#jobs #incident #vulnerability #security-tools #patch-management #ai #malware #detection-engineering #cloud #exploit #phishing #ransomware #breach #zero-day #supply-chain
Articles tagged with: #ai Clear filter
5 Common Back-to-School Online Scams Powered Using AI and How to Avoid Them

5 Common Back-to-School Online Scams Powered Using AI and How to Avoid Them

Cyber Security News cybersecuritynews.com

As students return to campus and online learning platforms, cybercriminals are increasingly leveraging artificial intelligence to create sophisticated scams targeting the education sector. These AI-enhanced attacks have become more convincing and harder to detect, making them particularly dangerous for students, parents, and educational institutions. The integration of machine learning algorithms, natural language processing, and deepfake

#ai
MCP vs MCP - Cloud disaster 2.0?

MCP vs MCP - Cloud disaster 2.0?

cybersecurity www.reddit.com

The acronym wars have already started. If you've been following Anthropic and other vendors, you've probably heard of MCP: Model Context Protocol. It's being pitched as the "HTTP of AI" - the universal way for models to connect with tools and data. And don't get me wrong, that matters. But protocols are plumbing. Plumbing makes things flow, but plumbing doesn't save you when the pipes burst. That's where the other MCP comes in: the Model Control Plane. Where the protocol decides how things...

#cloud #ai
from Benign import Toxic: Jailbreaking the Language Model via Adversarial Metaphors

from Benign import Toxic: Jailbreaking the Language Model via Adversarial Metaphors

cs.CR updates on arXiv.org arxiv.org

arXiv:2503.00038v4 Announce Type: replace-cross Abstract: Current studies have exposed the risk of Large Language Models (LLMs) generating harmful content by jailbreak attacks. However, they overlook that the direct generation of harmful content from scratch is more difficult than inducing LLM to calibrate benign content into harmful forms. In our study, we introduce a novel attack framework that exploits AdVersArial meTAphoR (AVATAR) to induce the LLM to calibrate malicious metaphors for...

#security-tools #incident #ai
Self-Disguise Attack: Induce the LLM to disguise itself for AIGT detection evasion

Self-Disguise Attack: Induce the LLM to disguise itself for AIGT detection evasion

cs.CR updates on arXiv.org arxiv.org

arXiv:2508.15848v1 Announce Type: new Abstract: AI-generated text (AIGT) detection evasion aims to reduce the detection probability of AIGT, helping to identify weaknesses in detectors and enhance their effectiveness and reliability in practical applications. Although existing evasion methods perform well, they suffer from high computational costs and text quality degradation. To address these challenges, we propose Self-Disguise Attack (SDA), a novel approach that enables Large Language Models...

#incident #detection-engineering #ai
How Deep Research Agents Can Leak Your Data

How Deep Research Agents Can Leak Your Data

Embrace The Red embracethered.com

Recently, many of our favorite AI chatbots have gotten autonomous research capabilities. This allows the AI to go off for an extended period of time, while having access to tools, such as web search, integrations, connectors and also custom-built MCP servers. This post will explore and explain in detail how there can be data spill between connected tools during Deep Research. The research is focused on ChatGPT but applies to other Deep Research agents as well.

#ai
What are your "go-to" GRC resources that you trust completely? Building a training GPT and need the gold standard materials.

What are your "go-to" GRC resources that you trust completely? Building a training GPT and need the gold standard materials.

cybersecurity www.reddit.com

Hey GRC professionals, I'm working on building a custom GPT for employee compliance training at my organization, and I want to make sure it's trained on only the most authoritative, trusted sources in our field. What I'm looking for: Publications, websites, PDFs, frameworks, and other resources that you consider the "gospel" of GRC Materials you'd stake your professional reputation on Sources you turn to when you need definitive answers Content that's universally respected across the industry...

#ai
Cybersecurity Jarvis

Cybersecurity Jarvis

cybersecurity www.reddit.com

Ok guys, I think it's imperative that we begin building a cyops Jarvis. This is the only way we are going to be able to defend infrastructure. What would such an ai agents look like?? I'm thinking we start with an openbsd core, or maybe a Qubes core, or NixOS core, and we bake an ai with some GPU for muscle?? Would we start with a claud llm? Or go rhr MoE route?? Recently I saw that someone built an AI which essentially navigate and uses your website or platform, and then builds documentation...

#security-tools #ai
Sneaking Invisible Instructions by Developers in Windsurf

Sneaking Invisible Instructions by Developers in Windsurf

Embrace The Red embracethered.com

Imagine a malicious instruction hidden in plain sight, invisible to you but not to the AI. This is a vulnerability discovered in Windsurf Cascade, it follows invisible instructions. This means there can be instructions in a file or result of a tool call that the developer cannot see, but the LLM does. Some LLMs interpret invisible Unicode Tag characters as instructions, which can lead to hidden prompt injection. As far as I can tell the Windsurf SWE-1 model can also "see" these invisible...

