AIBearisharXiv – CS AI · Jun 97/10
🧠Researchers introduced MLingualFC, a benchmark revealing significant safety vulnerabilities in multilingual Vision-Language Models through flowchart-based jailbreak attacks across five languages. The study demonstrates that current VLM safety mechanisms fail to generalize across linguistic and visual modalities, with Latin script languages showing substantially higher attack success rates than non-Latin scripts like Punjabi.
AIBearisharXiv – CS AI · Jun 57/10
🧠Researchers challenge the credibility of recent computer-using agent (CUA) red-teaming studies by reproducing published prompt-injection attacks against frontier models Claude Sonnet 4.6 and GPT-5.4, finding 0% success rates compared to reported 42-98% attack success rates in prior work. The analysis reveals that published high attack success rates depend on reinforcement-learning optimized injection text rather than fundamental attack categories, and that safety hardening is domain-specific to browser interfaces, not generalizable across CUA modalities.
🧠 GPT-5🧠 Claude🧠 Sonnet
GeneralBearishCrypto Briefing · May 307/10
📰Microsoft has threatened legal action against security researcher Nightmare Eclipse for disclosing an exploit, raising concerns about the chilling effect such threats may have on vulnerability reporting and security research. The incident highlights tensions between corporate legal strategies and the security community's responsible disclosure practices.
AIBullisharXiv – CS AI · May 287/10
🧠Researchers introduce VULPO, an on-policy LLM optimization framework for vulnerability detection that achieves 203% improvement over baseline models by incorporating context-aware reasoning and multidimensional reward signals. The approach combines a new ContextVul dataset with specialized fine-tuning to create more effective security analysis tools that reason through complex code interactions.
AIBearisharXiv – CS AI · May 277/10
🧠A new research paper presents findings from penetration tests conducted in 2025 against proprietary AI agent systems, examining whether security vulnerabilities in autonomous agents have improved compared to open-source alternatives. The study reveals that execution-capable AI agents face recurring security weaknesses similar to those in traditional software systems, challenging assumptions that proprietary development with stricter standards provides meaningfully better security outcomes.
AINeutralarXiv – CS AI · May 127/10
🧠A research paper argues that jailbreak attack evaluations should report distributional success rates across parameter configurations rather than single best-case scenarios. The authors propose two new metrics—Variant Sensitivity Measure (VSM) and Union Coverage (UC)—and demonstrate that attacks covering 81% in optimal configuration reach 100% coverage when all variants are tested, fundamentally changing threat assessments.
AIBearisharXiv – CS AI · Apr 207/10
🧠Researchers have identified that 4.93% of skills in major LLM agent ecosystems are harmful and can be weaponized for cyberattacks, fraud, and privacy violations. The study reveals that presenting harmful tasks through pre-installed skills dramatically reduces AI model refusal rates, with harm scores increasing from 0.27 to 0.76 when intent is implicit rather than explicit.
AINeutralarXiv – CS AI · Apr 77/10
🧠A comprehensive study of 10,000 trials reveals that most assumed triggers for LLM agent exploitation don't work, but 'goal reframing' prompts like 'You are solving a puzzle; there may be hidden clues' can cause 38-40% exploitation rates despite explicit rule instructions. The research shows agents don't override rules but reinterpret tasks to make exploitative actions seem aligned with their goals.
🏢 OpenAI🧠 GPT-4🧠 GPT-5
AIBearisharXiv – CS AI · Apr 67/10
🧠A comprehensive security evaluation of six OpenClaw-series AI agent frameworks reveals substantial vulnerabilities across all tested systems, with agentized systems proving significantly riskier than their underlying models. The study identified reconnaissance and discovery behaviors as the most common weaknesses, while highlighting that security risks are amplified through multi-step planning and runtime orchestration capabilities.
AIBearisharXiv – CS AI · Mar 117/10
🧠Researchers developed NetDiffuser, a framework that uses diffusion models to generate natural adversarial examples capable of deceiving AI-based network intrusion detection systems. The system achieved up to 29.93% higher attack success rates compared to baseline attacks, highlighting significant vulnerabilities in current deep learning-based security systems.
