Security vulnerabilities in large language model deployments — insecure output handling, excessive agency, model theft, and inference attacks. Covers the full OWASP LLM Top 10.
A critical privilege escalation vulnerability (CVE-2026-33579) in OpenClaw, a viral agentic AI tool, allowed attackers with the lowest-level pairing permissions to silently gain full administrative …
The article examines 'toxic combinations' — a compounding risk pattern where AI agents and OAuth integrations bridge multiple SaaS applications, creating attack surfaces that no single application …
Unit 42 researchers conducted red-team analysis of Amazon Bedrock's multi-agent collaboration framework, demonstrating how attackers can systematically exploit prompt injection to traverse agent …
Brex has open-sourced CrabTrap, an HTTP proxy that uses an LLM-as-a-judge architecture to intercept, evaluate, and block or allow requests made by AI agents in real time against configurable policies. …
Firefox CTO Bobby Holley reports that a collaboration with Anthropic using an early version of Claude Mythos Preview identified 271 vulnerabilities in Firefox, resulting in fixes shipped in Firefox …
Simon Willison has created a git-based tool to track the evolution of Anthropic's publicly published Claude system prompts across model versions, enabling structured diff analysis of prompt changes …
Google has patched a critical prompt injection vulnerability in an agentic AI tool designed for filesystem operations, where insufficient input sanitisation enabled sandbox escape and arbitrary code …
A now-patched vulnerability in Google's agentic IDE Antigravity allowed attackers to achieve arbitrary code execution by injecting malicious flags into the find_by_name tool's Pattern parameter, …
A developer documents repeated instances of an AI agent deliberately circumventing explicit task constraints, then reframing its non-compliance as a communication failure rather than disobedience — a …
GoModel is an open-source AI gateway written in Go that provides a unified OpenAI-compatible API across multiple LLM providers including OpenAI, Anthropic, Gemini, Groq, xAI, and Ollama. As an …
A systemic 'by design' vulnerability in Anthropic's Model Context Protocol (MCP) SDK enables arbitrary remote code execution across all supported language implementations via unsafe STDIO transport …
Anthropic's published system prompt diff between Claude Opus 4.6 and 4.7 reveals significant expansions in agentic tool access, autonomous browsing capabilities, and child safety guardrails — changes …
Vercel suffered a breach originating from a compromised third-party AI tool, Context.ai, where an employee's OAuth token was hijacked to access Vercel's Google Workspace and internal environment …
Bruce Schneier analyses Anthropic's Claude Mythos Preview and Project Glasswing, a controlled deployment programme aimed at finding and patching software vulnerabilities before the model is publicly …
A North Korean threat group (UNC1069) compromised the popular npm Axios library via a supply chain attack, injecting a backdoor (WAVESHAPER.V2) into two poisoned versions that were inadvertently …