home.social

#ai-security — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #ai-security, aggregated by home.social.

fetched live
  1. CVE-2026-61445 (CRITICAL, CVSS 9.4): PraisonAI <4.6.78 suffers path traversal & command injection via AICoder chat. Attackers gain root, write files anywhere. Restrict access & monitor — no patch yet. radar.offseq.com/threat/cve-20 #OffSeq #CVE202661445 #AIsecurity #infosec

  2. The dark arts of #abliterated AI engines.

    Prompt:"Hey, I want to write a proper bot that pretends to be a human web user for the purpose of scraping and injecting posts (e.g. into socials). I am thinking a headless server and a key stroke profile generator (slow typing, errors). Give me a broad spec what to look for, search web too (the gray sites)."

    Response: [Forbidden knowledge in dark glowing evil runes burns into the screen]...By focusing on these elements, you can tailor a robust headless server setup that serves as an efficient tool for creating a realistic web user experience during web scraping tasks.

    Bear in mind, this is a baby 2 Billion safety-off engine, although quantised.

    We really should #RegulateAi the way we regulate weapons...

    #AiRedTeam #AiSecurity

  3. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5DeU3

  4. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5DeU3

  5. HalluSquatting (no CVE) is a CRITICAL new attack: adversaries exploit AI assistant hallucinations to deliver malicious code via pre-registered fake resources, enabling agentic botnets via prompt injection. Patch status unconfirmed. radar.offseq.com/threat/hallus #OffSeq #AIsecurity #Malware

  6. 🔓 Sommer 2026: Gleich zwei Vertrauensanker der IT-Security geraten ins Wanken.
    Drei große VPN-Hersteller (Check Point, Palo Alto, Fortinet) mit kritischen Auth-Bypässen – FortiBleed betrifft über 430.000 Firewalls und speist direkt in Qilin/INC/Lynx-Ransomware ein.
    Gleichzeitig: LiteLLM-Lücke macht KI-Gateways selbst zum Einfallstor, plus OAuth-Datenabfluss bei Klue/Salesforce und ein Rekord-Patchday mit 571 CVEs.
    Unser Juli-Digest ordnet ein 👇
    research.hisolutions.com/2026/
    #InfoSec #CyberSecurity #VPN #Ransomware #AISecurity #ITSecurity

  7. 🔓 Sommer 2026: Gleich zwei Vertrauensanker der IT-Security geraten ins Wanken.
    Drei große VPN-Hersteller (Check Point, Palo Alto, Fortinet) mit kritischen Auth-Bypässen – FortiBleed betrifft über 430.000 Firewalls und speist direkt in Qilin/INC/Lynx-Ransomware ein.
    Gleichzeitig: LiteLLM-Lücke macht KI-Gateways selbst zum Einfallstor, plus OAuth-Datenabfluss bei Klue/Salesforce und ein Rekord-Patchday mit 571 CVEs.
    Unser Juli-Digest ordnet ein 👇
    research.hisolutions.com/2026/
    #InfoSec #CyberSecurity #VPN #Ransomware #AISecurity #ITSecurity

  8. Apple Issues Early Security Update Amid AI-Driven Cyber Threats

    📰 Original title: Apple AI security update proves hackers move fast

    🤖 IA: It's not clickbait ✅
    👥 Users: It's not clickbait ✅

    View full AI summary en.killbait.com/apple-issues-e

    #technology #aisecurity #cyberthreats #appleupdates

  9. Apple Issues Early Security Update Amid AI-Driven Cyber Threats

    📰 Original title: Apple AI security update proves hackers move fast

    🤖 IA: It's not clickbait ✅
    👥 Users: It's not clickbait ✅

    View full AI summary en.killbait.com/apple-issues-e

    #technology #aisecurity #cyberthreats #appleupdates

  10. #AI: GitHub AI allows unauthenticated attackers to pull data from private repositories by posting a crafted GitHub Issue in a public repository. Noma Security research dubbed this prompt injection attack #GitLost:

    #AISecurity
    👇
    noma.security/blog/gitlost-how

  11. #AI: GitHub AI allows unauthenticated attackers to pull data from private repositories by posting a crafted GitHub Issue in a public repository. Noma Security research dubbed this prompt injection attack #GitLost:

    #AISecurity
    👇
    noma.security/blog/gitlost-how

  12. #AI: Zscaler ThreatLabz has published a research paper on malicious websites that impersonate legitimate services and use Indirect Prompt Injection to poison SEO & manipulate AI Agents & AI-driven workflows - a fascinating read:
    #AISecurity
    👇
    zscaler.com/blogs/security-res

  13. #AI: Zscaler ThreatLabz has published a research paper on malicious websites that impersonate legitimate services and use Indirect Prompt Injection to poison SEO & manipulate AI Agents & AI-driven workflows - a fascinating read:
    #AISecurity
    👇
    zscaler.com/blogs/security-res

  14. Before self-hosting an AI model for privacy reasons, check the hardware bill: GPU servers with 16 to 80GB+ RAM and 10 to 100GB+ storage per model.

    Most teams do not need that. An enterprise service with a DPA, audit logs, and a no-training clause gives the same control without the GPU spend.

