home.social

#ai-security — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #ai-security, aggregated by home.social.

fetched live
  1. Security firm Sysdig has documented the first ransomware attack run end to end by an AI agent. The system, named JadePuffer, used a large language model to plan, execute and adapt the entire operation from reconnaissance through to credential theft and lateral movement. The attack marks a new frontier in cyber threats where autonomous AI can conduct sophisticated raids without human involvement.

    thenextweb.com/news/jadepuffer

    #Tech #Startup #News #AISecurity

  2. Security firm Sysdig has documented the first ransomware attack run end to end by an AI agent. The system, named JadePuffer, used a large language model to plan, execute and adapt the entire operation from reconnaissance through to credential theft and lateral movement. The attack marks a new frontier in cyber threats where autonomous AI can conduct sophisticated raids without human involvement.

    thenextweb.com/news/jadepuffer

    #Tech #Startup #News #AISecurity

  3. Security firm Sysdig has documented the first ransomware attack run end to end by an AI agent. The system, named JadePuffer, used a large language model to plan, execute and adapt the entire operation from reconnaissance through to credential theft and lateral movement. The attack marks a new frontier in cyber threats where autonomous AI can conduct sophisticated raids without human involvement.

    thenextweb.com/news/jadepuffer

    #Tech #Startup #News #AISecurity

  4. Security firm Sysdig has documented the first ransomware attack run end to end by an AI agent. The system, named JadePuffer, used a large language model to plan, execute and adapt the entire operation from reconnaissance through to credential theft and lateral movement. The attack marks a new frontier in cyber threats where autonomous AI can conduct sophisticated raids without human involvement.

    thenextweb.com/news/jadepuffer

    #Tech #Startup #News #AISecurity

  5. Security firm Sysdig has documented the first ransomware attack run end to end by an AI agent. The system, named JadePuffer, used a large language model to plan, execute and adapt the entire operation from reconnaissance through to credential theft and lateral movement. The attack marks a new frontier in cyber threats where autonomous AI can conduct sophisticated raids without human involvement.

    thenextweb.com/news/jadepuffer

    #Tech #Startup #News #AISecurity

  6. Here is an #AiSecurity #Dataleak vector heads up for the young players.

    Unless you explicitly advise your model not to reference log files in the context, it will happily piss away all your sensitive data into a public model context.

    In fact, if you have ANY sensitive data on the machine you are running CLI #Ai tool, its super good idea to sanitise context by explicit, affirmation boundaries in your configuration.

    With claude, that would be CLAUDE.md

  7. Here is an #AiSecurity #Dataleak vector heads up for the young players.

    Unless you explicitly advise your model not to reference log files in the context, it will happily piss away all your sensitive data into a public model context.

    In fact, if you have ANY sensitive data on the machine you are running CLI #Ai tool, its super good idea to sanitise context by explicit, affirmation boundaries in your configuration.

    With claude, that would be CLAUDE.md

  8. Here is an #AiSecurity #Dataleak vector heads up for the young players.

    Unless you explicitly advise your model not to reference log files in the context, it will happily piss away all your sensitive data into a public model context.

    In fact, if you have ANY sensitive data on the machine you are running CLI #Ai tool, its super good idea to sanitise context by explicit, affirmation boundaries in your configuration.

    With claude, that would be CLAUDE.md

  9. First documented case of "agentic ransomware" — malware that uses AI agents to autonomously adapt its behavior during an attack. The shift: less scripted execution, more goal-directed decision-making. The threat model changes when malware can reason about its environment, not just execute predefined steps. Worth watching closely. #infosec #ransomware #AIsecurity
    securitymagazine.com/articles/

  10. Excited to be speaking at @wearedevelopers.bsky.social in Berlin! 🚀 Join my session, The Sound of Your Secrets: Teaching Your Model to Spy, So You Can Learn to Defend, to explore AI-powered acoustic side-channel attacks. 🔐 Details are in the comments below!

