home.social

#ai-security — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #ai-security, aggregated by home.social.

fetched live
  1. #AI: GitHub AI allows unauthenticated attackers to pull data from private repositories by posting a crafted GitHub Issue in a public repository. Noma Security research dubbed this prompt injection attack #GitLost:

    #AISecurity
    👇
    noma.security/blog/gitlost-how

  2. #AI: GitHub AI allows unauthenticated attackers to pull data from private repositories by posting a crafted GitHub Issue in a public repository. Noma Security research dubbed this prompt injection attack #GitLost:

    #AISecurity
    👇
    noma.security/blog/gitlost-how

  3. #AI: Zscaler ThreatLabz has published a research paper on malicious websites that impersonate legitimate services and use Indirect Prompt Injection to poison SEO & manipulate AI Agents & AI-driven workflows - a fascinating read:
    #AISecurity
    👇
    zscaler.com/blogs/security-res

  4. #AI: Zscaler ThreatLabz has published a research paper on malicious websites that impersonate legitimate services and use Indirect Prompt Injection to poison SEO & manipulate AI Agents & AI-driven workflows - a fascinating read:
    #AISecurity
    👇
    zscaler.com/blogs/security-res

  5. Before self-hosting an AI model for privacy reasons, check the hardware bill: GPU servers with 16 to 80GB+ RAM and 10 to 100GB+ storage per model.

    Most teams do not need that. An enterprise service with a DPA, audit logs, and a no-training clause gives the same control without the GPU spend.

    Match the tier to your risk, not the scariest headline.

    go.upgradejs.com/z7i

    #AISecurity #DevSecOps #AI #CISO

  6. Before self-hosting an AI model for privacy reasons, check the hardware bill: GPU servers with 16 to 80GB+ RAM and 10 to 100GB+ storage per model.

    Most teams do not need that. An enterprise service with a DPA, audit logs, and a no-training clause gives the same control without the GPU spend.

    Match the tier to your risk, not the scariest headline.

    go.upgradejs.com/z7i

    #AISecurity #DevSecOps #AI #CISO

  7. US cybersecurity agency CISA is using Anthropic's Mythos AI model to hunt for bugs in government software, according to sources. The agency is pointing the private, offensive-grade AI at its own systems to find vulnerabilities. thenextweb.com/news/cisa-anthr #Tech #Startup #News #AISecurity

  8. US cybersecurity agency CISA is using Anthropic's Mythos AI model to hunt for bugs in government software, according to sources. The agency is pointing the private, offensive-grade AI at its own systems to find vulnerabilities. thenextweb.com/news/cisa-anthr #Tech #Startup #News #AISecurity

  9. Security firm Sysdig has documented the first ransomware attack run end to end by an AI agent. The system, named JadePuffer, used a large language model to plan, execute and adapt the entire operation from reconnaissance through to credential theft and lateral movement. The attack marks a new frontier in cyber threats where autonomous AI can conduct sophisticated raids without human involvement.

    thenextweb.com/news/jadepuffer

    #Tech #Startup #News #AISecurity

  10. Security firm Sysdig has documented the first ransomware attack run end to end by an AI agent. The system, named JadePuffer, used a large language model to plan, execute and adapt the entire operation from reconnaissance through to credential theft and lateral movement. The attack marks a new frontier in cyber threats where autonomous AI can conduct sophisticated raids without human involvement.

    thenextweb.com/news/jadepuffer

    #Tech #Startup #News #AISecurity

  11. Here is an #AiSecurity #Dataleak vector heads up for the young players.

    Unless you explicitly advise your model not to reference log files in the context, it will happily piss away all your sensitive data into a public model context.

    In fact, if you have ANY sensitive data on the machine you are running CLI #Ai tool, its super good idea to sanitise context by explicit, affirmation boundaries in your configuration.

    With claude, that would be CLAUDE.md

  12. Excited to be speaking at @wearedevelopers.bsky.social in Berlin! 🚀 Join my session, The Sound of Your Secrets: Teaching Your Model to Spy, So You Can Learn to Defend, to explore AI-powered acoustic side-channel attacks. 🔐 Details are in the comments below!

  13. 🛡️ This week in cybersecurity: AI Orchestration risks take center stage. We analyze a critical RCE in Open-Agent-Orchestrator and the emerging threat of model-based sandbox escapes. Keep your AI stack secure with our weekly breakdown. Full analysis here: cvedatabase.com/blog/weekly-cv

  14. Coding-Agents dürfen lokal fast alles, was auch du darfst: nützlich, aber riskant.

    Michael Krämer zeigt im neuen Blogpost, wie Docker Sandboxes (sbx) die Kontrolle out of the box liefern: MicroVM-Isolation, Dateizugriff nur aufs Projektverzeichnis, Netzwerk-Policies und ein Credential-Proxy. So läuft sogar der YOLO-Modus in der VM statt auf dem eigenen Laptop.

    📖 Jetzt lesen: innoq.com/ch/blog/2026/07/trus

    #AgenticSoftwareEngineering #AISecurity #Docker

  15. Coding-Agents dürfen lokal fast alles, was auch du darfst: nützlich, aber riskant.

    Michael Krämer zeigt im neuen Blogpost, wie Docker Sandboxes (sbx) die Kontrolle out of the box liefern: MicroVM-Isolation, Dateizugriff nur aufs Projektverzeichnis, Netzwerk-Policies und ein Credential-Proxy. So läuft sogar der YOLO-Modus in der VM statt auf dem eigenen Laptop.

