injection attacks – Experimental News Clipping Site

Simon Willison’s Weblog: Sora 2 prompt injection

Oct 3, 2025

—

by

Source URL: https://simonwillison.net/2025/Oct/3/cameo-prompt-injections/ Source: Simon Willison’s Weblog Title: Sora 2 prompt injection Feedly Summary: It turns out Sora 2 is vulnerable to prompt injection! When you onboard to Sora you get the option to create your own “cameo" – a virtual video recreation of yourself. Here’s mine singing opera at the Royal Albert Hall. You…

Simon Willison’s Weblog: Designing agentic loops

Sep 30, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Sep/30/designing-agentic-loops/ Source: Simon Willison’s Weblog Title: Designing agentic loops Feedly Summary: Coding agents like Anthropic’s Claude Code and OpenAI’s Codex CLI represent a genuine step change in how useful LLMs can be for producing working code. These agents can now directly exercise the code they are writing, correct errors, dig through existing implementation…

Microsoft Security Blog: Empowering defenders in the era of agentic AI with Microsoft Sentinel

Sep 30, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/09/30/empowering-defenders-in-the-era-of-agentic-ai-with-microsoft-sentinel/ Source: Microsoft Security Blog Title: Empowering defenders in the era of agentic AI with Microsoft Sentinel Feedly Summary: Microsoft Sentinel is expanding into an agentic platform with general availability of the Sentinel data lake, and the public preview of Sentinel graph and Sentinel Model Context Protocol (MCP) server. The post Empowering defenders in the era of…

Schneier on Security: Abusing Notion’s AI Agent for Data Theft

Sep 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.schneier.com/blog/archives/2025/09/abusing-notions-ai-agent-for-data-theft.html Source: Schneier on Security Title: Abusing Notion’s AI Agent for Data Theft Feedly Summary: Notion just released version 3.0, complete with AI agents. Because the system contains Simon Willson’s lethal trifecta, it’s vulnerable to data theft though prompt injection. First, the trifecta: The lethal trifecta of capabilities is: Access to your private…

The Register: Prompt injection – and a $5 domain – trick Salesforce Agentforce into leaking sales

Sep 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/26/salesforce_agentforce_forceleak_attack/ Source: The Register Title: Prompt injection – and a $5 domain – trick Salesforce Agentforce into leaking sales Feedly Summary: More fun with AI agents and their security holes A now-fixed flaw in Salesforce’s Agentforce could have allowed external attackers to steal sensitive customer data via prompt injection, according to security researchers…

Simon Willison’s Weblog: Cross-Agent Privilege Escalation: When Agents Free Each Other

Sep 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Sep/24/cross-agent-privilege-escalation/ Source: Simon Willison’s Weblog Title: Cross-Agent Privilege Escalation: When Agents Free Each Other Feedly Summary: Cross-Agent Privilege Escalation: When Agents Free Each Other Here’s a clever new form of AI exploit from Johann Rehberger, who has coined the term Cross-Agent Privilege Escalation to describe an attack where multiple coding agents – GitHub…

The Register: Nearly half of businesses suffered deepfaked phone calls against staff

Sep 23, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/23/gartner_ai_attack/ Source: The Register Title: Nearly half of businesses suffered deepfaked phone calls against staff Feedly Summary: AI attacks on the rise A survey of cybersecurity bosses has shown that 62 percent reported attacks on their staff using AI over the last year, either by the use of prompt injection attacks or faking…

Simon Willison’s Weblog: The Hidden Risk in Notion 3.0 AI Agents: Web Search Tool Abuse for Data Exfiltration

Sep 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Sep/19/notion-lethal-trifecta/ Source: Simon Willison’s Weblog Title: The Hidden Risk in Notion 3.0 AI Agents: Web Search Tool Abuse for Data Exfiltration Feedly Summary: The Hidden Risk in Notion 3.0 AI Agents: Web Search Tool Abuse for Data Exfiltration Abi Raghuram reports that Notion 3.0, released yesterday, introduces new prompt injection data exfiltration vulnerabilities…

Simon Willison’s Weblog: Claude API: Web fetch tool

Sep 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Sep/10/claude-web-fetch-tool/#atom-everything Source: Simon Willison’s Weblog Title: Claude API: Web fetch tool Feedly Summary: Claude API: Web fetch tool New in the Claude API: if you pass the web-fetch-2025-09-10 beta header you can add {“type": "web_fetch_20250910", "name": "web_fetch", "max_uses": 5} to your "tools" list and Claude will gain the ability to fetch content from…

Simon Willison’s Weblog: My review of Claude’s new Code Interpreter, released under a very confusing name

Sep 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Sep/9/claude-code-interpreter/ Source: Simon Willison’s Weblog Title: My review of Claude’s new Code Interpreter, released under a very confusing name Feedly Summary: Today on the Anthropic blog: Claude can now create and edit files: Claude can now create and edit Excel spreadsheets, documents, PowerPoint slide decks, and PDFs directly in Claude.ai and the desktop…

Tag: injection attacks