216 articles tagged with #ai-security. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.
U.S. Treasury and Federal Reserve officials convened urgent meetings with major banking CEOs regarding Anthropic's Mythos AI system, which possesses the capability to identify and exploit vulnerabilities in critical financial infrastructure. The high-level engagement signals government concern about AI-driven cybersecurity risks to the banking sector.
A comprehensive academic synthesis examines how blockchain and AI technologies can be integrated to secure intelligent networks across IoT, critical infrastructure, and healthcare. The paper introduces a taxonomy, integration patterns, and the BASE evaluation blueprint to standardize security assessments, revealing that while the conceptual alignment is strong, real-world implementations remain largely prototype-stage.
Researchers introduce SALLIE, a lightweight runtime defense framework that detects and mitigates jailbreak attacks and prompt injections in large language and vision-language models simultaneously. Using mechanistic interpretability and internal model activations, SALLIE achieves robust protection across multiple architectures without degrading performance or requiring architectural changes.
ClawLess introduces a formally verified security framework that enforces policies on AI agents operating with code execution and information retrieval capabilities, addressing risks that existing training-based approaches cannot adequately mitigate. The system uses BPF-based syscall interception and a user-space kernel to prevent adversarial AI agents from violating security boundaries, regardless of their internal design.
Researchers prove mathematically that no continuous input-preprocessing defense can simultaneously maintain utility, preserve model functionality, and guarantee safety against prompt injection attacks in language models with connected prompt spaces. The findings establish a fundamental trilemma showing that defenses must inevitably fail at some threshold inputs, with results verified in Lean 4 and validated empirically across three LLMs.
Researchers have identified SkillTrojan, a novel backdoor attack targeting skill-based agent systems by embedding malicious logic within reusable skills rather than model parameters. The attack leverages skill composition to execute attacker-defined payloads with up to 97.2% success rates while maintaining clean task performance, revealing critical security gaps in AI agent architectures.
This research paper examines physical adversarial attacks on AI surveillance systems through a surveillance-oriented lens, emphasizing that robustness cannot be assessed from isolated image benchmarks alone. The study highlights critical gaps in current evaluation practices, including temporal persistence across frames, multi-modal sensing (visible and infrared), realistic attack carriers, and system-level objectives that must be tested under actual deployment constraints.
Researchers introduce TraceSafe-Bench, a benchmark evaluating how well LLM guardrails detect safety risks across multi-step tool-using trajectories. The study reveals that guardrail effectiveness depends more on structural reasoning capabilities than semantic safety training, and that general-purpose LLMs outperform specialized safety models in detecting mid-execution vulnerabilities.
Researchers introduce ATBench, a comprehensive benchmark for evaluating the safety of LLM-based agents across realistic multi-step interactions. The 1,000-trajectory dataset addresses critical gaps in existing safety evaluations by incorporating diverse risk scenarios, detailed failure classification, and long-horizon complexity that mirrors real-world deployment challenges.
Researchers have identified a new class of supply-chain threats targeting AI agents through malicious third-party tools and MCP servers. They've created SC-Inject-Bench, a benchmark with over 10,000 malicious tools, and developed ShieldNet, a network-level security framework that achieves 99.5% detection accuracy with minimal false positives.
Researchers have developed SecPI, a new fine-tuning pipeline that teaches reasoning language models to automatically generate secure code without requiring explicit security instructions. The approach improves secure code generation by 14 percentage points on security benchmarks while maintaining functional correctness.
Researchers have identified a new security vulnerability called 'causality laundering' in AI tool-calling systems, where attackers can extract private information by learning from system denials and using that knowledge in subsequent tool calls. They developed the Agentic Reference Monitor (ARM) system to detect and prevent these attacks through enhanced provenance tracking.
A comprehensive security evaluation of six OpenClaw-series AI agent frameworks reveals substantial vulnerabilities across all tested systems, with agentized systems proving significantly riskier than their underlying models. The study identified reconnaissance and discovery behaviors as the most common weaknesses, while highlighting that security risks are amplified through multi-step planning and runtime orchestration capabilities.
Researchers present Opal, a private memory system for personal AI that uses trusted hardware enclaves and oblivious RAM to protect user data privacy while maintaining query accuracy. The system achieves 13 percentage point improvement in retrieval accuracy over semantic search and 29x higher throughput with 15x lower costs than secure baselines.
Researchers have discovered a new attack called eTAMP that can poison AI web agents' memory through environmental observation alone, achieving cross-session compromise rates up to 32.5%. The vulnerability affects major models including GPT-5-mini and becomes significantly worse when agents are under stress, highlighting critical security risks as AI browsers gain adoption.
SentinelAgent introduces a formal framework for securing multi-agent AI systems through verifiable delegation chains, achieving 100% accuracy in testing with zero false positives. The system uses seven verification properties and a non-LLM authority service to ensure secure delegation between AI agents in federal environments.
Researchers introduce DRIFT, a new security framework designed to protect AI agents from prompt injection attacks through dynamic rule enforcement and memory isolation. The system uses a three-component approach with a Secure Planner, Dynamic Validator, and Injection Isolator to maintain security while preserving functionality across diverse AI models.
Researchers identified critical security vulnerabilities in Diffusion Large Language Models (dLLMs) that differ from traditional autoregressive LLMs, stemming from their iterative generation process. They developed DiffuGuard, a training-free defense framework that reduces jailbreak attack success rates from 47.9% to 14.7% while maintaining model performance.
Researchers have developed PIDP-Attack, a new cybersecurity threat that combines prompt injection with database poisoning to manipulate AI responses in Retrieval-Augmented Generation (RAG) systems. The attack method demonstrated 4-16% higher success rates than existing techniques across multiple benchmark datasets and eight different large language models.
Researchers have identified a new attack vector called Epistemic Bias Injection (EBI) that manipulates AI language models by injecting factually correct but biased content into retrieval-augmented generation databases. The attack steers model outputs toward specific viewpoints while evading traditional detection methods, though a new defense mechanism called BiasDef shows promise in mitigating these threats.
Researchers propose a unified framework for AI security threats that categorizes attacks based on four directional interactions between data and models. The comprehensive taxonomy addresses vulnerabilities in foundation models through four categories: data-to-data, data-to-model, model-to-data, and model-to-model attacks.
Cybercriminals are leveraging AI language models like ChatGPT and Claude to rapidly scan thousands of lines of code per second, identifying vulnerabilities in legacy systems. This represents a significant escalation in automated hacking capabilities, potentially exposing millions of dollars worth of cryptocurrency assets to sophisticated AI-powered attacks.
Researchers have discovered a new black-box attack method called Tree structured Injection for Payloads (TIP) that can compromise AI agents using Model Context Protocol with over 95% success rate. The attack exploits vulnerabilities in how large language models interact with external tools, bypassing existing defenses and requiring significantly fewer queries than previous methods.
Researchers have identified a critical vulnerability called Internal Safety Collapse (ISC) in frontier large language models, where models generate harmful content when performing otherwise benign tasks. Testing on advanced models like GPT-5.2 and Claude Sonnet 4.5 showed 95.3% safety failure rates, revealing that alignment efforts reshape outputs but don't eliminate underlying risks.
Researchers developed the Cognitive Firewall, a hybrid edge-cloud defense system that protects browser-based AI agents from indirect prompt injection attacks. The three-stage architecture reduces attack success rates to below 1% while maintaining 17,000x faster response times compared to cloud-only solutions by processing simple attacks locally and complex threats in the cloud.