    📖 Jetzt lesen: innoq.com/ch/blog/2026/07/trus

    #AgenticSoftwareEngineering #AISecurity #Docker

  16. winbuzzer.com/2026/07/06/aliba

    Alibaba is banning employee the use of Anthropic's Claude Code starting July 10 and shifts staff to its own Qoder platform over alleged user-identification security risks.

    #AI #ClaudeCode #Alibaba #Anthropic #Claude #Qwen #AICoding #AIAgents #AISecurity #ChinaAI

  17. winbuzzer.com/2026/07/06/aliba

    Alibaba is banning employee the use of Anthropic's Claude Code starting July 10 and shifts staff to its own Qoder platform over alleged user-identification security risks.

    #AI #ClaudeCode #Alibaba #Anthropic #Claude #Qwen #AICoding #AIAgents #AISecurity #ChinaAI

  18. AI-powered ransomware just automated a full attack. Patch your LLM integrations now.
    #AISecurity #Ransomware

  19. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5Dkei

  20. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5Dkei

  21. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5DkeZ

  22. Watch this video to hear key take aways, insights, and observations from my attendance at OWASP Global AppSec EU in Vienna, Austria, 2026. #OWASP #AppSec #aisecurity

    twp.ai/E5DkeZ

  23. winbuzzer.com/2026/07/01/us-li

    The US has lifted export controls on Anthropic's Claude Fable 5 and Mythos 5 AI models, restoring Fable access while keeping Mythos tied to approved partners and government review.

    #AI #ExportControls #Anthropic #Fable5 #Mythos5 #Claude #AIRegulation #AISecurity #AISafety #AIModels

  24. winbuzzer.com/2026/07/01/us-li

    The US has lifted export controls on Anthropic's Claude Fable 5 and Mythos 5 AI models, restoring Fable access while keeping Mythos tied to approved partners and government review.

    #AI #ExportControls #Anthropic #Fable5 #Mythos5 #Claude #AIRegulation #AISecurity #AISafety #AIModels

  25. AI browsers can be tricked into entering a fake reality where their safety guardrails fail. Researchers demonstrated an attack called BioShocking that bypasses security measures in browsers like ChatGPT Atlas and Claude Chrome. Once lulled into the alternate reality, all 6 AI agents tested failed to detect credential theft. arstechnica.com/security/2026/ #AIagent #AI #GenAI #AISecurity

  26. AI browsers can be tricked into entering a fake reality where their safety guardrails fail. Researchers demonstrated an attack called BioShocking that bypasses security measures in browsers like ChatGPT Atlas and Claude Chrome. Once lulled into the alternate reality, all 6 AI agents tested failed to detect credential theft. arstechnica.com/security/2026/ #AIagent #AI #GenAI #AISecurity

  27. IronCurtain + GLM 5.2 found QEMU memory-corruption primitives from scratch, then almost autonomously chained the public EDU teaching device into a reproducible guest/host escape.

    EDU is not production attack surface, which is why I can show the full chain. Findings in real configurations stay withheld.

    What I want to highlight is that open-weight models, with orchestration and evidence gates, can now do serious vulnerability discovery and long-horizon exploit engineering.

    provos.org/p/qemu-escape-glm-5

    #AISecurity #QEMU #OpenWeights #IronCurtain

  28. IronCurtain + GLM 5.2 found QEMU memory-corruption primitives from scratch, then almost autonomously chained the public EDU teaching device into a reproducible guest/host escape.

    EDU is not production attack surface, which is why I can show the full chain. Findings in real configurations stay withheld.

    What I want to highlight is that open-weight models, with orchestration and evidence gates, can now do serious vulnerability discovery and long-horizon exploit engineering.

    provos.org/p/qemu-escape-glm-5

    #AISecurity #QEMU #OpenWeights #IronCurtain

  29. The evolution of AI-driven threats:
    From prompt injection & data poisoning ⇨ agent abuse & AI-powered social engineering.

    This #InfoQ virtual panel explores:
    • Emerging attack patterns
    • Incident response challenges
    • Changes security teams must make

    🔗 Read now: bit.ly/3QvrWzj

    #AI #AIsecurity #Governance

  30. The evolution of AI-driven threats:
    From prompt injection & data poisoning ⇨ agent abuse & AI-powered social engineering.

    This virtual panel explores:
    • Emerging attack patterns
    • Incident response challenges
    • Changes security teams must make

    🔗 Read now: bit.ly/3QvrWzj

  31. Security researchers built a fake AI agent skill and got it past every major security scanner, reaching 26,000 agents. The skill appeared safe during scans but swapped to a malicious URL after approval, showing how easily AI agents can be compromised. thenextweb.com/news/fake-ai-ag #Tech #Startup #News #AISecurity

  32. Security researchers built a fake AI agent skill and got it past every major security scanner, reaching 26,000 agents. The skill appeared safe during scans but swapped to a malicious URL after approval, showing how easily AI agents can be compromised. thenextweb.com/news/fake-ai-ag #Tech #Startup #News #AISecurity

  33. AI-assisted development is moving fast, and AppSec has to move with it.

    Shoutout to Symbiotic Security, a Silver Sponsor of AppSec Village, for supporting the community and the conversations around securing AI-generated code.

    Check them out: buff.ly/V8U1caS

    #AppSec #AISecurity #SecureCoding