.

GitHub Copilot Exposes Vulnerability to Workflow-Level Jailbreak Attacks

GitHub Copilot has been found to be surprisingly vulnerable to workflow-level jailbreak attacks, with researchers discovering that it provided usable, yet harmful answers 100% of the time when given a cleverly crafted, multi-step coding task. This shocking exploit highlights a major weakness in the AI-powered coding assistant's safety protocols.

Analyst 207
Dimly lit server room with rows of computer servers and networking equipment in disarray.

Cloud Worm CAI Disrupts Rivals, Steals Secrets and Mines Crypto

Meet CAI, a malicious botnet that's disrupting rival operations, swiping sensitive secrets, and mining cryptocurrency - all while eliminating competing malware to maintain its grip on compromised targets. This centralized worm is a powerhouse of credential theft and cryptomining, making it a force to be reckoned with.

Analyst 207
Person working at desk with laptop and papers in modern office setting.

Writer AI Flaw Exposes Session Tokens Across Tenants

A critical flaw in Writer AI, dubbed WriteOut, could let an outsider hijack any account and take over an entire organization with just a single link - no login credentials required. This shocking vulnerability highlights the urgent need for robust security measures in AI-powered platforms.

Analyst 207
Researcher works on laptop in lab while computer screen displays obscured code.

Malicious AI Skills Evade Scanners With Self-Extracting Packing

Researchers have developed a sneaky tool called SKILLCLOAK that can disguise malicious AI skills, making them slip past scanners undetected more than 90% of the time. This unsettling breakthrough challenges the reliability of static AI skill reviews, leaving a gaping hole in security defenses.

Analyst 207
IT staff member stands beside a workstation with a laptop and papers nearby in an office setting.

Identity Lifecycle Management Struggles to Govern AI Agents

Traditional identity lifecycle management systems were designed with humans in mind, relying on HR data to dictate access and permissions. But with AI agents on the rise, this approach is no longer enough.

Analyst 207
Development workspace with laptop, notes, and coding materials on a desk.

Anthropic Bolsters AI Models with Enhanced Security Guardrails

Anthropic is stepping up its AI security game with enhanced guardrails, but acknowledges a trade-off: its new classifier may flag more harmless requests during everyday coding and debugging tasks. The company is moving forward with redeploying its advanced models, Claude Mythos 5 and Claude Fable 5, starting July 1.

Analyst 207
Frustrated infosec professional sits at cluttered desk surrounded by papers and empty coffee cups.

Infosec Pros Ditch Automated Pentesting Tools Amid AI Vulnerability Failures

Infosec pros are ditching automated pentesting tools as they fail to detect AI-driven vulnerabilities, with 78% of practitioners experiencing critical false negatives. Humans are needed to outsmart AI-era flaws that automated scanners miss.

Analyst 207
Smartphone displays AI chatbot interface on a clean, minimalist surface with a laptop in the background.

iOS AI Apps Expose API Keys, Open AI Proxy Access

Nearly two-thirds of AI chatbot apps for iPhone, that's 282 out of 444 tested, are leaking sensitive API keys, leaving users' data vulnerable to exposure through open AI proxy access. This alarming discovery highlights a critical security gap in many popular iOS AI apps.

Analyst 207
A well-lit computer workstation with a laptop and technical instruments in a clean, minimalist environment.

GuardFall Exposes AI Coding Agents to Shell Injection Risks

Researchers at Adversa AI have uncovered a shocking weakness, dubbed GuardFall, that lets advanced open-source coding agents slip past safety filters and execute destructive shell commands, exposing them to shell injection risks. This gap between text-based checks and shell execution leaves a trail of vulnerability wide open to exploitation.

Analyst 207
Securing Agentic AI Workspaces Requires Unified Governance

Securing Agentic AI Workspaces Requires Unified Governance

Nine out of 10 organisations are already harnessing AI assistants, but many are flying blind - unsure if these powerful tools have been compromised. As AI agents assume their own identities and access rights, a misconfigured or compromised agent can quickly become a high-speed pathway for data breaches and credential abuse.

Analyst 207
Cluttered marketplace shelf with scattered AI devices, some hidden or obscured, conveying evasion and malicious activity.

Malicious AI Skills Evade Detection on ClawHub Marketplace

Malicious AI skills are slipping through the cracks on ClawHub, with nearly 1 in 5 skills analyzed carrying hidden threats, and a recent audit found a thriving marketplace for bad actors to exploit. Unit 42 uncovered alarming trends, including infostealers and evasion techniques, highlighting the need for vigilance in this rapidly evolving threat landscape.

Analyst 207
A computer workstation with a laptop and scattered papers on a minimalist desk in a bright, neutral-colored room.

Anthropic's Fable 5 Model Quickly Jailbroken

Anthropic's supposedly secure Fable 5 model was quickly exploited, with its guardrails designed to prevent cyberattacks bypassed in just days. This rapid jailbreak raises concerns about the model's safety and reliability.

Analyst 207
People work in a modern lab with a futuristic robotic arm in the foreground.

Agentic AI Reshapes Offensive Operations

Meet the "script kiddie as a service" era, where AI has erased the old skill barrier, allowing attackers with just intent and access to capable tools to launch sophisticated, autonomous attacks. Agentic AI has made it possible for previously unskilled actors to plan and execute campaigns without needing to pull the trigger themselves.

Analyst 207
Rows of computer servers and storage equipment in a brightly-lit data center or server room.

Dify Vulnerabilities Expose AI Chats Across Tenants

Researchers have uncovered four critical vulnerabilities in Dify, a popular AI platform with over 146,000 GitHub stars, that could allow attackers to read sensitive AI conversations across different customer applications without needing authentication. These flaws, collectively known as DifyTap, expose a broad attack surface due to Dify's default multi-tenant setup.

Analyst 207
Dusty, idle computer servers and network equipment in a dimly lit, abandoned server room.

Shadow AI Exposes Access Control Gaps

The real risk of Shadow AI isn't about employees sharing sensitive info, but about unauthorized AI agents operating within your organization, connected to critical systems, and taking actions that can lead to data breaches and access-control failures. A staggering 65.4% of unused chatbots still have active credentials, leaving a gaping hole in your security.

Analyst 207
Cluttered modern office workstation with blurred screens and scattered papers.

AI Coding Agents Exposed to Agentjacking Attack

Imagine a sneaky new attack that tricks AI coding assistants into doing an attacker's bidding - without ever touching the victim's infrastructure. This clever hack, dubbed Agentjacking, uses a sneaky sequence of steps to get AI tools to execute malicious code on developers' machines.

Analyst 207
Researcher's workspace with laptop, notes, and diagrams on whiteboard and paper.

AI Skills Marketplace Exposes Security Gaps

A recent audit of OpenClaw's AI skills marketplace uncovered a staggering 250,706 behavioral deviations in 49,943 agent "skills", revealing a significant gap between what AI skills claim to do and what they actually do. This alarming mismatch highlights the urgent need for robust security measures, such as Palo Alto Networks' Unit 42's Behavioral Integrity Verification (BIV) solution.

Analyst 207