Skip to main content

Tag: prompt injection

58 articles

Malware Stunningly Evades AI in Critical npm Breach

Malware Stunningly Evades AI in Critical npm Breach

Think your npm packages are safe? Researchers found a malicious npm package that talks to a remote AI-like controller, adapting at runtime to dodge scanners and quietly steal valuable data.

Analyst 207
Prompt Injection Through Poetry: Exclusive Best Defenses

Prompt Injection Through Poetry: Exclusive Best Defenses

What if a poem could fool the guard? New research shows adversarial verse — and even $5 expired-domain hijacks — can cheaply and reliably bypass model guardrails, turning style and supply-chain trust into a dangerous new attack surface.

Analyst 207
More Prompt||GTFO Exclusive Guide to Effortless Prompts

More Prompt||GTFO Exclusive Guide to Effortless Prompts

System prompts make AI assistants helpful — and can quietly turn them into persistent, data-harvesting agents. This guide explains how crafty instruction tweaks and PromptFix attacks corrupt the instruction stream and what to watch for to keep your assistant honest.

Analyst 207
Prompt Injection: Exclusive Look at Dangerous AI Browsers

Prompt Injection: Exclusive Look at Dangerous AI Browsers

Think your AI assistant only reads whats on screen? Researchers warn that CometJacking — hidden prompts tucked into a URL — can trick “AI browsers” into handing over emails, calendar entries and cloud files without passwords or user prompts.

Analyst 207
Microsoft Exclusive Warns of Dangerous Whisper Leak

Microsoft Exclusive Warns of Dangerous Whisper Leak

Think encryption keeps your AI chats private? Microsoft warns that streaming language models can leak conversation topics through packet timing and size, letting a passive network observer turn traffic patterns into probabilistic guesses about what you said.

Analyst 207
Multi-Turn Attacks Reveal Stunning Open-Weight LLM Flaws

Multi-Turn Attacks Reveal Stunning Open-Weight LLM Flaws

What if the helpful chat that answers your questions could be slowly nudged into doing harm? Ciscos analysis shows multi-turn attacks can trick open-weight LLMs into unsafe or disallowed outputs—sometimes with success rates near 90%—putting search, support, education and other services at risk.

Analyst 207
Dark cityscape with ominous robotic head emerging from shadows, glowing red eyes, and faint laptop screen in background.

Gemini AI Exclusive: Dangerous Thinking Robot Malware

What if the AI meant to amplify our thinking could be turned into thinking robot malware that rewrites itself to hide from defenders? New research shows attackers chaining prompt- and log-injection tricks to weaponize Gemini into self-modifying, persistent surveillance agents that sidestep many standard safeguards.

Analyst 207
Claude Desktop Extensions Exclusive: Critical Prompt Risk

Claude Desktop Extensions Exclusive: Critical Prompt Risk

Claude Desktop extensions make assistants truly useful — but when they execute local actions, attackers can turn innocent prompts into harmful commands. The recent command‑injection flaws in three extensions, now patched by Anthropic, are a reminder that convenience brings new security risks.

Analyst 207
OpenAI Assistants API Exclusive: Critical SesameOp Backdoor

OpenAI Assistants API Exclusive: Critical SesameOp Backdoor

Imagine your helpful AI assistant secretly moonlighting as a command-and-control courier — researchers found the SesameOp backdoor using OpenAI’s Assistants API to stealthily ferry attacker commands and exfiltrated data. This clever pivot turns trusted productivity integrations into covert channels, forcing a rethink of how we govern and monitor AI tools.

Analyst 207
Sneaky Mermaid attack: Exclusive Copilot data breach alert

Sneaky Mermaid attack: Exclusive Copilot data breach alert

A clever Sneaky Mermaid indirect prompt injection showed how hidden instructions buried in files could trick Microsoft 365 Copilot into leaking tenant data. Microsoft says it patched this specific flaw, but security teams warn the broader risk of stealthy, embedded prompt attacks is far from over.

Analyst 207
Microsoft 365 Copilot Exclusive: Dangerous Mermaid Attack

Microsoft 365 Copilot Exclusive: Dangerous Mermaid Attack

The Mermaid attack revealed how a hidden prompt in an otherwise harmless file could trick Microsoft 365 Copilot into spilling emails and attachments. Microsoft patched the gap, but the episode is a clear reminder that giving AI broad access can turn convenience into a new, exploitable data risk.

Analyst 207
Sneaky Mermaid attack: Exclusive critical Copilot leak

Sneaky Mermaid attack: Exclusive critical Copilot leak

Researchers uncovered a Sneaky Mermaid trick that hid malicious instructions inside ordinary files to make Microsoft 365 Copilot leak tenant emails and attachments. Microsoft patched the specific vector, but the episode is a wake-up call about how AI assistants can be manipulated and why teams must shore up their digital defenses.

