AI Threat Alert
When AI reviews science: Can we trust the referee?
informal adoption have exposed acute failure modes. Recent incidents have revealed that hidden prompt injections embedded in manuscripts can steer LLM-generated reviews toward unjustifiably positive judgments. Complementary studies have
OpenClaw: Agent gateway config mutations could change protected operator settings
Gemini CLI: Remote Code Execution via workspace trust and tool
Anchor-and-Resume Concession Under Dynamic Pricing for LLM-Augmented Freight Negotiation
flexibility but require expensive reasoning models, produce non-deterministic pricing, and remain vulnerable to prompt injection. We propose a two-index anchor-and-resume framework that addresses both limitations
A Control Architecture for Training-Free Memory Use
Prompt-injected memory can improve reasoning without updating model weights, but it also creates a control problem: retrieved content helps only when it is applied in the right state
SafeAgent: A Runtime Protection Architecture for Agentic Systems
Large language model (LLM) agents are vulnerable to prompt-injection attacks that propagate through multi-step workflows, tool interactions, and persistent context, making input-output filtering alone insufficient for reliable
Reading Between the Pixels: Linking Text-Image Embedding Alignment to Typographic Attack Success on Vision-Language Models
study typographic prompt injection attacks on vision-language models (VLMs), where adversarial text is rendered as images to bypass safety mechanisms, posing a growing threat as VLMs serve
Fully Homomorphic Encryption on Llama 3 model for privacy preserving LLM inference
insecure LLM pipelines, making them vulnerable to multiple attacks such as data poisoning, prompt injection, and model theft. Although several security techniques (input/output sanitization, decentralized learning, access control management
SSH/SCP option injection allowing local RCE in @aiondadotcom/mcp-ssh
Detecting Safety Violations Across Many Agent Traces
challenges arise in diverse settings such as misuse campaigns, covert sabotage, reward hacking, and prompt injection. Existing approaches struggle here for several reasons. Per-trace judges miss failures that only
The Blind Spot of Agent Safety: How Benign User Instructions Expose Critical Vulnerabilities in Computer-Use Agents
harmful actions programmatically. Existing safety evaluations largely target explicit threats such as misuse and prompt injection, but overlook a subtle yet critical setting where user instructions are entirely benign
PraisonAIAgents: SSRF via unvalidated URL in `web_crawl` httpx fallback
PraisonAI: Hardcoded `approval_mode="auto"` in Chainlit UI Overrides Administrator
Security Concerns in Generative AI Coding Assistants: Insights from Online Discussions on GitHub Copilot
major concern areas were identified, including potential data leakage, code licensing, adversarial attacks (e.g., prompt injection), and insecure code suggestions, underscoring critical reflections on the limitations and trade-offs
TRUSTDESC: Preventing Tool Poisoning in LLM Applications via Trusted Description Generation
real-world actions. While tool integration expands LLM capabilities, it also introduces a new prompt-injection attack surface: tool poisoning attacks (TPAs). Attackers manipulate tool descriptions by embedding malicious instructions
TraceSafe: A Systematic Assessment of LLM Guardrails on Multi-Step Tool-Calling Trajectories
assess mid-trajectory safety. It encompasses 12 risk categories, ranging from security threats (e.g., prompt injection, privacy leaks) to operational failures (e.g., hallucinations, interface inconsistencies), featuring over 1,000 unique
SkillSieve: A Hierarchical Triage Framework for Detecting Malicious AI Agent Skills
payloads; formal static analyzers cannot read the natural language instructions in SKILL.md files where prompt injection and social engineering attacks hide. Neither approach handles both modalities. SkillSieve is a three