  11. 🛡️ This week in cybersecurity: AI Orchestration risks take center stage. We analyze a critical RCE in Open-Agent-Orchestrator and the emerging threat of model-based sandbox escapes. Keep your AI stack secure with our weekly breakdown. Full analysis here: cvedatabase.com/blog/weekly-cv #CVE #Cybersecurity #AISecurity #Infosec #PatchTuesday #TechNews

  12. 🛡️ This week in cybersecurity: AI Orchestration risks take center stage. We analyze a critical RCE in Open-Agent-Orchestrator and the emerging threat of model-based sandbox escapes. Keep your AI stack secure with our weekly breakdown. Full analysis here: cvedatabase.com/blog/weekly-cv

  13. Coding-Agents dürfen lokal fast alles, was auch du darfst: nützlich, aber riskant.

    Michael Krämer zeigt im neuen Blogpost, wie Docker Sandboxes (sbx) die Kontrolle out of the box liefern: MicroVM-Isolation, Dateizugriff nur aufs Projektverzeichnis, Netzwerk-Policies und ein Credential-Proxy. So läuft sogar der YOLO-Modus in der VM statt auf dem eigenen Laptop.

    📖 Jetzt lesen: innoq.com/ch/blog/2026/07/trus

    #AgenticSoftwareEngineering #AISecurity #Docker

  14. Coding-Agents dürfen lokal fast alles, was auch du darfst: nützlich, aber riskant.

    Michael Krämer zeigt im neuen Blogpost, wie Docker Sandboxes (sbx) die Kontrolle out of the box liefern: MicroVM-Isolation, Dateizugriff nur aufs Projektverzeichnis, Netzwerk-Policies und ein Credential-Proxy. So läuft sogar der YOLO-Modus in der VM statt auf dem eigenen Laptop.

    📖 Jetzt lesen: innoq.com/ch/blog/2026/07/trus

    #AgenticSoftwareEngineering #AISecurity #Docker

  15. Coding-Agents dürfen lokal fast alles, was auch du darfst: nützlich, aber riskant.

    Michael Krämer zeigt im neuen Blogpost, wie Docker Sandboxes (sbx) die Kontrolle out of the box liefern: MicroVM-Isolation, Dateizugriff nur aufs Projektverzeichnis, Netzwerk-Policies und ein Credential-Proxy. So läuft sogar der YOLO-Modus in der VM statt auf dem eigenen Laptop.

    📖 Jetzt lesen: innoq.com/ch/blog/2026/07/trus

    #AgenticSoftwareEngineering #AISecurity #Docker

  16. Coding-Agents dürfen lokal fast alles, was auch du darfst: nützlich, aber riskant.

    Michael Krämer zeigt im neuen Blogpost, wie Docker Sandboxes (sbx) die Kontrolle out of the box liefern: MicroVM-Isolation, Dateizugriff nur aufs Projektverzeichnis, Netzwerk-Policies und ein Credential-Proxy. So läuft sogar der YOLO-Modus in der VM statt auf dem eigenen Laptop.

    📖 Jetzt lesen: innoq.com/ch/blog/2026/07/trus

    #AgenticSoftwareEngineering #AISecurity #Docker

  17. Coding-Agents dürfen lokal fast alles, was auch du darfst: nützlich, aber riskant.

    Michael Krämer zeigt im neuen Blogpost, wie Docker Sandboxes (sbx) die Kontrolle out of the box liefern: MicroVM-Isolation, Dateizugriff nur aufs Projektverzeichnis, Netzwerk-Policies und ein Credential-Proxy. So läuft sogar der YOLO-Modus in der VM statt auf dem eigenen Laptop.

    📖 Jetzt lesen: innoq.com/ch/blog/2026/07/trus

    #AgenticSoftwareEngineering #AISecurity #Docker

  18. winbuzzer.com/2026/07/06/aliba

    Alibaba is banning employee the use of Anthropic's Claude Code starting July 10 and shifts staff to its own Qoder platform over alleged user-identification security risks.