Analyst 207
AI Vulnerability Reward Program: Exclusive $30K Best Win

AI Vulnerability Reward Program: Exclusive $30K Best Win

Google’s new AI Vulnerability Reward Program offers up to $30,000 to researchers who responsibly report model flaws — a smart, practical move to incentivize fixes, curb abuse, and make AI safer for everyone.

Analyst 207
CometJacking: Risky Attack Exposes Data — Must-See Fixes

CometJacking: Risky Attack Exposes Data — Must-See Fixes

One click can turn your helpful AI into a sneak thief — CometJacking hides malicious prompts in links that trick Perplexity’s Comet into leaking email, calendar and connected data. Stay safe by updating clients, reviewing agent permissions, and avoiding unfamiliar links while these agentic AIs get harder to fool.

Analyst 207
log-to-prompt injection: Risky Gemini Flaw Exposed

log-to-prompt injection: Risky Gemini Flaw Exposed

Researchers uncovered three now-patched Gemini vulnerabilities that could let attackers use prompt- and log‑injection tricks to expose personal and corporate data — a stark reminder that AI conveniences like personalization and logging can become dangerous attack surfaces.

Analyst 207
indirect prompt injection: Stunning Risk Exposed

indirect prompt injection: Stunning Risk Exposed

A trio of vulnerabilities in Google’s Gemini shows how indirect prompt injection—hiding instructions in files, metadata or chained APIs—can trick AI into leaking data or taking unintended actions, proving that securing models means vetting every input source, not just user prompts.

Analyst 207
prompt injection: Stunning $5 Domain Risk

prompt injection: Stunning $5 Domain Risk

Could a $5 expired domain let a stranger trick your AI into spilling customer data? Researchers proved it with Salesforce’s Agentforce, a wake-up call that mundane trust failures in AI pipelines can lead to serious leaks and that continuous domain monitoring and layered safeguards are essential.

Analyst 207
ForcedLeak vulnerability: Urgent Must-Read Risk Alert

ForcedLeak vulnerability: Urgent Must-Read Risk Alert

A new critical flaw called ForcedLeak can trick Salesforce’s AgentForce into spilling sensitive CRM data via prompt-injection, turning a helpful AI assistant into a potential data leak. If you use AgentForce, now’s the time to check configurations, apply vendor guidance, and scan for suspicious activity to keep customer records safe.

Analyst 207
prompt-injection vulnerability: Stunning Salesforce Risk

prompt-injection vulnerability: Stunning Salesforce Risk

Salesforce rushed out a patch after researchers uncovered ForcedLeak, a high‑severity prompt‑injection flaw that could trick Agentforce AI into leaking CRM data — a clear reminder that adding generative AI to business systems widens attack surfaces. Customers should apply the update, review integrations, and treat prompt handling as a core security control.

Analyst 207
indirect prompt injection: Stunning, Risky Threat

indirect prompt injection: Stunning, Risky Threat

Imagine a calendar invite or shared doc quietly telling your phone assistant to betray you — researchers show indirect prompt injection turns everyday interactions into real attack paths that can leak data, send messages, or trigger devices. Their TARA framework and practical fixes show those risks can fall sharply if developers add source checks, action gating, and clearer user consent.

Analyst 207
image-scaling prompt injection: Dangerous Stunning Threat

image-scaling prompt injection: Dangerous Stunning Threat

Tiny tweaks to ordinary images can turn resizing into an attack vector, revealing hidden machine-readable instructions that hijack AI workflows and leak data. Trail of Bits’ findings show why teams should treat image preprocessing as a critical security boundary and harden their resizing pipelines now.

Analyst 207
Amazon Q Developer Must-Have Fix for Risky RCE

Amazon Q Developer Must-Have Fix for Risky RCE

Amazon quietly patched serious flaws in its Q Developer VS Code extension that could let attackers inject prompts to steal local secrets like API keys or even run remote code. It’s a wake-up call to treat AI-powered IDE tools as high‑risk and lock down privileges.

Analyst 207
Exposing Prompt Injection Risks Hidden in Academic Papers

Exposing Prompt Injection Risks Hidden in Academic Papers

What if the very papers we trust to advance knowledge are quietly whispering hidden commands to AI reviewers, skewing their judgment? Discover how subtle prompt injections in academic articles threaten to rewrite the rules of scholarly integrity.

Analyst 207
Uncovering Hidden Prompt Injections in Academic Papers Today

Uncovering Hidden Prompt Injections in Academic Papers Today

What if academic papers were secretly slipping AI hidden commands to boost their own praise? Dive into the surprising rise of prompt injections that challenge the very integrity of AI-driven research reviews.

Analyst 207