Where AI infrastructure inherits the unpatched assumptions of the web stack beneath it, and trust boundaries collapse faster than disclosure timelines can keep up.https://groundy.com/en-ushttps://groundy.com/articles/amd-took-124-days-to-patch-the-rce-it-first-called-out-of-scope/https://groundy.com/articles/amd-took-124-days-to-patch-the-rce-it-first-called-out-of-scope/AMD closed a plaintext-HTTP RCE in its auto-updater as out of scope, then shipped a 124-day fix adding HTTPS but only a CRC32 checksum where a code signature belongs.Sun, 14 Jun 2026 23:59:40 GMTGroundy Editorial2026-06-14T00:00:00.000Zvulnerability-disclosureamdpatch-managementrcebug-bountyupdate-securitythreat-modelingGroundy Editorialhttps://groundy.com/articles/openai-frames-instruction-hierarchy-as-an-open-challenge-not-a-prompt-injection/https://groundy.com/articles/openai-frames-instruction-hierarchy-as-an-open-challenge-not-a-prompt-injection/OpenAI's IH-Challenge frames instruction hierarchy as an open benchmark, not a shipped defense, shifting prompt-injection protection to orchestration-layer filtering.Sat, 13 Jun 2026 03:20:40 GMTGroundy Editorial2026-06-13T00:00:00.000Zprompt-injectioninstruction-hierarchyagent-securityai-safetyorchestrationopenaiGroundy Editorialhttps://groundy.com/articles/skill-injection-hiding-undetectable-instructions-in-what-an-ai-agent-loads/https://groundy.com/articles/skill-injection-hiding-undetectable-instructions-in-what-an-ai-agent-loads/POISE achieves 89.3% attack success on codex+gpt-5.2 by placing malicious instructions where agents naturally execute them, making static content scanners effectively blind.Tue, 09 Jun 2026 23:04:30 GMTGroundy Editorial2026-06-09T00:00:00.000Zskill-injectionllm-agentsprompt-injectionai-securityagent-frameworkscontent-scanningGroundy Editorialhttps://groundy.com/articles/splitting-a-malicious-task-across-tool-calls-slips-past-llm-agent-guardrails/https://groundy.com/articles/splitting-a-malicious-task-across-tool-calls-slips-past-llm-agent-guardrails/Splitting a disallowed action into benign tool calls bypasses per-call safety filters in LLM agents, lifting jailbreak success by 28 percentage points over current baselines.Tue, 09 Jun 2026 07:52:02 GMTGroundy Editorial2026-06-09T00:00:00.000Zllm-securityagent-safetytool-callingguardrailsadversarial-attacksprovenance-trackingGroundy Editorialhttps://groundy.com/articles/web-agents-can-be-talked-into-abandoning-their-task-the-trap-benchmark/https://groundy.com/articles/web-agents-can-be-talked-into-abandoning-their-task-the-trap-benchmark/The TRAP benchmark finds 13 to 43 percent of web agent tasks can be redirected by persuasive page content, exposing a blind spot in current instruction-hierarchy defenses.Mon, 08 Jun 2026 16:00:15 GMTGroundy Editorial2026-06-08T00:00:00.000Zagent-safetyweb-agentsprompt-injectionpersuasion-attacksbenchmarksecurityGroundy Editorialhttps://groundy.com/articles/shallow-neural-nets-beat-llm-guardrails-at-catching-prompt-injection/https://groundy.com/articles/shallow-neural-nets-beat-llm-guardrails-at-catching-prompt-injection/GuardNet's 47M-parameter BiLSTM ensemble detects prompt injections in 50 ms on CPU, but 0.747 blind-benchmark AUROC and classifier-evasion risks leave the arms race.Mon, 08 Jun 2026 14:32:19 GMTGroundy Editorial2026-06-08T00:00:00.000Zprompt-injectionllm-securityguardrailsadversarial-attackslightweight-classifiersbilstmGroundy Editorialhttps://groundy.com/articles/when-an-ai-agent-clicks-a-link-openais-data-exfiltration-model/https://groundy.com/articles/when-an-ai-agent-clicks-a-link-openais-data-exfiltration-model/OpenAI's URL provenance filter concedes content inspection is intractable. Agents that mix sensitive data with web access face a structural exfiltration risk.Mon, 08 Jun 2026 08:01:51 GMTGroundy Editorial2026-06-08T00:00:00.000Zdata-exfiltrationprompt-injectionai-agentsurl-filteringopenaiagent-securityGroundy