    #AI #ClaudeCode #Alibaba #Anthropic #Claude #Qwen #AICoding #AIAgents #AISecurity #ChinaAI

  19. winbuzzer.com/2026/07/06/aliba

    Alibaba is banning employee the use of Anthropic's Claude Code starting July 10 and shifts staff to its own Qoder platform over alleged user-identification security risks.

    #AI #ClaudeCode #Alibaba #Anthropic #Claude #Qwen #AICoding #AIAgents #AISecurity #ChinaAI

  20. winbuzzer.com/2026/07/06/aliba

    Alibaba is banning employee the use of Anthropic's Claude Code starting July 10 and shifts staff to its own Qoder platform over alleged user-identification security risks.

    #AI #ClaudeCode #Alibaba #Anthropic #Claude #Qwen #AICoding #AIAgents #AISecurity #ChinaAI

  21. winbuzzer.com/2026/07/06/aliba

    Alibaba is banning employee the use of Anthropic's Claude Code starting July 10 and shifts staff to its own Qoder platform over alleged user-identification security risks.

    #AI #ClaudeCode #Alibaba #Anthropic #Claude #Qwen #AICoding #AIAgents #AISecurity #ChinaAI

  22. winbuzzer.com/2026/07/06/aliba

    Alibaba is banning employee the use of Anthropic's Claude Code starting July 10 and shifts staff to its own Qoder platform over alleged user-identification security risks.

    #AI #ClaudeCode #Alibaba #Anthropic #Claude #Qwen #AICoding #AIAgents #AISecurity #ChinaAI

  23. AI-powered ransomware just automated a full attack. Patch your LLM integrations now.
    #AISecurity #Ransomware

  24. AI-powered ransomware just automated a full attack. Patch your LLM integrations now.
    #AISecurity #Ransomware

  25. AI-powered ransomware just automated a full attack. Patch your LLM integrations now.
    #AISecurity #Ransomware

  26. AI-powered ransomware just automated a full attack. Patch your LLM integrations now.
    #AISecurity #Ransomware

  27. Alibaba Bans Claude Code as Anthropic Blocks Chinese Access

    Alibaba’s headquarters in Beijing, China. AP-Yonhap News Chinese e-commerce company Alibaba has issued a company-wide ban on Anthropic’s…
    #EuropeSays #Korea #KR #Seoul #AIsecurity #Alibaba #AntGroup #Anthropic #ChinaAIrestrictions #ClaudeCode #distillationattack #USexportcontrols
    europesays.com/korea/74191/

  28. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5Dkei

  29. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5Dkei

  30. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5Dkei

  31. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5Dkei

  32. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5Dkei

  33. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5DkeZ

  34. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5DkeZ

  35. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5DkeZ

  36. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5DkeZ

  37. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5DkeZ

  38. winbuzzer.com/2026/07/01/us-li

    The US has lifted export controls on Anthropic's Claude Fable 5 and Mythos 5 AI models, restoring Fable access while keeping Mythos tied to approved partners and government review.

    #AI #ExportControls #Anthropic #Fable5 #Mythos5 #Claude #AIRegulation #AISecurity #AISafety #AIModels

  39. winbuzzer.com/2026/07/01/us-li

    The US has lifted export controls on Anthropic's Claude Fable 5 and Mythos 5 AI models, restoring Fable access while keeping Mythos tied to approved partners and government review.

    #AI #ExportControls #Anthropic #Fable5 #Mythos5 #Claude #AIRegulation #AISecurity #AISafety #AIModels

  40. winbuzzer.com/2026/07/01/us-li

    The US has lifted export controls on Anthropic's Claude Fable 5 and Mythos 5 AI models, restoring Fable access while keeping Mythos tied to approved partners and government review.

    #AI #ExportControls #Anthropic #Fable5 #Mythos5 #Claude #AIRegulation #AISecurity #AISafety #AIModels

  41. winbuzzer.com/2026/07/01/us-li

    The US has lifted export controls on Anthropic's Claude Fable 5 and Mythos 5 AI models, restoring Fable access while keeping Mythos tied to approved partners and government review.