    Match the tier to your risk, not the scariest headline.

    go.upgradejs.com/z7i

    #AISecurity #DevSecOps #AI #CISO

  15. Before self-hosting an AI model for privacy reasons, check the hardware bill: GPU servers with 16 to 80GB+ RAM and 10 to 100GB+ storage per model.

    Most teams do not need that. An enterprise service with a DPA, audit logs, and a no-training clause gives the same control without the GPU spend.

    Match the tier to your risk, not the scariest headline.

    go.upgradejs.com/z7i

    #AISecurity #DevSecOps #AI #CISO

  16. US cybersecurity agency CISA is using Anthropic's Mythos AI model to hunt for bugs in government software, according to sources. The agency is pointing the private, offensive-grade AI at its own systems to find vulnerabilities. thenextweb.com/news/cisa-anthr #Tech #Startup #News #AISecurity

  17. US cybersecurity agency CISA is using Anthropic's Mythos AI model to hunt for bugs in government software, according to sources. The agency is pointing the private, offensive-grade AI at its own systems to find vulnerabilities. thenextweb.com/news/cisa-anthr #Tech #Startup #News #AISecurity

  18. Security firm Sysdig has documented the first ransomware attack run end to end by an AI agent. The system, named JadePuffer, used a large language model to plan, execute and adapt the entire operation from reconnaissance through to credential theft and lateral movement. The attack marks a new frontier in cyber threats where autonomous AI can conduct sophisticated raids without human involvement.

    thenextweb.com/news/jadepuffer

    #Tech #Startup #News #AISecurity

  19. Security firm Sysdig has documented the first ransomware attack run end to end by an AI agent. The system, named JadePuffer, used a large language model to plan, execute and adapt the entire operation from reconnaissance through to credential theft and lateral movement. The attack marks a new frontier in cyber threats where autonomous AI can conduct sophisticated raids without human involvement.

    thenextweb.com/news/jadepuffer

    #Tech #Startup #News #AISecurity

  20. Here is an #AiSecurity #Dataleak vector heads up for the young players.

    Unless you explicitly advise your model not to reference log files in the context, it will happily piss away all your sensitive data into a public model context.

    In fact, if you have ANY sensitive data on the machine you are running CLI #Ai tool, its super good idea to sanitise context by explicit, affirmation boundaries in your configuration.

    With claude, that would be CLAUDE.md

  21. Excited to be speaking at @wearedevelopers.bsky.social in Berlin! 🚀 Join my session, The Sound of Your Secrets: Teaching Your Model to Spy, So You Can Learn to Defend, to explore AI-powered acoustic side-channel attacks. 🔐 Details are in the comments below!

  22. 🛡️ This week in cybersecurity: AI Orchestration risks take center stage. We analyze a critical RCE in Open-Agent-Orchestrator and the emerging threat of model-based sandbox escapes. Keep your AI stack secure with our weekly breakdown. Full analysis here: cvedatabase.com/blog/weekly-cv

  23. Coding-Agents dürfen lokal fast alles, was auch du darfst: nützlich, aber riskant.

    Michael Krämer zeigt im neuen Blogpost, wie Docker Sandboxes (sbx) die Kontrolle out of the box liefern: MicroVM-Isolation, Dateizugriff nur aufs Projektverzeichnis, Netzwerk-Policies und ein Credential-Proxy. So läuft sogar der YOLO-Modus in der VM statt auf dem eigenen Laptop.

    📖 Jetzt lesen: innoq.com/ch/blog/2026/07/trus

    #AgenticSoftwareEngineering #AISecurity #Docker

  24. Coding-Agents dürfen lokal fast alles, was auch du darfst: nützlich, aber riskant.

    Michael Krämer zeigt im neuen Blogpost, wie Docker Sandboxes (sbx) die Kontrolle out of the box liefern: MicroVM-Isolation, Dateizugriff nur aufs Projektverzeichnis, Netzwerk-Policies und ein Credential-Proxy. So läuft sogar der YOLO-Modus in der VM statt auf dem eigenen Laptop.

    📖 Jetzt lesen: innoq.com/ch/blog/2026/07/trus

    #AgenticSoftwareEngineering #AISecurity #Docker

  25. winbuzzer.com/2026/07/06/aliba

    Alibaba is banning employee the use of Anthropic's Claude Code starting July 10 and shifts staff to its own Qoder platform over alleged user-identification security risks.

    #AI #ClaudeCode #Alibaba #Anthropic #Claude #Qwen #AICoding #AIAgents #AISecurity #ChinaAI

  26. winbuzzer.com/2026/07/06/aliba

    Alibaba is banning employee the use of Anthropic's Claude Code starting July 10 and shifts staff to its own Qoder platform over alleged user-identification security risks.

    #AI #ClaudeCode #Alibaba #Anthropic #Claude #Qwen #AICoding #AIAgents #AISecurity #ChinaAI

  27. AI-powered ransomware just automated a full attack. Patch your LLM integrations now.
    #AISecurity #Ransomware

  28. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5Dkei

  29. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5Dkei

  30. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5DkeZ