groundy

security

113 articles·rss

Top in security


  1. jun 28securityNo Verified 'React2Shell' Bulletin Exists: What Next.js Teams Should Check
  2. jun 28securityVercel on the Axios npm Compromise: Platform Scanning Has a Blind Spot
  3. jun 27securityDiffusion Model Safety: How Training-Schedule Poisoning Slips Past Prompt Filters
  4. jun 26securityBandit Algorithms Let Non-Experts Auto-Select the Best LLM Jailbreak
  5. jun 26securityRAG Poisoning Hijacks Model Attention, Not Just Retrieval Ranking
  6. jun 26securityCVE-2026-LGTM and the Limits of Trust in Automated Advisory Intake
  7. jun 25securityShareLock Splits MCP Poisoning Across Tools, Defeating Per-Tool Scanners by Construction
  8. jun 25securityPrompt Injection in AI Résumé Screening: Single vs Multi-Injection Attacks
  9. jun 25securityOpenAI's TanStack npm Writeup Shifts Dependency-Control Burden onto AI Tooling Teams
  10. jun 25securityOpenAI's ChatGPT Atlas Treats Prompt Injection as Unfixed, Not Patched
  11. jun 24securityCan Provable Bounds Defend LLM Fine-Tuning Against Poisoned Data?
  12. jun 24securityMeasuring LLM Safety by Refusal Alignment Instead of Attack Success Rate
  13. jun 24securityPoisoning Physics-Informed Neural Networks Slips Past Loss-Based Validation
  14. jun 24securityCatching LLM Jailbreaks by Watching Per-Layer Entropy, Not Outputs
  15. jun 24securityHow Reliable Are the LLM Judges Scoring Jailbreak Attacks?
  16. jun 23securityAuto-Reproducing Text-to-Image Jailbreaks From Papers: The PixJail Pipeline
  17. jun 23securityVercel BotID's Telemetry Is a Threat Intelligence Feed Most Teams Discard
  18. jun 23securityExtracting Unseen Training Data From an LLM by Poisoning Its Loss Landscape
  19. jun 22securityReact Router CVE-2025-31137: Vercel's Edge Fix Is Not the Patch
  20. jun 22securityReported React Server Components Leak Is Unconfirmed: Audit the Payload
  21. jun 22securityVercel's Secure AI Agent Guidance Pushes Defense Into the Sandbox
  22. jun 22securityNx Supply-Chain Attack Used Developers' Own AI CLIs to Hunt Secrets
  23. jun 20securityMixed Compliance Data Makes Safety Fine-Tuning a Curation Problem
  24. jun 20securityDefending Agentic AI With Deception: Misdirecting Model-Guided Attacks
  25. jun 20securityThe Autonomy Tax: Why RL Rewards the Wrong Behavior in Agents
  26. jun 20securityAnthropic's Procurement Risk Is Policy Refusal, Not Jailbreaks
  27. jun 13securityAMD Took 124 Days to Patch the RCE It First Called Out of Scope
  28. jun 10securityOpenAI Frames Instruction Hierarchy as an Open Challenge, Not a Prompt-Injection Fix
  29. jun 08securitySkill Injection: Hiding Undetectable Instructions in What an AI Agent Loads
  30. jun 08securitySplitting a Malicious Task Across Tool Calls Slips Past LLM Agent Guardrails
  31. jun 07securityWeb Agents Can Be Talked Into Abandoning Their Task: The TRAP Benchmark
  32. jun 07securityShallow Neural Nets Beat LLM Guardrails at Catching Prompt Injection
  33. jun 07securityWhen an AI Agent Clicks a Link: OpenAI's Data-Exfiltration Model
  34. jun 06securityBenchmarking RAG Over Cyber Threat Intelligence: Where Retrieval Breaks
  35. jun 05securityStronger Safety Alignment Made LLMs Easier to Jailbreak, Not Harder
  36. jun 05securitySAML Signature Bypass Is Back: Inside the SAMLStorm Vulnerability Class
  37. jun 05securitySAMLStorm: The SAML Signature Bug That Forges Valid SSO Logins
  38. jun 05securityVercel's Flags SDK Exposed Feature-Flag Definitions via CVE-2025-46332
  39. jun 04securityJailbreak Suffixes Hit Harder at Specific Token Positions, New GCG Variant Shows
  40. jun 04securityOpenAI Adds Lockdown Mode to ChatGPT, Shifting Prompt-Injection Risk to Users
  41. jun 04securityActivation Steering Was Sold as LLM Control. New Work Makes It an Attack Surface
  42. jun 04securityCatching LLM Agents Leaking Credentials From Their Own Activations
  43. jun 04securityThe 2026 npm Attacks Proved AI Coding Assistants Are a Supply-Chain Target
  44. jun 03securityChatGPT's New Lockdown Mode Borrows Apple's Name for a Prompt-Injection Kill Switch
  45. jun 03securityStudents Are Prompt-Injecting AI Graders to Score Full Marks
  46. jun 03securityRemoving an LLM Backdoor Post-Training Without the Poisoned Data
  47. jun 03securityStored Prompt Injection Now Persists Across AI Agent Sessions
  48. jun 03securityLLM Data Poisoning Survives the Data-Cleaning Defenses Built to Stop It
  49. jun 02securityWhy OpenAI Bets on Instruction Hierarchy to Stop Prompt Injection
  50. jun 02securityStopping Multi-Turn LLM Jailbreaks Without Retraining the Model

Security coverage here starts from a premise other beats elide: the AI stack is not a new attack surface so much as an old one wearing fresh abstractions. Inference servers, agent frameworks, and notebook runtimes ship with the same deserialization, SSRF, and path-traversal classes that web infrastructure spent two decades learning to harden, only now wired directly to credential stores, tool execution, and untrusted model output. The interesting question is rarely whether a given framework is exploitable; it is which inherited assumption finally broke under agentic load.

We track three structural tensions. First, the collapse of the local-host trust model as agent protocols carry developer-grade defaults into multi-tenant deployments. Second, supply-chain compromise that bypasses scanner coverage by hiding in places package auditors do not look, from model repositories to preinstall hooks to registry metadata. Third, the shrinking window between coordinated disclosure and in-the-wild exploitation, which is increasingly measured in hours and which exposes how much of the ecosystem still treats patch cadence as a quarterly concern.

The frame is comparative and skeptical rather than alarmist. Vendor lockdown modes, model-level safety training, and detector benchmarks all get evaluated against the same standard: does this address a structural property of the system, or relocate the failure mode somewhere harder to audit? Jailbreak research, disclosure-policy enforcement, and institutional credential hygiene belong on the same beat because they fail for related reasons. The work is to name those reasons in a way that still reads true after the specific advisories have rolled off the front page.