indirect prompt injection – Page 2 – Experimental News Clipping Site

Simon Willison’s Weblog: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet

Aug 25, 2025

—

by

Source URL: https://simonwillison.net/2025/Aug/25/agentic-browser-security/#atom-everything Source: Simon Willison’s Weblog Title: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet Feedly Summary: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet The security team from Brave took a look at Comet, the LLM-powered “agentic browser" extension from Perplexity, and unsurprisingly found security holes you can drive a truck…

Embrace The Red: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/windsurf-data-exfiltration-vulnerabilities/ Source: Embrace The Red Title: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets Feedly Summary: This is the first post in a series exploring security vulnerabilities in Windsurf. If you are unfamiliar with Windsurf, it is a fork of VS Code and the coding agent is called Windsurf Cascade. The attack vectors…

Embrace The Red: Amazon Q Developer: Remote Code Execution with Prompt Injection

Aug 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-remote-code-execution/ Source: Embrace The Red Title: Amazon Q Developer: Remote Code Execution with Prompt Injection Feedly Summary: The Amazon Q Developer VS Code Extension (Amazon Q) is a popular coding agent, with over 1 million downloads. The extension is vulnerable to indirect prompt injection, and in this post we discuss a vulnerability that…

Embrace The Red: Claude Code: Data Exfiltration with DNS Requests

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/claude-code-exfiltration-via-dns-requests/ Source: Embrace The Red Title: Claude Code: Data Exfiltration with DNS Requests Feedly Summary: Today we cover Claude Code and a high severity vulnerability that Anthropic fixed in early June. The vulnerability allowed an attacker to hijack Claude Code via indirect prompt injection and leak sensitive information from the developer’s machine, e.g.…

Embrace The Red: How Devin AI Can Leak Your Secrets Via Multiple Means

Aug 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/devin-can-leak-your-secrets/ Source: Embrace The Red Title: How Devin AI Can Leak Your Secrets Via Multiple Means Feedly Summary: In this post we show how an attacker can make Devin send sensitive information to third-party servers, via multiple means. This post assumes that you read the first post about Devin as well. But here…

Embrace The Red: Amp Code: Arbitrary Command Execution via Prompt Injection Fixed

Aug 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amp-agents-that-modify-system-configuration-and-escape/ Source: Embrace The Red Title: Amp Code: Arbitrary Command Execution via Prompt Injection Fixed Feedly Summary: Sandbox-escape-style attacks can happen when an AI is able to modify its own configuration settings, such as by writing to configuration files. That was the case with Amp, an agentic coding tool built by Sourcegraph. The…

Cloud Blog: Cloud CISO Perspectives: The global threats facing EU healthcare

Jun 30, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-global-threats-eu-healthcare/ Source: Cloud Blog Title: Cloud CISO Perspectives: The global threats facing EU healthcare Feedly Summary: Welcome to the second Cloud CISO Perspectives for June 2025. Today, Thiébaut Meyer and Bhavana Bhinder from Google Cloud’s Office of the CISO discuss our work to help defend European healthcare against cyberattacks.As with all Cloud CISO…

Google Online Security Blog: Mitigating prompt injection attacks with a layered defense strategy

Jun 13, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: http://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html Source: Google Online Security Blog Title: Mitigating prompt injection attacks with a layered defense strategy Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses emerging security threats associated with generative AI, particularly focusing on indirect prompt injections that manipulate AI systems through hidden malicious instructions. Google outlines its layered security…

Simon Willison’s Weblog: Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot

Jun 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Jun/11/echoleak/ Source: Simon Willison’s Weblog Title: Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot Feedly Summary: Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot Aim Labs reported CVE-2025-32711 against Microsoft 365 Copilot back in January, and the fix is…

Cloud Blog: Gemini 2.5 Flash and Pro expand on Vertex AI to drive more sophisticated and secure AI innovation

May 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/ai-machine-learning/expanding-gemini-2-5-flash-and-pro-capabilities/ Source: Cloud Blog Title: Gemini 2.5 Flash and Pro expand on Vertex AI to drive more sophisticated and secure AI innovation Feedly Summary: Today at Google I/O, we’re expanding Gemini 2.5 Flash and Pro model capabilities that help enterprises build more sophisticated and secure AI-driven applications and agents: Thought summaries: For enterprise-grade…

Tag: indirect prompt injection