home.social

#ai-security — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #ai-security, aggregated by home.social.

fetched live
  1. AI-powered ransomware just automated a full attack. Patch your LLM integrations now.
    #AISecurity #Ransomware

  2. Alibaba Bans Claude Code as Anthropic Blocks Chinese Access

    Alibaba’s headquarters in Beijing, China. AP-Yonhap News Chinese e-commerce company Alibaba has issued a company-wide ban on Anthropic’s…
    #EuropeSays #Korea #KR #Seoul #AIsecurity #Alibaba #AntGroup #Anthropic #ChinaAIrestrictions #ClaudeCode #distillationattack #USexportcontrols
    europesays.com/korea/74191/

  3. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5Dkei

  4. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5Dkei

  5. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5Dkei

  6. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5Dkei

  7. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5Dkei

  8. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5DkeZ

  9. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5DkeZ

  10. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5DkeZ

  11. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5DkeZ

  12. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5DkeZ

  13. winbuzzer.com/2026/07/01/us-li

    The US has lifted export controls on Anthropic's Claude Fable 5 and Mythos 5 AI models, restoring Fable access while keeping Mythos tied to approved partners and government review.

    #AI #ExportControls #Anthropic #Fable5 #Mythos5 #Claude #AIRegulation #AISecurity #AISafety #AIModels

  14. winbuzzer.com/2026/07/01/us-li

    The US has lifted export controls on Anthropic's Claude Fable 5 and Mythos 5 AI models, restoring Fable access while keeping Mythos tied to approved partners and government review.

    #AI #ExportControls #Anthropic #Fable5 #Mythos5 #Claude #AIRegulation #AISecurity #AISafety #AIModels

  15. winbuzzer.com/2026/07/01/us-li

    The US has lifted export controls on Anthropic's Claude Fable 5 and Mythos 5 AI models, restoring Fable access while keeping Mythos tied to approved partners and government review.

    #AI #ExportControls #Anthropic #Fable5 #Mythos5 #Claude #AIRegulation #AISecurity #AISafety #AIModels

  16. winbuzzer.com/2026/07/01/us-li

    The US has lifted export controls on Anthropic's Claude Fable 5 and Mythos 5 AI models, restoring Fable access while keeping Mythos tied to approved partners and government review.

    #AI #ExportControls #Anthropic #Fable5 #Mythos5 #Claude #AIRegulation #AISecurity #AISafety #AIModels

  17. winbuzzer.com/2026/07/01/us-li

    The US has lifted export controls on Anthropic's Claude Fable 5 and Mythos 5 AI models, restoring Fable access while keeping Mythos tied to approved partners and government review.

    #AI #ExportControls #Anthropic #Fable5 #Mythos5 #Claude #AIRegulation #AISecurity #AISafety #AIModels

  18. AI browsers can be tricked into entering a fake reality where their safety guardrails fail. Researchers demonstrated an attack called BioShocking that bypasses security measures in browsers like ChatGPT Atlas and Claude Chrome. Once lulled into the alternate reality, all 6 AI agents tested failed to detect credential theft. arstechnica.com/security/2026/ #AIagent #AI #GenAI #AISecurity

  19. AI browsers can be tricked into entering a fake reality where their safety guardrails fail. Researchers demonstrated an attack called BioShocking that bypasses security measures in browsers like ChatGPT Atlas and Claude Chrome. Once lulled into the alternate reality, all 6 AI agents tested failed to detect credential theft. arstechnica.com/security/2026/ #AIagent #AI #GenAI #AISecurity

  20. AI browsers can be tricked into entering a fake reality where their safety guardrails fail. Researchers demonstrated an attack called BioShocking that bypasses security measures in browsers like ChatGPT Atlas and Claude Chrome. Once lulled into the alternate reality, all 6 AI agents tested failed to detect credential theft. arstechnica.com/security/2026/ #AIagent #AI #GenAI #AISecurity

  21. AI browsers can be tricked into entering a fake reality where their safety guardrails fail. Researchers demonstrated an attack called BioShocking that bypasses security measures in browsers like ChatGPT Atlas and Claude Chrome. Once lulled into the alternate reality, all 6 AI agents tested failed to detect credential theft. arstechnica.com/security/2026/ #AIagent #AI #GenAI #AISecurity

  22. AI browsers can be tricked into entering a fake reality where their safety guardrails fail. Researchers demonstrated an attack called BioShocking that bypasses security measures in browsers like ChatGPT Atlas and Claude Chrome. Once lulled into the alternate reality, all 6 AI agents tested failed to detect credential theft. arstechnica.com/security/2026/ #AIagent #AI #GenAI #AISecurity

  23. 📰 "GuardFall" Flaw Lets Old Bash Tricks Bypass Modern AI Agent Security

    New 'GuardFall' vulnerability shows how decades-old Bash tricks can fool modern AI coding agents into executing malicious commands. 🤖💥 This exposes developers to severe supply chain attacks. #AISecurity #DevSecOps #CyberSecurity #Vulnerability

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/gu

  24. IronCurtain + GLM 5.2 found QEMU memory-corruption primitives from scratch, then almost autonomously chained the public EDU teaching device into a reproducible guest/host escape.

