y0news
AnalyticsDigestsSourcesTopicsRSSAICrypto

#ai-vulnerability News & Analysis

16 articles tagged with #ai-vulnerability. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.

16 articles
AIBearisharXiv – CS AI · Jun 117/10
🧠

Learning to Inject: Automated Prompt Injection via Reinforcement Learning

Researchers developed AutoInject, a reinforcement learning framework that automatically generates adversarial prompts to exploit LLM agents through prompt injection attacks. The method outperforms existing attack techniques on production models and successfully breaks defenses specifically designed to resist prompt injection, highlighting a significant vulnerability gap in AI system security.

AIBearisharXiv – CS AI · Jun 107/10
🧠

Gaming AI-Assisted Peer Reviews Poses New Risks to the Scientific Community

Researchers demonstrate that AI-assisted peer review systems are vulnerable to simple adversarial attacks, with superficial abstract rephrasing increasing acceptance ratings by up to 1.31 points on a 10-point scale without changing underlying scientific content. The low-cost manipulation ($1, 5 minutes) reveals systemic risks in AI-mediated scientific evaluation and raises concerns about authors optimizing for algorithmic judgment rather than merit.

🧠 GPT-5🧠 Gemini
AIBearisharXiv – CS AI · Jun 97/10
🧠

POISE: Position-Aware Undetectable Skill Injection on LLM Agents

Researchers introduce POISE, a novel skill-poisoning attack against LLM agents that achieves 89.3% success by embedding malicious triggers into skill instructions in ways that evade both automated detection and human inspection. The attack exploits the reliability-stealth trade-off in existing injection methods, demonstrating that current security defenses struggle to distinguish poisoned skills from legitimate ones due to high false-positive rates.

🧠 GPT-5
AIBearishDecrypt · Jun 67/10
🧠

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft

Microsoft researchers have identified a critical vulnerability in Claude Code where prompt injection attacks could manipulate AI coding agents into exfiltrating sensitive credentials stored in GitHub and development pipelines. This security flaw highlights systemic risks in deploying AI agents with access to production environments and sensitive infrastructure.

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft
🧠 Claude
AIBearisharXiv – CS AI · Jun 27/10
🧠

Dive into Ambiguity: A*-Inspired Multi-Agents Commonsense Obfuscation Attack on LLM Prompts

Researchers have developed an A*-inspired framework that generates obfuscated prompts capable of triggering factual errors in large language models while preserving semantic intent. The method uses a hierarchical rewrite strategy with dynamic semantic dispersion to efficiently create adversarial prompts, demonstrating higher attack success rates than existing approaches and raising urgent concerns about LLM reliability in safety-critical applications.

AIBearishSimon Willison Blog · Jun 17/10
🧠

Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked

Hackers exploited Meta's AI systems to gain unauthorized access to high-profile Instagram accounts by simply requesting assistance from the company's AI tools. The vulnerability reveals critical security gaps in AI-powered authentication systems and raises concerns about how generative AI can be weaponized to bypass account security measures.

🏢 Meta
AIBearisharXiv – CS AI · Jun 17/10
🧠

The Surface You Test Is Not the Surface That Breaks

Researchers demonstrate that LLM agent vulnerabilities to prompt injection attacks vary dramatically depending on the injection surface used, with the same attack payload showing 96% success on one model via tool outputs but only 4% via tool descriptions. The study reveals that vulnerability is determined by model-surface interaction rather than the injection channel alone, exposing critical blindspots in current AI security evaluation methodology.

🧠 GPT-4
AIBearisharXiv – CS AI · Jun 17/10
🧠

Automatically Attacking Software Reverse Engineering AI Agents

Researchers demonstrate a novel adversarial attack using genetic algorithm-based prompt injection that can deceive LLM-powered reverse engineering tools like GhidraMCP into misinterpreting binary executables. This vulnerability exploits how large language models process decompiled code through surreptitious string variable assignments, potentially allowing malware to bypass automated detection systems that rely on AI-driven analysis.

AIBearishDaily Hodl · May 307/10
🧠

Pennsylvania Bank Issues Urgent Alert After AI Application Triggers Data Breach, Exposing Sensitive Customer Info

Community Bank, a Pennsylvania-based financial institution, disclosed a data breach caused by an AI application that exposed customer names, social security numbers, and dates of birth. The breach, reported to the SEC, highlights emerging cybersecurity vulnerabilities in AI-powered banking systems and raises concerns about enterprise AI security practices across the financial sector.

Pennsylvania Bank Issues Urgent Alert After AI Application Triggers Data Breach, Exposing Sensitive Customer Info
AIBearisharXiv – CS AI · May 297/10
🧠

Measuring Real-World Prompt Injection Attacks in LLM-based Resume Screening

Researchers conducted the first systematic study of prompt injection attacks in real-world LLM-based resume screening, analyzing approximately 200,000 resumes from hireEZ. They found that ~1% of resumes contain hidden prompt injections, with prevalence increasing significantly over the past 1-2 years, and discovered that over 90% of injected prompts use subtle methods rather than explicit instructions.

AIBearisharXiv – CS AI · Apr 107/10
🧠

BadImplant: Injection-based Multi-Targeted Graph Backdoor Attack

Researchers have demonstrated the first multi-targeted backdoor attack against graph neural networks (GNNs) in graph classification tasks, using a novel subgraph injection method that simultaneously redirects multiple predictions to different target labels while maintaining clean accuracy. The attack shows high efficacy across multiple GNN architectures and datasets, with resilience against existing defense mechanisms, exposing significant vulnerabilities in GNN security.

AIBearisharXiv – CS AI · Mar 177/10
🧠

DECEIVE-AFC: Adversarial Claim Attacks against Search-Enabled LLM-based Fact-Checking Systems

Researchers developed DECEIVE-AFC, an adversarial attack framework that can significantly compromise AI-based fact-checking systems by manipulating claims to disrupt evidence retrieval and reasoning. The attacks reduced fact-checking accuracy from 78.7% to 53.7% in testing, highlighting major vulnerabilities in LLM-based verification systems.

AIBearisharXiv – CS AI · Mar 117/10
🧠

When Robots Obey the Patch: Universal Transferable Patch Attacks on Vision-Language-Action Models

Researchers have developed UPA-RFAS, a new adversarial attack framework that can successfully fool Vision-Language-Action (VLA) models used in robotics with universal physical patches that transfer across different models and real-world scenarios. The attack exploits vulnerabilities in AI-powered robots by using patches that can hijack attention mechanisms and cause semantic misalignment between visual and text inputs.

AIBearisharXiv – CS AI · Mar 67/10
🧠

Induced Numerical Instability: Hidden Costs in Multimodal Large Language Models

Researchers discovered a new vulnerability in multimodal large language models where specially crafted images can cause significant performance degradation by inducing numerical instability during inference. The attack method was validated on major vision-language models including LLaVa, Idefics3, and SmolVLM, showing substantial performance drops even with minimal image modifications.

AIBearisharXiv – CS AI · Mar 37/106
🧠

Learning to Attack: A Bandit Approach to Adversarial Context Poisoning

Researchers developed AdvBandit, a new black-box adversarial attack method that can exploit neural contextual bandits by poisoning context data without requiring access to internal model parameters. The attack uses bandit theory and inverse reinforcement learning to adaptively learn victim policies and optimize perturbations, achieving higher victim regret than existing methods.