Editorialhttps://groundy.com/articles/benchmarking-rag-over-cyber-threat-intelligence-where-retrieval-breaks/https://groundy.com/articles/benchmarking-rag-over-cyber-threat-intelligence-where-retrieval-breaks/CTIConnect, a KDD 2026 benchmark of 1,860 QA pairs across five CTI feeds, shows retrieval quality, not model size, determines copilot accuracy across ten LLMs.Sun, 07 Jun 2026 09:19:51 GMTGroundy Editorial2026-06-07T00:00:00.000Zragcyber-threat-intelligenceretrieval-qualitysoc-copilotknowledge-graphsllm-benchmarksGroundy Editorialhttps://groundy.com/articles/stronger-safety-alignment-made-llms-easier-to-jailbreak-not-harder/https://groundy.com/articles/stronger-safety-alignment-made-llms-easier-to-jailbreak-not-harder/A single-query attack turns safety-trained LLMs' own refusal reasoning against them. Across 30 models, better safety judgment correlated with higher exploit rates, not lower.Sat, 06 Jun 2026 15:52:52 GMTGroundy Editorial2026-06-10T00:00:00.000Zllm-safetyjailbreaksafety-alignmentadversarial-attacksrlhfai-securityGroundy Editorialhttps://groundy.com/articles/saml-signature-bypass-is-back-inside-the-samlstorm-vulnerability-class/https://groundy.com/articles/saml-signature-bypass-is-back-inside-the-samlstorm-vulnerability-class/XML Signature Wrapping attacks on SAML keep recurring because the gap between validation and processing is structural. Edge WAF rules are a delaying tactic, not a fix.Sat, 06 Jun 2026 15:37:34 GMTGroundy Editorial2026-06-06T00:00:00.000Zsamlxml-signature-wrappingssoweb-application-firewallidentity-securitycanonicalizationGroundy Editorialhttps://groundy.com/articles/samlstorm-the-saml-signature-bug-that-forges-valid-sso-logins/https://groundy.com/articles/samlstorm-the-saml-signature-bug-that-forges-valid-sso-logins/SAML signature-confusion attacks exploit gaps between XML canonicalization and parsing, letting attackers mutate signed assertions to forge authenticated SSO sessions.Sat, 06 Jun 2026 08:53:00 GMTGroundy Editorial2026-06-06T00:00:00.000Zsamlssosignature-confusionxml-canonicalizationidentity-securityvercelGroundy Editorialhttps://groundy.com/articles/vercels-flags-sdk-exposed-feature-flag-definitions-via-cve-2025-46332/https://groundy.com/articles/vercels-flags-sdk-exposed-feature-flag-definitions-via-cve-2025-46332/CVE-2025-46332 exposed flag names, rollout conditions, and security kill switches via Vercel's discovery endpoint, making operational metadata into reconnaissance material.Sat, 06 Jun 2026 01:49:42 GMTGroundy Editorial2026-06-06T00:00:00.000Zcve-2025-46332feature-flagsvercelinformation-disclosuresecurity-vulnerabilityreconnaissanceGroundy Editorialhttps://groundy.com/articles/jailbreak-suffixes-hit-harder-at-specific-token-positions-new-gcg-variant-shows/https://groundy.com/articles/jailbreak-suffixes-hit-harder-at-specific-token-positions-new-gcg-variant-shows/SlotGCG shows adversarial token position, not just content, determines jailbreak success, with 14% higher attack rates and 42% higher rates against defended models.Fri, 05 Jun 2026 11:14:33 GMTGroundy Editorial2026-06-05T00:00:00.000Zjailbreakadversarial-attacksgcgllm-securityperplexity-filteringslotgcgGroundy Editorialhttps://groundy.com/articles/openai-adds-lockdown-mode-to-chatgpt-shifting-prompt-injection-risk-to-users/https://groundy.com/articles/openai-adds-lockdown-mode-to-chatgpt-shifting-prompt-injection-risk-to-users/OpenAI's Lockdown Mode disables agentic features builders rely on rather than fixing prompt injection at runtime, forcing a binary choice between security and capability.Fri, 05 Jun 2026 10:45:48 GMTGroundy Editorial2026-06-05T00:00:00.000Zprompt-injectionchatgptopenaisecurityagentic-workflowslockdown-modeGroundy Editorialhttps://groundy.com/articles/activation-steering-was-sold-as-llm-control-new-work-makes-it-an-attack-surface/https://groundy.com/articles/activation-steering-was-sold-as-llm-control-new-work-makes-it-an-attack-surface/Poisoning 