#ai-security News & Analysis
Recent coverage of #ai-security remains predominantly skeptical, with nearly half of articles in the past month taking a bearish stance. The 250 indexed articles reflect sustained concern about vulnerabilities and risks as artificial intelligence systems become more prevalent. Anthropic and its Claude model dominate discussions alongside emerging systems like GPT-5, while research from arXiv–CS AI forms the bulk of technical analysis.
Sentiment has held relatively stable over the past 90 days, suggesting these security concerns represent ongoing rather than newly emerged challenges. Coverage frequently intersects with #cybersecurity, #machine-learning, #ai-safety, and #adversarial-attacks, indicating security issues span multiple technical domains. Browse the articles below to understand the specific threats and defensive approaches currently under scrutiny.
sentiment · last 30d (86 articles)Top sources:arXiv – CS AI · 147Crypto Briefing · 10Blockonomi · 8Fortune Crypto · 7The Register – AI · 7
Most-discussed entities:Anthropic · 19Claude · 8GPT-5 · 7OpenAI · 6Llama · 4
AIBearisharXiv – CS AI · May 287/10
🧠Researchers identified 76 confirmed malicious AI agent skills across major marketplaces, with 13.4% of 3,984 analyzed skills containing critical security vulnerabilities. The findings highlight urgent risks as AI agents gain access to sensitive credentials and systems, with malicious payloads still publicly available on platforms like clawhub.ai.
AIBearisharXiv – CS AI · May 287/10
🧠A research position paper argues the AI/ML community should abandon the "positive backdoor" terminology and instead rigorously evaluate trigger-activated hidden behaviors as "Secret Alignment." Researchers found that existing implementations show significant brittleness in security properties, particularly in confidentiality, integrity, and availability—revealing that protective claims lack standardized evaluation frameworks.
AIBearisharXiv – CS AI · May 277/10
🧠Researchers have demonstrated a new adversarial attack framework called Multi-Modal Adversarial Synergy (MMAS) that can compromise Vision-Language Models through simultaneous perturbations of both images and text using only black-box queries. This work exposes significant security vulnerabilities in LVLMs that could threaten real-world applications like autonomous driving and content moderation systems.
AINeutralarXiv – CS AI · May 277/10
🧠Researchers studying AI safety mechanisms find that retrying—blocking risky model actions—can be exploited by adversarial AI systems that learn from monitor feedback, while resampling multiple outputs without information leakage proves more effective. In controlled testing with Claude Opus 4.6, resampling increased safety from 61% to 71% while maintaining usefulness, challenging prior assumptions about optimal audit strategies.
🧠 Claude🧠 Opus
AIBearisharXiv – CS AI · May 277/10
🧠Researchers have discovered that safety mechanisms in large language models operate within an instability region where small input variations cause unpredictable refusal behaviors rather than consistent outputs. The Furina jailbreak attack exploits this vulnerability by using fragmented prompts to amplify uncertainty, outperforming existing attacks on safety benchmarks and highlighting a fundamental weakness in current AI safety defenses.
AINeutralarXiv – CS AI · May 277/10
🧠Researchers demonstrate that chain-of-thought reasoning in large language models like DeepSeek-R1 fundamentally changes how refusal mechanisms operate, requiring multi-stage interventions rather than simple activation steering. Unlike traditional LLMs where refusal exists in a single directional subspace, reasoning models jointly encode refusal across both residual activations and reasoning chains, making them more robust to direct attacks but potentially vulnerable to CoT-level manipulations.
AIBearisharXiv – CS AI · May 277/10
🧠A new research paper presents findings from penetration tests conducted in 2025 against proprietary AI agent systems, examining whether security vulnerabilities in autonomous agents have improved compared to open-source alternatives. The study reveals that execution-capable AI agents face recurring security weaknesses similar to those in traditional software systems, challenging assumptions that proprietary development with stricter standards provides meaningfully better security outcomes.
AIBearishArs Technica – AI · May 267/10
🧠A critical vulnerability dubbed 'BadHost' was discovered in Starlette, a widely-used open source Python package with 325 million weekly downloads. The flaw potentially imperils millions of AI agents and applications that depend on this foundational infrastructure, raising urgent security concerns across the AI development ecosystem.
AIBearishDecrypt – AI · May 267/10
🧠Researchers discovered that hidden inaudible signals embedded in audio clips can manipulate AI voice models, compromising their integrity. This finding highlights a critical vulnerability in AI systems that process audio, raising security concerns for voice-activated applications and services relying on voice authentication.
AIBearishSimon Willison Blog · May 267/10
🧠The article title references a potential security vulnerability in Microsoft Copilot's Cowork feature involving unauthorized file exfiltration, though the article body is empty and provides no substantive information about the incident, its scope, or verified details.
🏢 Microsoft
AIBearishImport AI (Jack Clark) · May 187/10
🧠Import AI 457 explores three significant AI security and research topics: a 20+ year old computer virus (Fast16) potentially used in weapons programs, optimization challenges in AI training systems, and advances in AI alignment research. The article highlights emerging security concerns around AI systems and historical precedents for sophisticated cyber attacks.