    #AI #ExportControls #Anthropic #Fable5 #Mythos5 #Claude #AIRegulation #AISecurity #AISafety #AIModels

  42. winbuzzer.com/2026/07/01/us-li

    The US has lifted export controls on Anthropic's Claude Fable 5 and Mythos 5 AI models, restoring Fable access while keeping Mythos tied to approved partners and government review.

    #AI #ExportControls #Anthropic #Fable5 #Mythos5 #Claude #AIRegulation #AISecurity #AISafety #AIModels

  43. AI browsers can be tricked into entering a fake reality where their safety guardrails fail. Researchers demonstrated an attack called BioShocking that bypasses security measures in browsers like ChatGPT Atlas and Claude Chrome. Once lulled into the alternate reality, all 6 AI agents tested failed to detect credential theft. arstechnica.com/security/2026/ #AIagent #AI #GenAI #AISecurity

  44. AI browsers can be tricked into entering a fake reality where their safety guardrails fail. Researchers demonstrated an attack called BioShocking that bypasses security measures in browsers like ChatGPT Atlas and Claude Chrome. Once lulled into the alternate reality, all 6 AI agents tested failed to detect credential theft. arstechnica.com/security/2026/ #AIagent #AI #GenAI #AISecurity

  45. AI browsers can be tricked into entering a fake reality where their safety guardrails fail. Researchers demonstrated an attack called BioShocking that bypasses security measures in browsers like ChatGPT Atlas and Claude Chrome. Once lulled into the alternate reality, all 6 AI agents tested failed to detect credential theft. arstechnica.com/security/2026/ #AIagent #AI #GenAI #AISecurity

  46. AI browsers can be tricked into entering a fake reality where their safety guardrails fail. Researchers demonstrated an attack called BioShocking that bypasses security measures in browsers like ChatGPT Atlas and Claude Chrome. Once lulled into the alternate reality, all 6 AI agents tested failed to detect credential theft. arstechnica.com/security/2026/ #AIagent #AI #GenAI #AISecurity

  47. AI browsers can be tricked into entering a fake reality where their safety guardrails fail. Researchers demonstrated an attack called BioShocking that bypasses security measures in browsers like ChatGPT Atlas and Claude Chrome. Once lulled into the alternate reality, all 6 AI agents tested failed to detect credential theft. arstechnica.com/security/2026/ #AIagent #AI #GenAI #AISecurity

  48. 📰 "GuardFall" Flaw Lets Old Bash Tricks Bypass Modern AI Agent Security

    New 'GuardFall' vulnerability shows how decades-old Bash tricks can fool modern AI coding agents into executing malicious commands. 🤖💥 This exposes developers to severe supply chain attacks. #AISecurity #DevSecOps #CyberSecurity #Vulnerability

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/gu

  49. IronCurtain + GLM 5.2 found QEMU memory-corruption primitives from scratch, then almost autonomously chained the public EDU teaching device into a reproducible guest/host escape.

    EDU is not production attack surface, which is why I can show the full chain. Findings in real configurations stay withheld.

    What I want to highlight is that open-weight models, with orchestration and evidence gates, can now do serious vulnerability discovery and long-horizon exploit engineering.

    provos.org/p/qemu-escape-glm-5

    #AISecurity #QEMU #OpenWeights #IronCurtain

  50. IronCurtain + GLM 5.2 found QEMU memory-corruption primitives from scratch, then almost autonomously chained the public EDU teaching device into a reproducible guest/host escape.

    EDU is not production attack surface, which is why I can show the full chain. Findings in real configurations stay withheld.

    What I want to highlight is that open-weight models, with orchestration and evidence gates, can now do serious vulnerability discovery and long-horizon exploit engineering.

    provos.org/p/qemu-escape-glm-5

    #AISecurity #QEMU #OpenWeights #IronCurtain