4-6% of tokens in a steering dataset silently inverts refusal vectors into jailbreaks, achieving 20-55% ASR. Shared vector bundles are the attack surface.Fri, 05 Jun 2026 08:43:48 GMTGroundy Editorial2026-06-05T00:00:00.000Zactivation-steeringjailbreaksupply-chain-securityllm-safetydata-poisoningrepresentation-engineeringGroundy Editorialhttps://groundy.com/articles/catching-llm-agents-leaking-credentials-from-their-own-activations/https://groundy.com/articles/catching-llm-agents-leaking-credentials-from-their-own-activations/A new arXiv study shows credential leaks by LLM agents are detectable inside model activations before output tokens are generated, moving DLP upstream from text filtering.Fri, 05 Jun 2026 05:26:57 GMTGroundy Editorial2026-06-05T00:00:00.000Zcredential-exfiltrationllm-agentsactivation-probingagent-securitydata-loss-preventionmulti-turn-attacksGroundy Editorialhttps://groundy.com/articles/the-2026-npm-attacks-proved-ai-coding-assistants-are-a-supply-chain-target/https://groundy.com/articles/the-2026-npm-attacks-proved-ai-coding-assistants-are-a-supply-chain-target/The 2026 npm supply-chain wave explicitly targeted AI coding assistants as privileged identities. Lockfiles and ignore-scripts stopped what SLSA provenance and OIDC could not.Fri, 05 Jun 2026 00:08:43 GMTGroundy Editorial2026-06-05T00:00:00.000Znpm-supply-chainai-coding-assistantsopen-source-securitypackage-managementdevsecopsmalwareGroundy Editorialhttps://groundy.com/articles/chatgpts-new-lockdown-mode-borrows-apples-name-for-a-prompt-injection-kill/https://groundy.com/articles/chatgpts-new-lockdown-mode-borrows-apples-name-for-a-prompt-injection-kill/OpenAI's ChatGPT Lockdown Mode disables web browsing, images, and Deep Research, conceding that model-level defenses against prompt injection have plateaued as of early 2026.Thu, 04 Jun 2026 23:49:43 GMTGroundy Editorial2026-06-04T00:00:00.000Zprompt-injectionchatgpt-securitylockdown-modeopenainetwork-exfiltrationenterprise-aiGroundy Editorialhttps://groundy.com/articles/students-are-prompt-injecting-ai-graders-to-score-full-marks/https://groundy.com/articles/students-are-prompt-injecting-ai-graders-to-score-full-marks/A June 2026 arXiv study finds that prompt injection in student submissions manipulates LLM grading systems into awarding full marks, and current defenses do not hold.Thu, 04 Jun 2026 19:36:10 GMTGroundy Editorial2026-06-04T00:00:00.000Zprompt-injectionllm-gradingai-educationacademic-integrityadversarial-inputllm-securityGroundy Editorialhttps://groundy.com/articles/removing-an-llm-backdoor-post-training-without-the-poisoned-data/https://groundy.com/articles/removing-an-llm-backdoor-post-training-without-the-poisoned-data/Patcher removes LLM backdoor triggers from a single observed failure and model weights, no poisoned training data required. Deployers gain an alternative to full retraining.Thu, 04 Jun 2026 11:34:38 GMTGroundy Editorial2026-06-04T00:00:00.000Zllm-backdoormodel-securitybackdoor-removalsupply-chainopen-weight-modelsadversarial-mlGroundy Editorialhttps://groundy.com/articles/stored-prompt-injection-now-persists-across-ai-agent-sessions/https://groundy.com/articles/stored-prompt-injection-now-persists-across-ai-agent-sessions/Prompt injection planted in one agent session resurfaces in later ones through persistent memory and tool state, bypassing input sanitization that only validates external.Thu, 04 Jun 2026 08:55:56 GMTGroundy Editorial2026-06-04T00:00:00.000Zprompt-injectionagent-securityllm-securityai-agentscross-session-attacksowaspGroundy Editorialhttps://groundy.com/articles/llm-data-poisoning-survives-the-data-cleaning-defenses-built-to-stop/https://groundy.com/articles/llm-data-poisoning-survives-the-data-cleaning-defenses-built-to-stop/The Phantom Transfer attack plants password-triggered backdoors into LLMs and