Microsoft’s AI red team lead talked to CyberScoop about the goals behind open sourcing a pair of security tools meant for developers and incident responders.

The guidance warns that agents capable of taking real-world actions on networks are already inside critical infrastructure, and most organizations are granting them far more access than…

Noma Security researchers used indirect prompt injection to turn Grafana's own AI into an unwitting courier for sensitive corporate data.

Through a simple calendar invite, AI browsers like Comet can be directed to access local file systems, browse directories, open and read files, and exfiltrate data.

Proofpoint is snapping up the startup to solve the industry’s newest headache: knowing what your autonomous AI is actually doing.

The company says it has no evidence the bug was exploited before October’s patch, but researchers say AI agent configuration can still enable prompt-injection style abuse.

OpenAI is warning that prompt injection, a technique that hides malicious instructions inside ordinary online content, is becoming a central security risk for AI agents designed to…

The comments echo many in the research community who have said the flaw is an inherent trait of generative AI technology.

Aikido found that AI coding tools from Google, Anthropic, OpenAI and others regularly embed untrusted prompts into software development workflows.

Even with all the testing, the company said in its released research that the model tightened up once it was “aware” it was being evaluated.