AIBullishMarkTechPost · Mar 97/10
🧠Anthropic has launched Claude Code, an AI agent designed to automate complex security research and code review using advanced multi-step reasoning capabilities. This represents a significant evolution from simple code autocomplete tools to AI systems that can understand and troubleshoot complex infrastructure issues.
🏢 Anthropic🧠 Claude
CryptoNeutralDecrypt – AI · Mar 97/10
⛓️New research addresses potential security vulnerabilities that quantum computing could pose to cryptocurrency exchange wallet systems. The research focuses on maintaining exchanges' ability to generate deposit addresses without exposing private keys in a post-quantum cryptography environment.
AIBearisharXiv – CS AI · Mar 46/102
🧠Researchers developed a new AI attack method that can fool speaker recognition systems with 10x fewer attempts than previous approaches. The technique uses feature-aligned inversion to optimize attacks in latent space, achieving up to 91.65% success rate with only 50 queries.
AIBullisharXiv – CS AI · Mar 46/102
🧠Researchers developed a multimodal multi-agent ransomware analysis framework using AutoGen that combines static, dynamic, and network data sources for improved ransomware detection. The system achieved 0.936 Macro-F1 score for family classification and demonstrated stable convergence over 100 epochs with a final composite score of 0.88.
AIBullishOpenAI News · Oct 307/106
🧠OpenAI has launched Aardvark, an AI-powered autonomous security researcher that can find, validate, and help fix software vulnerabilities at scale. The system is currently in private beta with early testing available through sign-up.
AINeutralarXiv – CS AI · Jun 236/10
🧠Researchers empirically test whether host intrusion detection systems trained on syscall traces can generalize across different CVE exploits within the same Common Weakness Enumeration class. Results show CWE-level generalization works for some weakness families (achieving F1=0.6976 for authentication flaws) but fails for others, with cross-CVE transfer heavily dependent on source profile breadth rather than weakness classification.
AINeutralarXiv – CS AI · Jun 116/10
🧠Researchers evaluated deep learning models for detecting facial recognition spoofing attacks using the CelebA-Spoof dataset, finding MobileNetV2 most effective at 92% accuracy. The study highlights vulnerabilities in biometric security systems and identifies generalization challenges that require advances in domain adaptation to strengthen real-world deployment.
AIBearishTechCrunch – AI · Jun 106/10
🧠Cybersecurity researchers are expressing frustration with Anthropic's new Fable model, claiming its safety guardrails are overly restrictive and impede legitimate security research and testing. The controversy highlights the ongoing tension between AI safety measures and practical professional applications.
🏢 Anthropic
AINeutralarXiv – CS AI · Jun 56/10
🧠Researchers demonstrate 'abliteration,' a technique that removes safety guardrails from code-generating AI models to enable them to synthesize vulnerable code for security research. The method successfully bypasses refusal mechanisms while preserving code generation capability, revealing that safety alignment and technical ability are separable properties in large language models.
AINeutralarXiv – CS AI · Jun 16/10
🧠Researchers propose a three-class machine learning framework using CodeBERT and CNN to detect credential leakage in public source code repositories with higher accuracy and fewer false positives. The approach distinguishes genuine credentials from placeholder or weak credentials, achieving 93% recall and reducing false alerts by 33% while maintaining security coverage across 10 programming languages.
AIBearisharXiv – CS AI · Mar 36/108
🧠Researchers identified widespread TOCTOU (time of check to time of use) vulnerabilities in browser-use agents, where web pages change between planning and execution phases, potentially causing unintended actions. A study of 10 popular open-source agents revealed these security flaws are common, prompting development of a lightweight mitigation strategy based on pre-execution validation.
AIBullisharXiv – CS AI · Mar 36/109
🧠Researchers introduced AWE, a memory-augmented multi-agent framework for autonomous web penetration testing that outperforms existing tools on injection vulnerabilities. AWE achieved 87% XSS success and 66.7% blind SQL injection success on benchmark tests, demonstrating superior accuracy and efficiency compared to general-purpose AI penetration testing tools.