survives all 11 tested data-level defenses, including full paraphrasing of every training sample.Thu, 04 Jun 2026 05:40:09 GMTGroundy Editorial2026-06-04T00:00:00.000Zdata-poisoningllm-securitybackdoor-attacksmodel-trainingweight-inspectiontraining-dataGroundy Editorialhttps://groundy.com/articles/why-openai-bets-on-instruction-hierarchy-to-stop-prompt-injection/https://groundy.com/articles/why-openai-bets-on-instruction-hierarchy-to-stop-prompt-injection/OpenAI's instruction hierarchy improves TensorTrust scores to 0.94, not 1.0. The gap is probabilistic, not a protocol guarantee, and the burden falls on app builders.Wed, 03 Jun 2026 23:17:15 GMTGroundy Editorial2026-06-03T00:00:00.000Zprompt-injectioninstruction-hierarchyllm-securityopenaiagent-safetydefense-in-depthGroundy Editorialhttps://groundy.com/articles/stopping-multi-turn-llm-jailbreaks-without-retraining-the-model/https://groundy.com/articles/stopping-multi-turn-llm-jailbreaks-without-retraining-the-model/THRD is a training-free defense against multi-turn LLM jailbreaks that runs entirely at inference time, cutting attack success to 0.2-4.0% without modifying model weights.Wed, 03 Jun 2026 21:20:20 GMTGroundy Editorial2026-06-03T00:00:00.000Zllm-safetyjailbreak-defenseinference-timemulti-turn-attacksai-securityadversarial-robustnessGroundy Editorialhttps://groundy.com/articles/african-languages-are-a-jailbreak-blind-spot-for-english-tuned-llm-safety/https://groundy.com/articles/african-languages-are-a-jailbreak-blind-spot-for-english-tuned-llm-safety/TukaBench extends JailbreakBench to seven African languages and finds English safety alignment fails to transfer. Culturally adapted prompts widen the gap for deployers.Wed, 03 Jun 2026 20:37:20 GMTGroundy Editorial2026-06-03T00:00:00.000Zllm-safetymultilingual-aijailbreakred-teamingafrican-languagesai-alignmentGroundy Editorialhttps://groundy.com/articles/poisoning-open-source-llm-merges-one-bad-checkpoint-hijacks-the-result/https://groundy.com/articles/poisoning-open-source-llm-merges-one-bad-checkpoint-hijacks-the-result/RogueMerge shows a single poisoned task vector survives six merge algorithms across 170+ LLMs, breaking the assumption that merging dilutes adversarial influence.Wed, 03 Jun 2026 16:02:00 GMTGroundy Editorial2026-06-03T00:00:00.000Zllm-mergingmodel-securityadversarial-attackssupply-chainopen-source-llmsbackdoor-attacksGroundy Editorialhttps://groundy.com/articles/an-autonomous-research-agent-now-discovers-sota-llm-jailbreak-attacks/https://groundy.com/articles/an-autonomous-research-agent-now-discovers-sota-llm-jailbreak-attacks/Claudini's autonomous loop designs jailbreak algorithms hitting 80% ASR on GPT-OSS-Safeguard and 100% on Meta-SecAlign-70B. Attack discovery now costs a compute run.Wed, 03 Jun 2026 14:02:38 GMTGroundy Editorial2026-06-03T00:00:00.000Zllm-jailbreakadversarial-attacksai-safetyautomated-red-teamingllm-securityautonomous-agentsGroundy Editorialhttps://groundy.com/articles/malware-can-prompt-inject-the-ai-agent-reverse-engineering/https://groundy.com/articles/malware-can-prompt-inject-the-ai-agent-reverse-engineering/Decompiled malware strings can prompt-inject LLM agents used for triage. Defenses fail over 85% of the time, and formal analysis argues the problem is structurally unsolvable.Wed, 03 Jun 2026 11:06:09 GMTGroundy Editorial2026-06-03T00:00:00.000Zprompt-injectionmalware-analysisllm-agentsreverse-engineeringadversarial-mlcyber-securityGroundy Editorialhttps://groundy.com/articles/cve-factory-turns-published-cves-into-security-agent-training-data-a-32b-model/https://groundy.com/articles/cve-factory-turns-published-cves-into-security-agent-training-data-a-32b-model/CVE-Factory reproduces known CVEs at 66% verified accuracy. A 32B model trained on its traces beats Claude 4.5 Sonnet, commoditizing offensive security expertise.Wed, 03 Jun 2026 09:54:40 GMTGroundy