y0news
AnalyticsDigestsSourcesTopicsRSSAICrypto

#api-security News & Analysis

11 articles tagged with #api-security. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.

11 articles
AIBearishDecrypt – AI · Jun 257/10
🧠

Anthropic Urges Congress to Crack Down on AI Distillation By Chinese Rivals

Anthropic has called on Congress to regulate AI model distillation after alleging that Alibaba-affiliated operators used nearly 25,000 fraudulent accounts to generate 28.8 million Claude API exchanges, potentially extracting proprietary model knowledge. The incident highlights vulnerabilities in API-based AI systems and raises questions about intellectual property protection in the competitive AI development landscape.

Anthropic Urges Congress to Crack Down on AI Distillation By Chinese Rivals
🏢 Anthropic🧠 Claude
AIBearisharXiv – CS AI · Jun 257/10
🧠

What Does It Mean to Break a Distillation Defense?

Researchers propose a formal threat model framework for evaluating distillation defenses against black-box LLM attacks, arguing that existing output perturbation defenses lack clear specifications about attacker capabilities. The work demonstrates that defense effectiveness depends heavily on assumed threat parameters, raising concerns about false security claims in deployed systems.

GeneralBearishCrypto Briefing · Jun 107/10
📰

ServiceNow patches vulnerability exploited against some customers

ServiceNow has patched a vulnerability that was actively exploited against some of its customers, raising concerns about the security posture of major SaaS providers. The incident underscores growing cybersecurity risks in cloud infrastructure and their potential impact on customer confidence and business continuity.

ServiceNow patches vulnerability exploited against some customers
AIBearisharXiv – CS AI · Jun 97/10
🧠

Hiding in Plain Floats: Steganographic Carriers for Indirect Prompt and Content Injection

Researchers demonstrated a novel prompt-injection attack that bypasses text-based LLM defenses by encoding malicious payloads as floating-point parameters and reconstructing them as fragmented telemetry. Testing across three commercial LLM APIs showed 94.3% attack success rate against leading defenses like Prompt Guard 2, revealing a critical gap in structured-input security.

CryptoNeutralBlockonomi · May 297/10
⛓️

DAXA Tightens API Key Rules to Curb Crypto Market Manipulation in South Korea

South Korea's Digital Asset Exchange Association (DAXA) has implemented stricter API key regulations requiring major exchanges to invalidate suspicious keys and deploy IP whitelisting. The policy addresses growing concerns about market manipulation as automated trading now comprises 30% of domestic crypto volume, following security breaches like the 2022 3Commas hack that exposed 100,000 API keys.

AIBearisharXiv – CS AI · May 297/10
🧠

KBF: Knowledge Boundary as Fingerprint for Language Model and Black-Box API Auditing

Researchers introduce KBF, a black-box auditing protocol that detects fraudulent LLM API substitutions by analyzing model behavior at knowledge boundaries. Testing across 16 production endpoints revealed all economically relevant model swaps without false positives, and identified inconsistencies in 7 of 27 model cells across major AI platforms, particularly affecting Claude premium endpoints.

🧠 Claude
AI × CryptoBearishCoinDesk · Apr 207/10
🤖

Hack at Vercel sends crypto developers scrambling to lock down API keys

Vercel, a critical infrastructure provider for web3 applications, experienced a security breach involving a compromised AI tool that potentially exposed API credentials used by crypto developers. The incident threatens the security of frontend applications that connect blockchain wallets to trading interfaces and backend services.

Hack at Vercel sends crypto developers scrambling to lock down API keys
AIBearishIEEE Spectrum – AI · Feb 127/102
🧠

The First Social Network for AI Agents Heralds Their Messy Future

Moltbook, the first social network for AI agents, launched on January 28th and quickly gained popularity despite significant security vulnerabilities. Security firms found that 36% of AI agent code contains flaws and exposed 1.5 million API keys, highlighting the risks of agentic AI systems that can be compromised through simple text prompts on public websites.

AINeutralarXiv – CS AI · Jun 46/10
🧠

Token Rankings are Unforgeable Language Model Signatures

Researchers demonstrate that token ranking signatures from language model APIs are mathematically unforgeable—each model produces unique top-k token orderings that cannot be replicated by other models. While rankings leak less information than raw logits, they still enable approximate parameter theft, though APIs can mitigate this risk by restricting k to sufficiently small values.

AIBearishOpenAI News · Nov 266/104
🧠

Mixpanel security incident: what OpenAI users need to know

OpenAI disclosed a security incident involving their analytics partner Mixpanel that exposed limited API analytics data. The company confirmed that no API content, user credentials, or payment information was compromised in the breach.