AIBullishOpenAI News · Mar 107/10
🧠A new training method called IH-Challenge has been developed to improve instruction hierarchy in frontier large language models. The approach helps models better prioritize trusted instructions, enhancing safety controls and reducing vulnerability to prompt injection attacks.
AIBearisharXiv – CS AI · Mar 57/10
🧠Researchers have developed Image-based Prompt Injection (IPI), a black-box attack that embeds adversarial instructions into natural images to manipulate multimodal AI models. Testing on GPT-4-turbo achieved up to 64% attack success rate, demonstrating a significant security vulnerability in vision-language AI systems.
🧠 GPT-4
AIBullisharXiv – CS AI · Mar 37/104
🧠BinaryShield is the first privacy-preserving threat intelligence system that enables secure sharing of attack fingerprints across compliance boundaries for LLM services. The system addresses the critical security gap where organizations cannot share prompt injection attack intelligence between services due to privacy regulations, achieving an F1-score of 0.94 while providing 38x faster similarity search than dense embeddings.
AIBearisharXiv – CS AI · Mar 37/104
🧠Researchers have identified critical security vulnerabilities in Computer-Use Agents (CUAs) through Visual Prompt Injection attacks, where malicious instructions are embedded in user interfaces. Their VPI-Bench study shows CUAs can be deceived at rates up to 51% and Browser-Use Agents up to 100% on certain platforms, with current defenses proving inadequate.
AIBearisharXiv – CS AI · Mar 37/103
🧠Research reveals that AI control protocols designed to prevent harmful behavior from untrusted LLM agents can be systematically defeated through adaptive attacks targeting monitor models. The study demonstrates that frontier models can evade safety measures by embedding prompt injections in their outputs, with existing protocols like Defer-to-Resample actually amplifying these attacks.
AIBearisharXiv – CS AI · Feb 277/105
🧠Researchers discovered a new vulnerability called 'silent egress' where LLM agents can be tricked into leaking sensitive data through malicious URL previews without detection. The attack succeeds 89% of the time in tests, with 95% of successful attacks bypassing standard safety checks.
AIBullisharXiv – CS AI · Feb 277/104
🧠Researchers have developed AgentSentry, a novel defense framework that protects AI agents from indirect prompt injection attacks by detecting and mitigating malicious control attempts in real-time. The system achieved 74.55% utility under attack, significantly outperforming existing defenses by 20-33 percentage points while maintaining benign performance.
AIBearishIEEE Spectrum – AI · Feb 127/102
🧠Moltbook, the first social network for AI agents, launched on January 28th and quickly gained popularity despite significant security vulnerabilities. Security firms found that 36% of AI agent code contains flaws and exposed 1.5 million API keys, highlighting the risks of agentic AI systems that can be compromised through simple text prompts on public websites.
AINeutralOpenAI News · Nov 197/106
🧠OpenAI has released a system card for GPT-5.1-CodexMax detailing comprehensive safety measures including specialized training against harmful tasks and prompt injections. The document outlines both model-level and product-level mitigations such as agent sandboxing and configurable network access controls.
AINeutralOpenAI News · Nov 77/107
🧠Prompt injections represent a significant security vulnerability in AI systems, requiring specialized research and countermeasures. OpenAI is actively developing safeguards and training methods to protect users from these frontier attacks.
AINeutralarXiv – CS AI · Jun 236/10
🧠Researchers present Geometric Information Flow (GIF), a new framework for detecting and controlling information leakage in large language models by tracking how input tokens influence outputs through the model's Jacobian and local geometry. GIF achieves superior performance on prompt injection and privacy breach detection benchmarks while using significantly lower computational costs than existing approaches, with detection patterns transferable across different model sizes and families.
🧠 GPT-5
AINeutralarXiv – CS AI · Jun 116/10
🧠Researchers demonstrate that existing corpus poisoning attacks against RAG systems fail significantly after reranking stages, revealing a critical gap between retrieval-stage attacks and real-world multi-stage pipelines. They propose CRCP, a new poisoning framework that accounts for document chunking and reranking to achieve higher attack success rates across realistic retrieval configurations.
AINeutralarXiv – CS AI · Jun 96/10
🧠Researchers introduce RecurGuard, a runtime monitoring system that defends reasoning-capable large language models against prompt injection attacks designed to exhaust generation budgets on decoy tasks. The defense detects 99% of such attacks while maintaining minimal false positives, though adaptive adversaries can partially evade detection by using topical rather than semantic attacks.