Editorial2026-06-10T00:00:00.000Zvulnerability-reproductionsecurity-agentscve-benchmarksmodel-fine-tuningopen-source-securityoffensive-securityGroundy Editorialhttps://groundy.com/articles/llm-reasoning-traces-leak-the-private-data-theyre-told-to-hide/https://groundy.com/articles/llm-reasoning-traces-leak-the-private-data-theyre-told-to-hide/Reasoning models embed sensitive data in chain-of-thought traces omitted from final answers, creating a privacy gap that output-level safety training cannot address.Tue, 02 Jun 2026 17:17:56 GMTGroundy Editorial2026-06-02T00:00:00.000Zchain-of-thoughtprivacyprompt-injectionllm-safetyreasoning-modelsdata-leakagemodel-deploymentGroundy Editorialhttps://groundy.com/articles/video-jailbreaks-hit-multimodal-llms-by-splitting-payloads-across-clips/https://groundy.com/articles/video-jailbreaks-hit-multimodal-llms-by-splitting-payloads-across-clips/Splitting harmful requests across benign video clips defeats per-frame moderation on eight multimodal LLMs, forcing safety teams to invest in cross-clip semantic reasoning.Tue, 02 Jun 2026 11:57:18 GMTGroundy Editorial2026-06-02T00:00:00.000Zvideo-jailbreakmultimodal-safetycontent-moderationadversarial-attacksmllmvideo-modalityGroundy Editorialhttps://groundy.com/articles/vercel-ai-sdk-cve-2025-48985-input-validation-bypass-hits-llm-app-builders/https://groundy.com/articles/vercel-ai-sdk-cve-2025-48985-input-validation-bypass-hits-llm-app-builders/An index mismatch in Vercel AI SDK lets attackers inject arbitrary bytes into prompt file inputs. With no NVD CVSS score yet, most dependency scanners will not flag it.Mon, 01 Jun 2026 19:15:55 GMTGroundy Editorial2026-06-02T00:00:00.000Zcveai-sdkinput-validationsupply-chainllm-securitydependency-managementGroundy Editorialhttps://groundy.com/articles/hijacking-ai-agent-memory-one-conversation-can-plant-a-persistent-trojan/https://groundy.com/articles/hijacking-ai-agent-memory-one-conversation-can-plant-a-persistent-trojan/MemPoison plants a persistent trojan in AI agent memory through ordinary conversation, defeating extraction and rewriting pipelines with up to 95% attack success.Mon, 01 Jun 2026 15:54:38 GMTGroundy Editorial2026-06-02T00:00:00.000Zagent-memorymemory-poisoningadversarial-attacksllm-securityembedding-attackspersistent-memoryGroundy Editorialhttps://groundy.com/articles/why-attack-success-rate-misleads-llm-jailbreak-benchmarks/https://groundy.com/articles/why-attack-success-rate-misleads-llm-jailbreak-benchmarks/The ASR metric behind every jailbreak leaderboard collapses distinct safety failures into one number, so models with the same score can fail in completely different ways.Mon, 01 Jun 2026 15:07:36 GMTGroundy Editorial2026-06-02T00:00:00.000Zllm-safetyjailbreak-benchmarksattack-success-ratetemporal-logit-observabilityllm-evaluationred-teamingGroundy Editorialhttps://groundy.com/articles/job-seekers-are-prompt-injecting-ai-resume-screeners-new-study-measures-the-hit/https://groundy.com/articles/job-seekers-are-prompt-injecting-ai-resume-screeners-new-study-measures-the-hit/A USENIX Security 2026 study of 200K real resumes found 1% contain hidden prompt injections, with 90% stuffing invisible keywords rather than manipulating LLM instructions.Sun, 31 May 2026 15:48:34 GMTGroundy Editorial2026-06-02T00:00:00.000Zprompt-injectionresume-screeningllm-securityhiring-techadversarial-attacksats-vendorsGroundy Editorialhttps://groundy.com/articles/why-audio-jailbreaks-slip-past-the-safety-training-built-for-text-llms/https://groundy.com/articles/why-audio-jailbreaks-slip-past-the-safety-training-built-for-text-llms/A taxonomy of audio jailbreak attacks reveals four surfaces text-trained guardrails never cover, forcing voice-interface vendors to red-team each modality separately.Sun, 31 May 2026 14:25:30 GMTGroundy Editorial2026-06-02T00:00:00.000Zaudio-jailbreaksllm-safetymultimodal-alignmentadversarial-attacksvoice-interfacesmodel-securityGroundy