    EDU is not production attack surface, which is why I can show the full chain. Findings in real configurations stay withheld.

    What I want to highlight is that open-weight models, with orchestration and evidence gates, can now do serious vulnerability discovery and long-horizon exploit engineering.

    provos.org/p/qemu-escape-glm-5

    #AISecurity #QEMU #OpenWeights #IronCurtain

  25. IronCurtain + GLM 5.2 found QEMU memory-corruption primitives from scratch, then almost autonomously chained the public EDU teaching device into a reproducible guest/host escape.

    EDU is not production attack surface, which is why I can show the full chain. Findings in real configurations stay withheld.

    What I want to highlight is that open-weight models, with orchestration and evidence gates, can now do serious vulnerability discovery and long-horizon exploit engineering.

    provos.org/p/qemu-escape-glm-5

    #AISecurity #QEMU #OpenWeights #IronCurtain

  26. IronCurtain + GLM 5.2 found QEMU memory-corruption primitives from scratch, then almost autonomously chained the public EDU teaching device into a reproducible guest/host escape.

    EDU is not production attack surface, which is why I can show the full chain. Findings in real configurations stay withheld.

    What I want to highlight is that open-weight models, with orchestration and evidence gates, can now do serious vulnerability discovery and long-horizon exploit engineering.

    provos.org/p/qemu-escape-glm-5

    #AISecurity #QEMU #OpenWeights #IronCurtain

  27. IronCurtain + GLM 5.2 found QEMU memory-corruption primitives from scratch, then almost autonomously chained the public EDU teaching device into a reproducible guest/host escape.

    EDU is not production attack surface, which is why I can show the full chain. Findings in real configurations stay withheld.

    What I want to highlight is that open-weight models, with orchestration and evidence gates, can now do serious vulnerability discovery and long-horizon exploit engineering.

    provos.org/p/qemu-escape-glm-5

    #AISecurity #QEMU #OpenWeights #IronCurtain

  28. IronCurtain + GLM 5.2 found QEMU memory-corruption primitives from scratch, then almost autonomously chained the public EDU teaching device into a reproducible guest/host escape.

    EDU is not production attack surface, which is why I can show the full chain. Findings in real configurations stay withheld.

    What I want to highlight is that open-weight models, with orchestration and evidence gates, can now do serious vulnerability discovery and long-horizon exploit engineering.

    provos.org/p/qemu-escape-glm-5

    #AISecurity #QEMU #OpenWeights #IronCurtain

  29. The evolution of AI-driven threats:
    From prompt injection & data poisoning ⇨ agent abuse & AI-powered social engineering.

    This #InfoQ virtual panel explores:
    • Emerging attack patterns
    • Incident response challenges
    • Changes security teams must make

    🔗 Read now: bit.ly/3QvrWzj

    #AI #AIsecurity #Governance

  30. The evolution of AI-driven threats:
    From prompt injection & data poisoning ⇨ agent abuse & AI-powered social engineering.

    This #InfoQ virtual panel explores:
    • Emerging attack patterns
    • Incident response challenges
    • Changes security teams must make

    🔗 Read now: bit.ly/3QvrWzj

    #AI #AIsecurity #Governance

  31. The evolution of AI-driven threats:
    From prompt injection & data poisoning ⇨ agent abuse & AI-powered social engineering.

    This #InfoQ virtual panel explores:
    • Emerging attack patterns
    • Incident response challenges
    • Changes security teams must make

    🔗 Read now: bit.ly/3QvrWzj

    #AI #AIsecurity #Governance

  32. The evolution of AI-driven threats:
    From prompt injection & data poisoning ⇨ agent abuse & AI-powered social engineering.

    This #InfoQ virtual panel explores:
    • Emerging attack patterns
    • Incident response challenges
    • Changes security teams must make

    🔗 Read now: bit.ly/3QvrWzj

    #AI #AIsecurity #Governance

  33. The evolution of AI-driven threats:
    From prompt injection & data poisoning ⇨ agent abuse & AI-powered social engineering.