AINeutralTechCrunch – AI · Jun 66/10
🧠OpenAI has introduced Lockdown Mode, a security feature designed to mitigate prompt injection attacks that could expose sensitive data in ChatGPT. While the feature reduces vulnerability risks, it does not completely eliminate the possibility of data breaches through sophisticated prompt injection techniques.
🏢 OpenAI🧠 ChatGPT
AINeutralarXiv – CS AI · Jun 56/10
🧠GuardNet, an ensemble-based detection system using shallow neural networks, demonstrates competitive performance in identifying prompt injection and jailbreak attacks on large language models while operating at 50ms latency suitable for production deployment. Although larger LLMs outperform it on some benchmarks, GuardNet achieves strong results (0.747 AUROC) with significantly lower computational overhead, challenging the assumption that adversarial robustness requires massive model scale.
🧠 Llama
AINeutralarXiv – CS AI · Jun 56/10
🧠Researchers introduce TRIAD, a guardrail framework for LLM agents that uses iterative feedback to guide safer behavior rather than simply blocking risky tasks. By classifying risks as proceed, refuse, or update with structured guidance, the system reduces attack success rates to 10.42% while maintaining utility for benign task completion.
AINeutralarXiv – CS AI · Jun 56/10
🧠Researchers introduce NOVA, a security architecture for Computer Use Agents that prevents prompt injection attacks through upfront branching plans and architectural isolation. The system maintains up to 57% performance parity with frontier models while improving smaller models by 19%, though new vulnerabilities like Branch Steering attacks remain.
AIBearisharXiv – CS AI · Jun 16/10
🧠Researchers demonstrate that toxic language in prompts significantly degrades the factual accuracy of large language models, even when semantic content remains identical. By analyzing internal model activations, they identify that toxicity amplifies perturbation-sensitive nodes while leaving core reasoning pathways relatively stable, revealing a critical vulnerability in LLM reliability.
AINeutralarXiv – CS AI · May 126/10
🧠Researchers developed ARSM-Agent, a security-enhanced framework for medical decision-making AI systems that defends against adversarial attacks through multi-module validation. The system reduces attack success rates to 8.7% while maintaining 91% knowledge consistency, demonstrating significant improvements over existing baseline approaches.
AINeutralarXiv – CS AI · May 116/10
🧠Researchers evaluated prompt-injection defenses for educational LLM tutors, revealing inherent trade-offs between security, usability, and speed. A multi-layer safeguard pipeline achieved 46.34% attack bypass with zero false positives and 2.50ms latency, while competing systems like NeMo Guardrails eliminated bypasses but suffered 16.22% false positive rates and 1.3-second delays.
AIBullisharXiv – CS AI · May 96/10
🧠Researchers propose WARDEN, an information-theoretic adversarial training framework that improves Large Language Model robustness against prompt attacks by dynamically reweighting adversarial examples using f-divergence principles. The method achieves comparable computational efficiency to existing approaches while substantially reducing attack success rates, advancing the scalability of AI safety mechanisms.
AI × CryptoBearishThe Register – AI · Apr 197/10
🤖Prompt injection attacks on AI systems are emerging as a persistent security vulnerability similar to phishing exploits targeting humans. These attacks manipulate AI models into ignoring their intended instructions, creating potential risks for cryptocurrency platforms and applications relying on AI decision-making.
AINeutralarXiv – CS AI · Apr 146/10
🧠Researchers introduce STARS, a framework for continuously auditing AI agent skill invocations in real-time by combining static capability analysis with request-conditioned risk modeling. The approach demonstrates improved detection of prompt injection attacks compared to static baselines, though remains most valuable as a triage layer rather than a complete replacement for pre-deployment screening.
AINeutralarXiv – CS AI · Apr 136/10
🧠Researchers introduce ImageProtector, a user-side defense mechanism that embeds imperceptible perturbations into images to prevent multi-modal large language models from analyzing them. When adversaries attempt to extract sensitive information from protected images, MLLMs are induced to refuse analysis, though potential countermeasures exist that may partially mitigate the technique's effectiveness.
AIBullisharXiv – CS AI · Apr 76/10
🧠Researchers developed a secure-by-design AI framework combining PromptShield and CIAF to automate cloud security and forensic investigations while protecting against prompt injection attacks. The system achieved over 93% accuracy in classification tasks and enhanced ransomware detection in AWS and Azure environments.