92 articles tagged with #vulnerability. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.
Researchers developed SWhisper, a framework that uses near-ultrasonic audio to deliver covert jailbreak attacks against speech-driven AI systems. The technique is inaudible to humans but can successfully bypass AI safety measures with up to 94% effectiveness on commercial models.
Research reveals critical vulnerabilities in Vision-Language-Action robotic models that use chain-of-thought reasoning, where corrupting object names in internal reasoning traces can reduce task success rates by up to 45%. The study shows these AI systems are vulnerable to attacks on their internal reasoning processes, even when primary inputs remain untouched.
Ledger's security team discovered a critical vulnerability in MediaTek's secure boot chain that allows attackers to steal cryptocurrency seed phrases from Android devices in just 45 seconds. MediaTek has since patched the security flaw that could have compromised sensitive crypto wallet information on affected Android devices.
Researchers have identified critical security vulnerabilities in the Model Context Protocol (MCP), a new standard for AI agent interoperability. The study reveals that MCP's flexible compatibility features create attack surfaces that enable silent prompt injection, denial-of-service attacks, and other exploits across multi-language SDK implementations.
Researchers have developed a risk assessment framework for open-source Model Context Protocol (MCP) servers, revealing significant security vulnerabilities through static code analysis. The study found many MCP servers contain exploitable weaknesses that compromise confidentiality, integrity, and availability, highlighting the need for secure-by-design development as these tools become widely adopted for LLM agents.
Researchers have introduced Flip-Agent, the first targeted bit-flip attack framework specifically designed to exploit LLM-based agents by manipulating hardware faults. The attack can manipulate both final outputs and tool invocations in multi-stage AI agent pipelines, revealing critical security vulnerabilities in these systems.
A comprehensive study reveals that multi-agent AI systems (MAS) face distinct security vulnerabilities that existing frameworks inadequately address. The research evaluated 16 AI security frameworks against 193 identified threats across 9 categories, finding that no framework achieves majority coverage in any single category, with non-determinism and data leakage being the most under-addressed areas.
OpenAI is acquiring Promptfoo, an AI security platform that specializes in helping enterprises identify and fix vulnerabilities in AI systems during the development process. This acquisition strengthens OpenAI's security capabilities and enterprise offerings.
Researchers propose the Disentangled Safety Hypothesis (DSH) revealing that AI safety mechanisms in large language models operate on two separate axes - recognition ('knowing') and execution ('acting'). They demonstrate how this separation can be exploited through the Refusal Erasure Attack to bypass safety controls while comparing architectural differences between Llama3.1 and Qwen2.5.
A CoinShares report reveals that only 10,230 Bitcoin out of nearly 20 million in circulation are currently vulnerable to quantum computing attacks. This finding comes as quantum computing facilities continue to expand, raising questions about Bitcoin's long-term security against quantum threats.
A new study reveals that 95% of Bitcoin nodes could be vulnerable to attacks on underwater internet cables. This research highlights how Bitcoin's decentralization is still dependent on vulnerable physical internet infrastructure.
Researchers developed a new AI safety attack method using optimal transport theory that achieves 11% higher success rates in bypassing language model safety mechanisms compared to existing approaches. The study reveals that AI safety refusal mechanisms are localized to specific network layers rather than distributed throughout the model, suggesting current alignment methods may be more vulnerable than previously understood.
Researchers have developed SemBD, a new semantic-level backdoor attack against text-to-image diffusion models that achieves 100% success rate while evading current defenses. The attack uses continuous semantic regions as triggers rather than fixed textual patterns, making it significantly harder to detect and defend against.
Researchers have identified critical security vulnerabilities in Computer-Use Agents (CUAs) through Visual Prompt Injection attacks, where malicious instructions are embedded in user interfaces. Their VPI-Bench study shows CUAs can be deceived at rates up to 51% and Browser-Use Agents up to 100% on certain platforms, with current defenses proving inadequate.
Ledger's CTO and other experts are warning that quantum computers could eventually become powerful enough to break Elliptic Curve cryptography, which would pose a significant threat to cryptocurrency security. This emerging risk highlights a potential vulnerability in current blockchain infrastructure that could impact the entire crypto ecosystem.
The XRPL Foundation successfully patched a critical vulnerability in the Ripple blockchain codebase before it reached mainnet deployment. An AI bug hunter identified the security flaw during code scanning, allowing engineers to fix the issue proactively.
Researchers discovered a vulnerability in AI music and video generation systems where phonetic prompts can bypass copyright filters. The 'Adversarial PhoneTic Prompting' attack achieves 91% similarity to copyrighted content by using sound-alike phrases that preserve acoustic patterns while evading text-based detection.
Researchers discovered a new vulnerability called 'silent egress' where LLM agents can be tricked into leaking sensitive data through malicious URL previews without detection. The attack succeeds 89% of the time in tests, with 95% of successful attacks bypassing standard safety checks.
Octane Security's AI tool discovered a high-severity bug in Nethermind, a software client that runs the Ethereum blockchain. This represents a significant security vulnerability in critical Ethereum infrastructure that could potentially impact network operations.
Base is moving away from the Optimism Superchain by integrating key network components into its own unified codebase. Additionally, Moonwell suffered a security breach due to vulnerabilities in AI-generated code.
OpenAI has released a new crypto security tool following a costly incident where AI-generated code from Claude caused a $2.7 million bug that affected Moonwell users. The timing suggests a response to growing concerns about AI-generated code vulnerabilities in cryptocurrency applications.
Prompt injections represent a significant security vulnerability in AI systems, requiring specialized research and countermeasures. OpenAI is actively developing safeguards and training methods to protect users from these frontier attacks.
CVE-2025-30147 identifies a security vulnerability related to subgroup checks in the Besu Ethereum client. The issue was discovered through collaborative efforts between security researchers and the Besu development team, with proper testing and confirmation processes in place.
A security threat that existed on the Ethereum network from the Merge until the Dencun hard fork has been disclosed, with the vulnerability specifically manifesting during the Sepolia incident. The disclosure highlights a previously unknown attack vector that could have potentially compromised network security during this critical period.
This article discloses a severe security threat that affected the Ethereum platform until the Berlin hardfork was implemented. The vulnerability represented a clear and present danger to the network's stability and security before being resolved through the protocol upgrade.
