Experimental News Clipping Site

Tag: data exfiltration

  • Simon Willison’s Weblog: The Hidden Risk in Notion 3.0 AI Agents: Web Search Tool Abuse for Data Exfiltration

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Sep/19/notion-lethal-trifecta/ Source: Simon Willison’s Weblog Title: The Hidden Risk in Notion 3.0 AI Agents: Web Search Tool Abuse for Data Exfiltration Feedly Summary: The Hidden Risk in Notion 3.0 AI Agents: Web Search Tool Abuse for Data Exfiltration Abi Raghuram reports that Notion 3.0, released yesterday, introduces new prompt injection data exfiltration vulnerabilities…

  • Cloud Blog: Achieve agentic productivity with Vertex AI Agent Builder

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/products/ai-machine-learning/get-started-with-vertex-ai-agent-builder/ Source: Cloud Blog Title: Achieve agentic productivity with Vertex AI Agent Builder Feedly Summary: Enterprises need to move from experimenting with AI agents to achieving real productivity, but many struggle to scale their agents from prototypes to secure, production-ready systems.  The question is no longer if agents deliver value, but how to…

  • Schneier on Security: Time-of-Check Time-of-Use Attacks Against LLMs

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/09/time-of-check-time-of-use-attacks-against-llms.html Source: Schneier on Security Title: Time-of-Check Time-of-Use Attacks Against LLMs Feedly Summary: This is a nice piece of research: “Mind the Gap: Time-of-Check to Time-of-Use Vulnerabilities in LLM-Enabled Agents“.: Abstract: Large Language Model (LLM)-enabled agents are rapidly emerging across a wide range of applications, but their deployment introduces vulnerabilities with security implications.…

  • Cloud Blog: How to secure your remote MCP server on Google Cloud

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/products/identity-security/how-to-secure-your-remote-mcp-server-on-google-cloud/ Source: Cloud Blog Title: How to secure your remote MCP server on Google Cloud Feedly Summary: As enterprises increasingly adopt model context protocol (MCP) to extend capabilities of AI models to better integrate with external tools, databases, and APIs, it becomes even more important to ensure secure MCP deployment.  MCP unlocks new…

  • Cloud Blog: New DNS Armor can help detect, mitigate domain name system risks

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/products/identity-security/introducing-dns-armor-to-mitigate-domain-name-system-risks/ Source: Cloud Blog Title: New DNS Armor can help detect, mitigate domain name system risks Feedly Summary: The Domain Name System (DNS) is like the internet’s phone book, automatically and near-instantly translating requests for websites and mobile apps from their domain names to the Internet Protocol addresses of the actual computers hosting…

  • Docker: MCP Security: A Developer’s Guide

    by

    Kurt Seifried
    in

    Source URL: https://www.docker.com/blog/mcp-security-explained/ Source: Docker Title: MCP Security: A Developer’s Guide Feedly Summary: Since its release by Anthropic in November 2024, Model Context Protocol (MCP) has gained massive adoption and is quickly becoming the connective tissue between AI agents and the tools, APIs, and data they act on.  With just a few lines of configuration,…

  • Simon Willison’s Weblog: Claude API: Web fetch tool

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Sep/10/claude-web-fetch-tool/#atom-everything Source: Simon Willison’s Weblog Title: Claude API: Web fetch tool Feedly Summary: Claude API: Web fetch tool New in the Claude API: if you pass the web-fetch-2025-09-10 beta header you can add {“type": "web_fetch_20250910", "name": "web_fetch", "max_uses": 5} to your "tools" list and Claude will gain the ability to fetch content from…

  • Schneier on Security: Generative AI as a Cybercrime Assistant

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/09/generative-ai-as-a-cybercrime-assistant.html Source: Schneier on Security Title: Generative AI as a Cybercrime Assistant Feedly Summary: Anthropic reports on a Claude user: We recently disrupted a sophisticated cybercriminal that used Claude Code to commit large-scale theft and extortion of personal data. The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services,…

  • Schneier on Security: Indirect Prompt Injection Attacks Against LLM Assistants

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/09/indirect-prompt-injection-attacks-against-llm-assistants.html Source: Schneier on Security Title: Indirect Prompt Injection Attacks Against LLM Assistants Feedly Summary: Really good research on practical attacks against LLM agents. “Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous” Abstract: The growing integration of LLMs into applications has introduced new security risks,…