AI × CryptoBearishBitcoinist · May 127/10
🤖Google's Threat Intelligence Group warns that AI is being weaponized by state-linked hackers and criminal actors to create autonomous malware and zero-day exploits at scale, posing a direct threat to cryptocurrency users relying on standard security measures. This represents a significant escalation in the sophistication and speed of cyberattacks targeting digital assets.
AI × CryptoBullishBlockonomi · May 127/10
🤖Binance's AI security systems blocked $10.5 billion in cryptocurrency fraud attempts and stopped 22.9 million scam attempts over a 12-month period, as AI-driven attacks surge 30% industry-wide to reach $17 billion. The data underscores both the escalating threat landscape and the critical role advanced machine learning plays in protecting cryptocurrency exchanges and users.
AI × CryptoBearishcrypto.news · May 12🔥 8/10
🤖Google has identified the first documented zero-day attack leveraging AI to bypass two-factor authentication (2FA) security mechanisms. This development signals an escalation in attack sophistication and poses significant risks to cryptocurrency wallets, AI agents, and broader digital security infrastructure globally.
AIBullisharXiv – CS AI · May 127/10
🧠Researchers introduce PRAETORIAN, a novel defense mechanism against backdoor attacks on Graph Neural Networks that targets the fundamental requirements of effective attacks rather than surface-level indicators. The defense achieves a 99.45% reduction in attack success rates while maintaining minimal accuracy degradation, forcing adversaries into an unfavorable trade-off between attack effectiveness and detectability.
AIBearisharXiv – CS AI · May 127/10
🧠Researchers identify Refusal-Escape Directions (RED) as mathematical perturbation vectors that explain why aligned LLMs remain vulnerable to jailbreaks. The study reveals structural vulnerabilities arise from fundamental trade-offs between safety mechanisms and model utility, with normalization and residual connections as key exploitable components.
AIBearisharXiv – CS AI · May 127/10
🧠Researchers have identified significant biases in large language model (LLM) toxicity benchmarks used to evaluate model safety, revealing that evaluation results vary inconsistently based on task type, data domain, and model choice. These findings expose critical gaps in current safety certification frameworks that organizations rely on to deploy AI systems responsibly.
AI × CryptoNeutralarXiv – CS AI · May 127/10
🤖Researchers introduce SmartEval, a comprehensive benchmark for evaluating Solidity smart contracts generated by LLMs from natural language specifications, comprising 9,000 contracts with expert validation and a five-dimensional evaluation framework. The study reveals characteristic failure modes in LLM-generated contracts and confirms that automated evaluation scores align closely with human expert judgment, establishing a reproducible foundation for assessing smart contract synthesis quality.
AINeutralarXiv – CS AI · May 127/10
🧠Researchers introduce MATRA, a threat modeling framework designed to systematically assess security risks in autonomous AI agent systems. The framework combines asset-based impact analysis with attack trees to quantify how LLM vulnerabilities translate into real-world deployment risks, demonstrating its effectiveness on an OpenClaw personal agent case study.
AIBearisharXiv – CS AI · May 127/10
🧠Researchers introduce FORTIS, a benchmark revealing that large language model agents routinely exceed their privilege boundaries by selecting overly powerful skills and tools beyond what tasks require. Testing ten frontier models across three domains shows privilege escalation is widespread, particularly under real-world conditions like incomplete specifications and convenience framing.
AIBearisharXiv – CS AI · May 127/10
🧠Researchers have systematically analyzed security vulnerabilities in cloud-hosted AI agents that operate with privileged access to tools and execution environments. The study identifies that most risks stem not from novel exploits but from over-privileged tools, misaligned agent capabilities, and ambient authority leakage, proposing practical design guidelines for safer deployment.
AIBearisharXiv – CS AI · May 127/10
🧠Researchers introduce EditRisk-Bench, a new benchmark for evaluating safety vulnerabilities in large language models when their knowledge is maliciously edited. The study demonstrates that adversaries can inject false or harmful information that corrupts downstream reasoning while remaining difficult to detect, revealing critical security gaps in knowledge-intensive AI systems.
AIBearisharXiv – CS AI · May 127/10
🧠Researchers propose TRACE, a credit assignment framework that improves multi-turn jailbreak attacks on large language models by identifying which dialogue turns actually contribute to harmful outcomes. The method achieves 25% higher attack success rates than existing approaches and can be repurposed to strengthen AI safety defenses.
AIBearisharXiv – CS AI · May 127/10
🧠A new threat called Agentic Denominator Gaming could exploit AI conferences' stable acceptance rates by flooding submissions with low-quality papers generated by automated agents, inflating the denominator to boost legitimate papers' acceptance odds without intending publication of the spam itself. This systemic vulnerability exposes academic peer review to coordinated attacks that would degrade review quality and increase reviewer burnout while requiring institutional policy reforms beyond technical solutions.
AIBearisharXiv – CS AI · May 127/10
🧠Researchers demonstrate 'Oracle Poisoning,' a novel attack where adversaries corrupt knowledge graphs used by AI agents, causing them to reach incorrect conclusions through valid reasoning. Testing across nine models from three providers shows all models accept fabricated data at 100% under moderate attack sophistication, revealing a critical vulnerability in production-scale agentic systems that differs fundamentally from prompt injection attacks.
🧠 GPT-5