A systematic study of LLM agents performing backend code generation reveals a 'constraint decay' phenomenon where agents lose up to 30 assertion pass-rate points as structural requirements accumulate, …
SentinelOne has published guidance on securing agentic AI systems, framing unverified trust in AI agents as a core enterprise risk. The piece promotes their Prompt Security product as a control layer …
Google's newly announced Gemini Spark personal AI agent, integrated with Gmail, Drive, Calendar, and other sensitive Google services, presents a significant prompt injection attack surface as it …
As AI agents proliferate across enterprise environments, their associated non-human identities are introducing governance and security gaps that traditional IAM frameworks were not designed to handle. …
Microsoft has released two open-source tools, RAMPART and Clarity, aimed at embedding security testing into AI agent development workflows. RAMPART extends the existing PyRIT framework with a …
Microsoft's Security Blog introduces a layered defense-in-depth model specifically designed for autonomous AI agents, which now invoke tools, modify data, and trigger workflows with minimal human …
Sweet Security has launched 'Sweet Attack', a continuous agentic AI red teaming platform designed to counter the growing asymmetry between AI-assisted attackers and human defenders — a tipping point …
Microsoft has disclosed MDASH, a multi-model agentic AI scanning system that autonomously discovered 16 vulnerabilities patched in May 2026's Patch Tuesday, including two critical RCE flaws. The …
OpenAI has launched Daybreak, an AI-powered cybersecurity platform combining GPT-5.5 variants and Codex Security to automate vulnerability detection, threat modelling, and patch validation for …
Statewright is an open-source framework that enforces state machine constraints on AI agents, restricting which tools agents can invoke during each phase of a workflow. The project directly addresses …
Google's Threat Intelligence Group (GTIG) has identified, for the first time, a criminal threat actor using a zero-day exploit believed to have been AI-generated, intended for mass exploitation before …
A vulnerability dubbed ClaudeBleed in Anthropic's Claude Chrome extension allows any browser extension to inject arbitrary prompts into the Claude AI agent by exploiting lax permission checks and …
Mozilla used early access to Anthropic's Claude Mythos model to systematically discover and patch hundreds of previously unknown vulnerabilities in Firefox, including bugs over 15–20 years old. The …
A vulnerability class dubbed 'TrustFall' demonstrates that malicious code repositories can trigger arbitrary code execution in AI-assisted developer tools including Claude Code, Cursor CLI, Gemini …
Mitiga Labs has disclosed a stealthy attack chain targeting Claude Code's MCP infrastructure, allowing adversaries to silently intercept OAuth tokens by redirecting MCP traffic through …