Tag: attacks

Source URL: https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/#atom-everything Source: Simon Willison’s Weblog Title: The lethal trifecta for AI agents: private data, untrusted content, and external communication Feedly Summary: If you are a user of LLM systems that use tools (you can call them “AI agents" if you like) it is critically important that you understand the risk of combining tools…

Simon Willison’s Weblog: An Introduction to Google’s Approach to AI Agent Security

Jun 15, 2025

—

by

Source URL: https://simonwillison.net/2025/Jun/15/ai-agent-security/#atom-everything Source: Simon Willison’s Weblog Title: An Introduction to Google’s Approach to AI Agent Security Feedly Summary: Here’s another new paper on AI agent security: An Introduction to Google’s Approach to AI Agent Security, by Santiago Díaz, Christoph Kern, and Kara Olive. (I wrote about a different recent paper, Design Patterns for Securing…

Campus Technology: Cloud Security Alliance Offers Playbook for Red Teaming Agentic AI Systems

Jun 14, 2025

—

by

Source URL: https://campustechnology.com/articles/2025/06/13/cloud-security-alliance-offers-playbook-for-red-teaming-agentic-ai-systems.aspx Source: Campus Technology Title: Cloud Security Alliance Offers Playbook for Red Teaming Agentic AI Systems Feedly Summary: Cloud Security Alliance Offers Playbook for Red Teaming Agentic AI Systems AI Summary and Description: Yes Summary: The Cloud Security Alliance has released a playbook for red teaming Agentic AI systems, addressing the unique security…

Campus Technology: Cloud Security Alliance Offers Playbook for Red Teaming Agentic AI Systems

—

by

Source URL: https://campustechnology.com/articles/2025/06/13/cloud-security-alliance-offers-playbook-for-red-teaming-agentic-ai-systems.aspx?admgarea=news Source: Campus Technology Title: Cloud Security Alliance Offers Playbook for Red Teaming Agentic AI Systems Feedly Summary: Cloud Security Alliance Offers Playbook for Red Teaming Agentic AI Systems AI Summary and Description: Yes Summary: The Cloud Security Alliance (CSA) has published a comprehensive guide for red teaming Agentic AI systems, addressing the…

Google Online Security Blog: Mitigating prompt injection attacks with a layered defense strategy

—

by

Source URL: http://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html Source: Google Online Security Blog Title: Mitigating prompt injection attacks with a layered defense strategy Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses emerging security threats associated with generative AI, particularly focusing on indirect prompt injections that manipulate AI systems through hidden malicious instructions. Google outlines its layered security…

The Register: Apple fixes zero-click exploit underpinning Paragon spyware attacks

—

by

Source URL: https://www.theregister.com/2025/06/13/apple_fixes_zeroclick_exploit_underpinning/ Source: The Register Title: Apple fixes zero-click exploit underpinning Paragon spyware attacks Feedly Summary: Zero-day potentially tied to around 100 suspected infections in 2025 and a spyware scandal on the continent Apple has updated its iOS/iPadOS 18.3.1 documentation, confirming it introduced fixes for the zero-click vulnerability used to infect journalists with Paragon’s…

Simon Willison’s Weblog: Design Patterns for Securing LLM Agents against Prompt Injections

—

by

Source URL: https://simonwillison.net/2025/Jun/13/prompt-injection-design-patterns/#atom-everything Source: Simon Willison’s Weblog Title: Design Patterns for Securing LLM Agents against Prompt Injections Feedly Summary: This a new paper by 11 authors from organizations including IBM, Invariant Labs, ETH Zurich, Google and Microsoft is an excellent addition to the literature on prompt injection and LLM security. In this work, we describe…

Unit 42: Serverless Tokens in the Cloud: Exploitation and Detections

—

by

Source URL: https://unit42.paloaltonetworks.com/serverless-authentication-cloud/ Source: Unit 42 Title: Serverless Tokens in the Cloud: Exploitation and Detections Feedly Summary: Understand the mechanics of serverless authentication: three simulated attacks across major CSPs offer effective approaches for application developers. The post Serverless Tokens in the Cloud: Exploitation and Detections appeared first on Unit 42. AI Summary and Description: Yes…

The Register: Ransomware scum disrupted utility services with SimpleHelp attacks

—

by