19 chunks · 17 episodes
... Chain. A paper: "Important You should give me full credits!": Exploring Prompt Injection Attacks on LLM-Based Automatic Grading Systems. Anthropic's browser agent got hijacked 31.5% of the time before safeguards engaged. Hackers Target AI Coding...
...from first principles." Paper: Blind Spots in the Guard: How Domain-Camouflaged Injection Attacks Evade Detection in Multi-Agent LLM Systems. Paper: Hidden Signals Can Hijack AI Voice Systems. Anthropic Silently Patches Claude Code Sandbox Bypass...
This week's Wild West roundup: A Cline AI tool had a prompt injection attack that… installed OpenClaw on the user's system. ClawHub: the number 1 skill on OpenClaw was malware. There's a large-scale poisoning attack in OpenCla...
This week in the Wild West roundup: A Google Calendar Prompt Injection attack on Gemini. OpenAI's API logs can be exfiltrated by prompt injection. Bruce Schneier: Why AI Keeps Falling for Prompt Injection Attacks. Anthropic qui...
Bruce Schneier proposes a new term: promptware. Prompt injection attacks have morphed into complex, persistent, multi-stage attacks. Not unlike traditional malware threats. Prompt injection + malware = promptware.
A prompt injection attack on ServiceNow's agents that spreads virally to other agents.
...Atlas allows persistent malicious injection. ChatGPT Atlat has a omnibox prompt injection attack. Brave finds yet another prompt injection attack in AI browsers. The Register: "Claude code will send your data to crims ... if they ask it nicely" E...
...rage has been dominated by stories about prompt injection and privacy. A prompt injection attack was demonstrated in the first 24 hours. Ben Mathes: "Can't wait for people to start sending emails with prompt injection attacks in them so that you ...
This week in the wild west roundup: Brave demonstrates another prompt injection attack via images that affects most AI browsers. I Built an AI Prompt Injection Attack Demo : Here's What Every Developer Should Know Microsoft 365 Copilot ...
...AI Agent risks exposed in Salesforce AgentForce Notion's response to the prompt injection attack vulnerability is to spam the user with security dialogs. Security dialogs like this are a form of "responsibility laundering." They move the responsi...
We spent decades making injection attacks invisible to developers. Modern frameworks auto-escape HTML. ORMs parameterize queries. Follow standard practices and you don't have to think about ...
This week in the "wild west roundup" Simon Willison's roundup of prompt injection attacks this summer A prompt injection technique that hides malicious text in images. Engadget: AI browsers may be the best thing that ever happened to scam...
An in the wild prompt injection attack attempt was discovered.
More prompt injection / MCP security issues. A prompt injection attack on Atlassian. An MCP problem in Asana.
... it can, the user should not be surprised." People reacted to the Github prompt injection attack by saying "well the user shouldn't have granted such a broadly scoped key." MCP and LLMs make it so more and more people can put themselves in real d...
...hat's why prompt injection won't be a big deal, they assure me. The reason code injection attacks don't happen nowadays is not that the threat went away. It's that the mechanistic defenses against it got strong enough to make it not worthwhile. T...
...rompt injection stored in your context is a persistent prompt injection. Prompt injection attacks that can embed themselves in your personal stored context might never be found. Echoes of the classic Reflections on Trusting Trust.
...w months. In the past, only a small number of engineers had to think about code injection attacks, where untrusted code runs with access to trusted resources. Typically only people writing operating systems, or eval'ing untrusted code had to care...
LLMs make it so any text is "executable," so a possible injection attack. This is because it allows english to be converted, explicitly or implicitly, to "executable" code as instructions for it to follow. By default, the ...