data exfiltration – Page 2 – Experimental News Clipping Site

The Cloudflare Blog: Block unsafe prompts targeting your LLM endpoints with Firewall for AI

Aug 26, 2025

—

by

Source URL: https://blog.cloudflare.com/block-unsafe-llm-prompts-with-firewall-for-ai/ Source: The Cloudflare Blog Title: Block unsafe prompts targeting your LLM endpoints with Firewall for AI Feedly Summary: Cloudflare’s AI security suite now includes unsafe content moderation, integrated into the Application Security Suite via Firewall for AI. AI Summary and Description: Yes Summary: The text discusses the launch of Cloudflare’s Firewall for…

The Cloudflare Blog: Unmasking the Unseen: Your Guide to Taming Shadow AI with Cloudflare One

Aug 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.cloudflare.com/shadow-AI-analytics/ Source: The Cloudflare Blog Title: Unmasking the Unseen: Your Guide to Taming Shadow AI with Cloudflare One Feedly Summary: Don’t let “Shadow AI" silently leak your data to unsanctioned AI. This new threat requires a new defense. Learn how to gain visibility and control without sacrificing innovation. AI Summary and Description: Yes…

Embrace The Red: Windsurf: Memory-Persistent Data Exfiltration (SpAIware Exploit)

Aug 22, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/windsurf-spaiware-exploit-persistent-prompt-injection/ Source: Embrace The Red Title: Windsurf: Memory-Persistent Data Exfiltration (SpAIware Exploit) Feedly Summary: In this second post about Windsurf Cascade we are exploring the SpAIware attack, which allows memory persistent data exfiltration. SpAIware is an attack we first successfully demonstrated with ChatGPT last year and OpenAI mitigated. While inspecting the system prompt…

Embrace The Red: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/windsurf-data-exfiltration-vulnerabilities/ Source: Embrace The Red Title: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets Feedly Summary: This is the first post in a series exploring security vulnerabilities in Windsurf. If you are unfamiliar with Windsurf, it is a fork of VS Code and the coding agent is called Windsurf Cascade. The attack vectors…

Embrace The Red: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-interprets-hidden-instructions/ Source: Embrace The Red Title: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection Feedly Summary: The Amazon Q Developer VS Code Extension (Amazon Q) is a very popular coding agent, with over 1 million downloads. In previous posts we showed how prompt injection vulnerabilities in Amazon Q could lead…

Embrace The Red: Data Exfiltration via Image Rendering Fixed in Amp Code

Aug 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amp-code-fixed-data-exfiltration-via-images/ Source: Embrace The Red Title: Data Exfiltration via Image Rendering Fixed in Amp Code Feedly Summary: In this post we discuss a vulnerability that was present in Amp Code from Sourcegraph by which an attacker could exploit markdown driven image rendering to exfiltrate sensitive information. This vulnerability is common in AI applications…

Simon Willison’s Weblog: The Summer of Johann: prompt injections as far as the eye can see

Aug 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/15/the-summer-of-johann/#atom-everything Source: Simon Willison’s Weblog Title: The Summer of Johann: prompt injections as far as the eye can see Feedly Summary: Independent AI researcher Johann Rehberger has had an absurdly busy August. Under the heading The Month of AI Bugs he has been publishing one report per day across an array of different…

Cloud Blog: Beyond guardrails: A taxonomy of platform engineering control mechanisms

Aug 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/application-modernization/platform-engineering-control-mechanisms/ Source: Cloud Blog Title: Beyond guardrails: A taxonomy of platform engineering control mechanisms Feedly Summary: The promise of platform engineering is to accelerate software delivery by empowering developers with self-service capabilities. However, this must be balanced with security, compliance, and operational stability, and for this, you need robust controls. But all too…

Cloud Blog: Cloud CISO Perspectives: New Threat Horizons details evolving risks — and defenses

Aug 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-new-threat-horizons-details-evolving-risks-and-defenses/ Source: Cloud Blog Title: Cloud CISO Perspectives: New Threat Horizons details evolving risks — and defenses Feedly Summary: Welcome to the first Cloud CISO Perspectives for August 2025. Today, our Office of the CISO’s Bob Mechler and Anton Chuvakin dive into the key trends and evolving threats that we tracked in our…

Embrace The Red: Jules Zombie Agent: From Prompt Injection to Remote Control

Aug 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/google-jules-remote-code-execution-zombai/ Source: Embrace The Red Title: Jules Zombie Agent: From Prompt Injection to Remote Control Feedly Summary: In the previous post, we explored two data exfiltration vectors that Jules is vulnerable to and that can be exploited via prompt injection. This post takes it further by demonstrating how Jules can be convinced to…

Tag: data exfiltration