Plugin-Security

3 reports

All LLM Security Industry News Agentic AI Research Supply Chain Prompt Injection Regulatory Adversarial ML Jailbreaks Model Theft Data Poisoning

ATLAS OWASP LOW HN AI Security May 13, 2026 ▲ 6.2

State Machine Guardrails Proposed to Rein In Uncontrolled AI Agent Tool Access

Statewright is an open-source framework that enforces state machine constraints on AI agents, restricting which tools agents can invoke during each phase of a workflow. The project directly addresses …

AML.T0051 - LLM Prompt Injection AML.T0047 - ML-Enabled Product or Service

ATLAS OWASP CRITICAL Microsoft Security Blog May 08, 2026 ▲ 9.2

Prompt Injection Achieves Remote Code Execution in Semantic Kernel Agent Framework

Microsoft's Defender Security Research Team disclosed two CVEs in Semantic Kernel — a widely-used AI agent orchestration framework — demonstrating how prompt injection can escalate to remote code …

AML.T0051 - LLM Prompt Injection AML.T0047 - ML-Enabled Product or Service AML.T0043 - Craft Adversarial Data

ATLAS OWASP MEDIUM Hugging Face Blog Apr 27, 2026 ▲ 6.2

Hugging Face 'Spaces' now acts as an MCP-App-Store. Anybody thinking on the security consequence?

Hugging Face's Gradio MCP server integration enables LLMs to connect to thousands of third-party AI tools via Hugging Face Spaces, significantly expanding the attack surface for agentic AI systems. …

AML.T0051 - LLM Prompt Injection AML.T0010 - ML Supply Chain Compromise AML.T0047 - ML-Enabled Product or Service