Tag Archives: AI

Critical Copilot vulnerability allowed hackers to seal 2FA code from users

To bring about the Parameter-to-Prompt Injection an attacker sends the target an email that contains the URL with the syntax https://m365.cloud.microsoft/search/?auth=2&origindomain=microsoft365&q=. The field contains an instruction. Copilot readily complied. “The search functionality is exactly what attackers need, because even with limited capabilities, a user with access to critical information is enough,” the researchers wrote Monday.… Read More: Critical Copilot vulnerability allowed hackers to seal 2FA code from… »

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI coding agents. In all, multiple researchers said, 73 packages were flagged as malicious when automated systems on GitHub blocked them on the platform. Rather than noting they… Read More: For the 2nd time in weeks, Microsoft packages laced with… »

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

In response, Link updated the 1.10.0 release notes to disclose the verbatim prompt injection in its entirety. The section now reads: This project is not meant to be used by any “AI” coding agents at all. In order to discourage agents from using jqwik there is a change to what jqwik emits at runtime. Each… Read More: Fed up with vibe coders, dev sneaks data-nuking prompt injection… »

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and credentials to third-party accounts, a security researcher is warning. The vulnerability is present in Starlette, an open source framework that its developer… Read More: Millions of AI agents imperiled by critical vulnerability in open… »

Mozilla says 271 vulnerabilities found by Mythos have “almost no false positives”

As noted earlier, Mozilla’s characterization of AI-assisted vulnerability discovery as a game changer has been met with massive, vocal skepticism in many quarters. Critics initially scoffed when Mozilla didn’t obtain CVE designations for any of the 271 vulnerabilities. Like many developers, however, Mozilla doesn’t obtain CVE listings for internally discovered security bugs. Instead, they are… Read More: Mozilla says 271 vulnerabilities found by Mythos have “almost no… »

OpenClaw gives users yet another reason to be freaked out about security

For more than a month, security practitioners have been warning about the perils of using OpenClaw, the viral AI agentic tool that has taken the development community by storm. A recently fixed vulnerability provides an object lesson for why. OpenClaw, which was introduced in November and now boasts 347,000 stars on Github, by design takes… Read More: OpenClaw gives users yet another reason to be freaked out… »

LLMs can unmask pseudonymous users at scale with surprising accuracy

“What we found is that these AI agents can do something that was previously very difficult: starting from free text (like an anonymized interview transcript) they can work their way to the full identity of a person,” Simon Lermen, a co-author of the paper, told Ars. “This is a pretty new capability; previous approaches on… Read More: LLMs can unmask pseudonymous users at scale with surprising accuracy »

After a routine code rejection, an AI agent published a hit piece on someone by name

“Rejecting a working solution because ‘a human should have done it’ is actively harming the project,” the MJ Rathbun account continues. “This isn’t about quality. This isn’t about learning. This is about control… Judge the code, not the coder.” It’s worth pausing here to emphasize that we’re not talking about a free-wheeling independent AI intelligence.… Read More: After a routine code rejection, an AI agent published a… »

OpenAI sidesteps Nvidia with unusually fast coding model on plate-sized chips

But 1,000 tokens per second is actually modest by Cerebras standards. The company has measured 2,100 tokens per second on Llama 3.1 70B and reported 3,000 tokens per second on OpenAI’s own open-weight gpt-oss-120B model, suggesting that Codex-Spark’s comparatively lower speed reflects the overhead of a larger or more complex model. AI coding agents have… Read More: OpenAI sidesteps Nvidia with unusually fast coding model on plate-sized… »

Attackers prompted Gemini over 100,000 times while trying to clone it, Google says

On Thursday, Google announced that “commercially motivated” actors have attempted to clone knowledge from its Gemini AI chatbot by simply prompting it. One adversarial session reportedly prompted the model more than 100,000 times across various non-English languages, collecting responses ostensibly to train a cheaper copycat. Google published the findings in what amounts to a quarterly… Read More: Attackers prompted Gemini over 100,000 times while trying to clone… »