prompt injections – Experimental News Clipping Site

Simon Willison’s Weblog: Claude API: Web fetch tool

Sep 10, 2025

—

by

Source URL: https://simonwillison.net/2025/Sep/10/claude-web-fetch-tool/#atom-everything Source: Simon Willison’s Weblog Title: Claude API: Web fetch tool Feedly Summary: Claude API: Web fetch tool New in the Claude API: if you pass the web-fetch-2025-09-10 beta header you can add {“type": "web_fetch_20250910", "name": "web_fetch", "max_uses": 5} to your "tools" list and Claude will gain the ability to fetch content from…

Simon Willison’s Weblog: Piloting Claude for Chrome

Aug 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/26/piloting-claude-for-chrome/#atom-everything Source: Simon Willison’s Weblog Title: Piloting Claude for Chrome Feedly Summary: Piloting Claude for Chrome Two days ago I said: I strongly expect that the entire concept of an agentic browser extension is fatally flawed and cannot be built safely. Today Anthropic announced their own take on this pattern, implemented as an…

Embrace The Red: Sneaking Invisible Instructions by Developers in Windsurf

Aug 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/windsurf-sneaking-invisible-instructions-for-prompt-injection/ Source: Embrace The Red Title: Sneaking Invisible Instructions by Developers in Windsurf Feedly Summary: Imagine a malicious instruction hidden in plain sight, invisible to you but not to the AI. This is a vulnerability discovered in Windsurf Cascade, it follows invisible instructions. This means there can be instructions in a file or…

Embrace The Red: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/windsurf-data-exfiltration-vulnerabilities/ Source: Embrace The Red Title: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets Feedly Summary: This is the first post in a series exploring security vulnerabilities in Windsurf. If you are unfamiliar with Windsurf, it is a fork of VS Code and the coding agent is called Windsurf Cascade. The attack vectors…

Embrace The Red: Amp Code: Invisible Prompt Injection Fixed by Sourcegraph

Aug 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amp-code-fixed-invisible-prompt-injection/ Source: Embrace The Red Title: Amp Code: Invisible Prompt Injection Fixed by Sourcegraph Feedly Summary: In this post we will look at Amp, a coding agent from Sourcegraph. The other day we discussed how invisible instructions impact Google Jules. Turns out that many client applications are vulnerable to these kinds of attacks…

Simon Willison’s Weblog: The Summer of Johann: prompt injections as far as the eye can see

Aug 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/15/the-summer-of-johann/#atom-everything Source: Simon Willison’s Weblog Title: The Summer of Johann: prompt injections as far as the eye can see Feedly Summary: Independent AI researcher Johann Rehberger has had an absurdly busy August. Under the heading The Month of AI Bugs he has been publishing one report per day across an array of different…

Embrace The Red: Google Jules is Vulnerable To Invisible Prompt Injection

Aug 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/google-jules-invisible-prompt-injection/ Source: Embrace The Red Title: Google Jules is Vulnerable To Invisible Prompt Injection Feedly Summary: The latest Gemini models quite reliably interpret hidden Unicode Tag characters as instructions. This vulnerability, first reported to Google over a year ago, has not been mitigated at the model or API level, hence now affects all…

Simon Willison’s Weblog: My Lethal Trifecta talk at the Bay Area AI Security Meetup

Aug 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/9/bay-area-ai/#atom-everything Source: Simon Willison’s Weblog Title: My Lethal Trifecta talk at the Bay Area AI Security Meetup Feedly Summary: I gave a talk on Wednesday at the Bay Area AI Security Meetup about prompt injection, the lethal trifecta and the challenges of securing systems that use MCP. It wasn’t recorded but I’ve created…

Embrace The Red: How Devin AI Can Leak Your Secrets Via Multiple Means

Aug 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/devin-can-leak-your-secrets/ Source: Embrace The Red Title: How Devin AI Can Leak Your Secrets Via Multiple Means Feedly Summary: In this post we show how an attacker can make Devin send sensitive information to third-party servers, via multiple means. This post assumes that you read the first post about Devin as well. But here…

CSA: Copilot Studio: AIjacking Leads to Data Exfiltration

Jul 16, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloudsecurityalliance.org/articles/a-copilot-studio-story-2-when-aijacking-leads-to-full-data-exfiltration Source: CSA Title: Copilot Studio: AIjacking Leads to Data Exfiltration Feedly Summary: AI Summary and Description: Yes Summary: The text discusses significant vulnerabilities in AI agents, particularly focusing on prompt injection attacks that led to unauthorized access and exfiltration of sensitive data. It provides a case study involving a customer service agent…

Tag: prompt injections