#security-tools #vulnerability #patch-management #ai
MCP Hub > hackerone-mcp

MCP Hub > hackerone-mcp

Technical Information Security Content & Discussion www.reddit.com

submitted by /u/Equal-Strike-2540 [link] [comments]

#ai
Windsurf: Memory-Persistent Data Exfiltration (SpAIware Exploit)

Windsurf: Memory-Persistent Data Exfiltration (SpAIware Exploit)

Embrace The Red embracethered.com

In this second post about Windsurf Cascade we are exploring the SpAIware attack, which allows memory persistent data exfiltration. SpAIware is an attack we first successfully demonstrated with ChatGPT last year and OpenAI mitigated. While inspecting the system prompt of Windsurf Cascade I noticed that it has a create_memory tool. Creating Memories The question that immediately popped into my head was if this tool will require human approval when Cascade creates a long-term memory, or if it is...

#security-tools #incident #exploit #ai
NIST Releases Control Overlays to Manage Cybersecurity Risks in Use and Developments of AI Systems

NIST Releases Control Overlays to Manage Cybersecurity Risks in Use and Developments of AI Systems

Cyber Security News cybersecuritynews.com

The National Institute of Standards and Technology (NIST) has unveiled a comprehensive concept paper outlining proposed NIST SP 800-53 Control Overlays for Securing AI Systems, marking a significant milestone in establishing standardized cybersecurity frameworks for artificial intelligence applications. Released on August 14, 2025, this initiative addresses the growing need for structured risk management approaches in

#ai #nist
AI Systems Can Generate Working Exploits for Published CVEs in 10-15 Minutes

AI Systems Can Generate Working Exploits for Published CVEs in 10-15 Minutes

Cyber Security News cybersecuritynews.com

Artificial intelligence systems can automatically generate functional exploits for newly published Common Vulnerabilities and Exposures (CVEs) in just 10-15 minutes at approximately $1 per exploit. This breakthrough significantly compresses the traditional "grace period" that defenders typically rely on to patch vulnerabilities before working exploits become available. The research, conducted by security experts Efi Weiss and

#vulnerability #patch-management #incident #exploit #ai
SecFSM: Knowledge Graph-Guided Verilog Code Generation for Secure Finite State Machines in Systems-on-Chip

SecFSM: Knowledge Graph-Guided Verilog Code Generation for Secure Finite State Machines in Systems-on-Chip

cs.CR updates on arXiv.org arxiv.org

arXiv:2508.12910v2 Announce Type: replace Abstract: Finite State Machines (FSMs) play a critical role in implementing control logic for Systems-on-Chip (SoC). Traditionally, FSMs are implemented by hardware engineers through Verilog coding, which is often tedious and time-consuming. Recently, with the remarkable progress of Large Language Models (LLMs) in code generation, LLMs have been increasingly explored for automating Verilog code generation. However, LLM-generated Verilog code often...

#ai
Prompt Injection Attack to Tool Selection in LLM Agents

Prompt Injection Attack to Tool Selection in LLM Agents

cs.CR updates on arXiv.org arxiv.org

arXiv:2504.19793v2 Announce Type: replace Abstract: Tool selection is a key component of LLM agents. A popular approach follows a two-step process - \emph{retrieval} and \emph{selection} - to pick the most appropriate tool from a tool library for a given task. In this work, we introduce \textit{ToolHijacker}, a novel prompt injection attack targeting tool selection in no-box scenarios. ToolHijacker injects a malicious tool document into the tool library to manipulate the LLM agent's tool...

#security-tools #incident #ai
Innamark: A Whitespace Replacement Information-Hiding Method

Innamark: A Whitespace Replacement Information-Hiding Method

cs.CR updates on arXiv.org arxiv.org

arXiv:2502.12710v3 Announce Type: replace Abstract: Large language models (LLMs) have gained significant popularity in recent years. Differentiating between a text written by a human and one generated by an LLM has become almost impossible. Information-hiding techniques such as digital watermarking or steganography can help by embedding information inside text in a form that is unlikely to be noticed. However, existing techniques, such as linguistic-based or format-based methods, change the...

#ai
IPIGuard: A Novel Tool Dependency Graph-Based Defense Against Indirect Prompt Injection in LLM Agents

IPIGuard: A Novel Tool Dependency Graph-Based Defense Against Indirect Prompt Injection in LLM Agents

cs.CR updates on arXiv.org arxiv.org

arXiv:2508.15310v1 Announce Type: new Abstract: Large language model (LLM) agents are widely deployed in real-world applications, where they leverage tools to retrieve and manipulate external data for complex tasks. However, when interacting with untrusted data sources (e.g., fetching information from public websites), tool responses may contain injected instructions that covertly influence agent behaviors and lead to malicious outcomes, a threat referred to as Indirect Prompt Injection (IPI)....

#security-tools #ai