Experimental News Clipping Site

Tag: input validation

  • Tomasz Tunguz: Modernizing Agent Tools with Google ADK Patterns: 60% Token Reduction & Enterprise Safety

    by

    Kurt Seifried
    in

    Source URL: https://www.tomtunguz.com/modernizing-agent-tools-with-google-adk-patterns/ Source: Tomasz Tunguz Title: Modernizing Agent Tools with Google ADK Patterns: 60% Token Reduction & Enterprise Safety Feedly Summary: I recently discovered Google’s Agent Development Kit (ADK) and its architectural patterns for building LLM-powered applications. While ADK is a Python framework, its core design principles proved transformative when applied to my existing…

  • The Register: Prompt injection – and a $5 domain – trick Salesforce Agentforce into leaking sales

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/26/salesforce_agentforce_forceleak_attack/ Source: The Register Title: Prompt injection – and a $5 domain – trick Salesforce Agentforce into leaking sales Feedly Summary: More fun with AI agents and their security holes A now-fixed flaw in Salesforce’s Agentforce could have allowed external attackers to steal sensitive customer data via prompt injection, according to security researchers…

  • The Register: Perplexity’s Comet browser naively processed pages with evil instructions

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/20/perplexity_comet_browser_prompt_injection/ Source: The Register Title: Perplexity’s Comet browser naively processed pages with evil instructions Feedly Summary: Rival Brave flags prompt injection vulnerability, now patched To the surprise of no one in the security industry, processing untrusted, unvalidated input is a bad idea.… AI Summary and Description: Yes Summary: The text discusses a recently…

  • Simon Willison’s Weblog: Chromium Docs: The Rule Of 2

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Aug/11/the-rule-of-2/ Source: Simon Willison’s Weblog Title: Chromium Docs: The Rule Of 2 Feedly Summary: Chromium Docs: The Rule Of 2 Alex Russell pointed me to this principle in the Chromium security documentation as similar to my description of the lethal trifecta. First added in 2019, the Chromium guideline states: When you write code…

  • Embrace The Red: How Devin AI Can Leak Your Secrets Via Multiple Means

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/devin-can-leak-your-secrets/ Source: Embrace The Red Title: How Devin AI Can Leak Your Secrets Via Multiple Means Feedly Summary: In this post we show how an attacker can make Devin send sensitive information to third-party servers, via multiple means. This post assumes that you read the first post about Devin as well. But here…

  • Docker: MCP Horror Stories: The Security Issues Threatening AI Infrastructure

    by

    Kurt Seifried
    in

    Source URL: https://www.docker.com/blog/mcp-security-issues-threatening-ai-infrastructure/ Source: Docker Title: MCP Horror Stories: The Security Issues Threatening AI Infrastructure Feedly Summary: This is issue 1 of a new series – MCP Horror Stories – where we will examine critical security issues and vulnerabilities in the Model Context Protocol (MCP) ecosystem and how Docker MCP Toolkit provides enterprise-grade protection against…

  • Krebs on Security: Microsoft Patch Tuesday, July 2025 Edition

    by

    Kurt Seifried
    in

    Source URL: https://krebsonsecurity.com/2025/07/microsoft-patch-tuesday-july-2025-edition/ Source: Krebs on Security Title: Microsoft Patch Tuesday, July 2025 Edition Feedly Summary: Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft’s…