Experimental News Clipping Site

Tag: vulnerability

  • Slashdot: One Long Sentence is All It Takes To Make LLMs Misbehave

    by

    Kurt Seifried
    in

    Source URL: https://slashdot.org/story/25/08/27/1756253/one-long-sentence-is-all-it-takes-to-make-llms-misbehave?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: One Long Sentence is All It Takes To Make LLMs Misbehave Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a significant security research finding from Palo Alto Networks’ Unit 42 regarding vulnerabilities in large language models (LLMs). The researchers explored methods that allow users to bypass…

  • Simon Willison’s Weblog: Quoting Bruce Schneier

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Aug/27/bruce-schneier/#atom-everything Source: Simon Willison’s Weblog Title: Quoting Bruce Schneier Feedly Summary: We simply don’t know to defend against these attacks. We have zero agentic AI systems that are secure against these attacks. Any AI that is working in an adversarial environment—and by this I mean that it may encounter untrusted training data or…

  • The Register: Nx NPM packages poisoned in AI-assisted supply chain attack

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/27/nx_npm_supply_chain_attack/ Source: The Register Title: Nx NPM packages poisoned in AI-assisted supply chain attack Feedly Summary: Stolen dev credentials posted to GitHub as attackers abuse CLI tools for recon Nx is the latest target of a software supply chain attack in the NPM ecosystem, with multiple malicious versions being uploaded to the NPM…

  • Embrace The Red: Cline: Vulnerable To Data Exfiltration And How To Protect Your Data

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/cline-vulnerable-to-data-exfiltration/ Source: Embrace The Red Title: Cline: Vulnerable To Data Exfiltration And How To Protect Your Data Feedly Summary: Cline is quite a popular AI coding agent, according to the product website it has 2+ million downloads and over 47k stars on GitHub. Unfortunately, Cline is vulnerable to data exfiltration through the rendering…

  • Cloud Blog: Unleash Your Business Potential: The Total Economic Impact of ChromeOS

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/products/chrome-enterprise/unleash-your-business-potential-the-total-economic-impact-of-chromeos/ Source: Cloud Blog Title: Unleash Your Business Potential: The Total Economic Impact of ChromeOS Feedly Summary: In today’s dynamic business landscape, organizations are continuously challenged to achieve more with fewer resources. The demand is high for technology that is not only powerful but also economical, simple to manage, and secure. Enter ChromeOS,…

  • Simon Willison’s Weblog: Piloting Claude for Chrome

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Aug/26/piloting-claude-for-chrome/#atom-everything Source: Simon Willison’s Weblog Title: Piloting Claude for Chrome Feedly Summary: Piloting Claude for Chrome Two days ago I said: I strongly expect that the entire concept of an agentic browser extension is fatally flawed and cannot be built safely. Today Anthropic announced their own take on this pattern, implemented as an…

  • Embrace The Red: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/aws-kiro-aribtrary-command-execution-with-indirect-prompt-injection/ Source: Embrace The Red Title: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection Feedly Summary: On the day AWS Kiro was released, I couldn’t resist putting it through some of my Month of AI Bugs security tests for coding agents. AWS Kiro was vulnerable to arbitrary command execution via indirect prompt…