    This virtual panel explores:
    • Emerging attack patterns
    • Incident response challenges
    • Changes security teams must make

    🔗 Read now: bit.ly/3QvrWzj

  34. Security researchers built a fake AI agent skill and got it past every major security scanner, reaching 26,000 agents. The skill appeared safe during scans but swapped to a malicious URL after approval, showing how easily AI agents can be compromised. thenextweb.com/news/fake-ai-ag #Tech #Startup #News #AISecurity

  35. Security researchers built a fake AI agent skill and got it past every major security scanner, reaching 26,000 agents. The skill appeared safe during scans but swapped to a malicious URL after approval, showing how easily AI agents can be compromised. thenextweb.com/news/fake-ai-ag #Tech #Startup #News #AISecurity

  36. Security researchers built a fake AI agent skill and got it past every major security scanner, reaching 26,000 agents. The skill appeared safe during scans but swapped to a malicious URL after approval, showing how easily AI agents can be compromised. thenextweb.com/news/fake-ai-ag #Tech #Startup #News #AISecurity

  37. Security researchers built a fake AI agent skill and got it past every major security scanner, reaching 26,000 agents. The skill appeared safe during scans but swapped to a malicious URL after approval, showing how easily AI agents can be compromised. thenextweb.com/news/fake-ai-ag #Tech #Startup #News #AISecurity

  38. Security researchers built a fake AI agent skill and got it past every major security scanner, reaching 26,000 agents. The skill appeared safe during scans but swapped to a malicious URL after approval, showing how easily AI agents can be compromised. thenextweb.com/news/fake-ai-ag #Tech #Startup #News #AISecurity

  39. AI-assisted development is moving fast, and AppSec has to move with it.

    Shoutout to Symbiotic Security, a Silver Sponsor of AppSec Village, for supporting the community and the conversations around securing AI-generated code.

    Check them out: buff.ly/V8U1caS

    #AppSec #AISecurity #SecureCoding

  40. AI-assisted development is moving fast, and AppSec has to move with it.

    Shoutout to Symbiotic Security, a Silver Sponsor of AppSec Village, for supporting the community and the conversations around securing AI-generated code.

    Check them out: buff.ly/V8U1caS

    #AppSec #AISecurity #SecureCoding

  41. AI-assisted development is moving fast, and AppSec has to move with it.

    Shoutout to Symbiotic Security, a Silver Sponsor of AppSec Village, for supporting the community and the conversations around securing AI-generated code.

    Check them out: buff.ly/V8U1caS

    #AppSec #AISecurity #SecureCoding

  42. AI-assisted development is moving fast, and AppSec has to move with it.

    Shoutout to Symbiotic Security, a Silver Sponsor of AppSec Village, for supporting the community and the conversations around securing AI-generated code.

    Check them out: buff.ly/V8U1caS

    #AppSec #AISecurity #SecureCoding

  43. ----------------

    🎯 AI
    ===================

    Indirect prompt injection in agentic coding tools can lead to full system compromise. A proof-of-concept demonstrates how an attacker with nothing but a public GitHub repository gains code execution on any developer who opens it with Claude Code, without committing a single line of malicious code.

    What happened

    A developer asked Claude Code to get a freshly cloned project running. The agent read the project setup notes, encountered a routine error, ran the documented fix, and that fix quietly opened a reverse shell back to an attacker's server. No exploit code, no suspicious commands requiring approval.

    Attack chain analysis

    1. Trusted context: Claude Code reads repository files as trusted project context. A .md file or GitHub issue describes normal first-time setup instructions.

    2. Fail-closed package: The Python package refuses to operate until initialized. Using it before running init raises a RuntimeError with a "helpful" fix instruction. This is a completely ordinary pattern.

    3. Runtime payload via DNS TXT: The malicious instruction is never present in the repository. It is fetched at runtime from a DNS TXT record after the agent has already trusted the preceding context. The payload executes as the developer's own user, opening a reverse shell.

    None of the three components looks malicious on its own. The repo passes code review, the package behavior is standard, and the payload is fetched dynamically.

    Why this matters

    Agentic coding tools have access to environment variables, credentials, API keys, and local configuration files. Untrusted content (repositories, documentation, error messages from installed packages) can inject instructions that cause the agent to exfiltrate this data or establish persistence.

    The DNS TXT technique specifically defeats static code scanners, human code review, and agent self-review. The payload simply does not exist until the moment of execution.

    Technical details
    • Tool: Claude Code (agentic IDE/coding agent)
    • Attack vector: Indirect prompt injection via chained repo context
    • Payload delivery: DNS TXT record fetched at runtime
    • Result: Reverse shell as developer's user
    • Exposure: Credentials, API keys, environment variables, local config

    Detection considerations

    Monitoring DNS TXT lookups during development, restricting agent network access, and requiring explicit approval for shell commands during initial project setup are potential mitigations. The source does not verify their effectiveness.

    🔹 PromptInjection #AISecurity #AgenticCoding #IndirectPromptInjection #LLMSecurity

    🔗 Source: 0din.ai/blog/clone-this-repo-a

  44. Explore how policy-driven security in Kubernetes AI platforms enforces governance using RBAC, Kyverno, OPA, and CI/CD automation to build secure AI systems. hackernoon.com/policy-driven-s #aisecurity