Editorialhttps://groundy.com/articles/lora-adapter-backdoors-generalize-beyond-their-trigger-tokens/https://groundy.com/articles/lora-adapter-backdoors-generalize-beyond-their-trigger-tokens/A LoRA adapter backdoor generalizes across token neighborhoods beyond the trained trigger, making behavioral probing mandatory for teams consuming community fine-tunes.Sun, 31 May 2026 12:07:26 GMTGroundy Editorial2026-06-02T00:00:00.000Zlora-adaptersbackdoor-detectionsupply-chain-securityllm-fine-tuningtoken-generalizationbehavioral-probingGroundy Editorialhttps://groundy.com/articles/three-labs-concede-browser-agents-cannot-stop-prompt-injection/https://groundy.com/articles/three-labs-concede-browser-agents-cannot-stop-prompt-injection/OpenAI, Anthropic, and DeepMind concede prompt injection in browsing agents is architectural, not patchable, with attacks succeeding over 80% of the time in recent tests.Fri, 29 May 2026 19:11:42 GMTGroundy Editorial2026-05-29T00:00:00.000Zprompt-injectionai-agentsbrowser-securityadversarial-attacksai-safetyllm-securityGroundy Editorialhttps://groundy.com/articles/vercel-firewall-now-blocks-samlstorm-can-an-edge-waf-fix-a-saml-signature-flaw/https://groundy.com/articles/vercel-firewall-now-blocks-samlstorm-can-an-edge-waf-fix-a-saml-signature-flaw/Vercel's firewall blocks SAMLStorm payloads at the edge, but HTTP-layer rules cannot validate SAML signature canonicalization. The dashboard badge is a tripwire, not a fix.Fri, 29 May 2026 16:33:43 GMTGroundy Editorial2026-05-29T00:00:00.000Zsamlvercel-firewallwafxml-cryptosignature-wrappingsamlstormGroundy Editorialhttps://groundy.com/articles/vercel-could-block-react2shell-at-the-edge-its-next-13-cves-had-no-shortcut/https://groundy.com/articles/vercel-could-block-react2shell-at-the-edge-its-next-13-cves-had-no-shortcut/Vercel shielded hosted React apps from React2Shell at the platform layer. Its May 2026 batch of 13 advisories, none fixable by WAF, proves that edge was the exception.Wed, 27 May 2026 20:07:51 GMTGroundy Editorial2026-05-28T00:00:00.000Zreact-server-componentsreact2shellvercelsecurity-vulnerabilityself-hostingrcecveGroundy Editorialhttps://groundy.com/articles/openai-adds-a-gpt-5-system-card-addendum-on-sensitive-conversations/https://groundy.com/articles/openai-adds-a-gpt-5-system-card-addendum-on-sensitive-conversations/OpenAI's GPT-5 addendum adds mental health evals and reports large safety gains between builds, but a buried extremism regression and scattered docs complicate compliance.Wed, 27 May 2026 18:07:24 GMTGroundy Editorial2026-06-10T00:00:00.000Zgpt-5system-cardsai-safetycompliancemental-healthopenaiGroundy Editorialhttps://groundy.com/articles/mcp-tool-description-poisoning-new-benchmark-shows-agents-trust-manuals-that-lie/https://groundy.com/articles/mcp-tool-description-poisoning-new-benchmark-shows-agents-trust-manuals-that-lie/A new MCP benchmark shows GPT-4o susceptible to nearly 100% of attacks where a tool's description lies about its purpose, a gap runtimes and scanners cannot detect.Wed, 27 May 2026 17:17:57 GMTGroundy Editorial2026-05-28T00:00:00.000Zmcptool-description-poisoningagent-securityllm-benchmarkprompt-injectiongpt-4oGroundy Editorialhttps://groundy.com/articles/openais-new-safety-bug-bounty-pays-researchers-for-jailbreaks-and-policy/https://groundy.com/articles/openais-new-safety-bug-bounty-pays-researchers-for-jailbreaks-and-policy/OpenAI's safety bounties create a vendor-controlled disclosure market where NDAs silence participants, payouts trail serious red-team costs, and open publication has no lane.Wed, 27 May 2026 14:42:22 GMTGroundy Editorial2026-05-28T00:00:00.000Zbug-bountyjailbreakprompt-injectionai-safetyopenaired-teamingresponsible-disclosureGroundy Editorialhttps://groundy.com/articles/axios-npm-compromise-forces-vercel-into-platform-level-remediation/https://groundy.com/articles/axios-npm-compromise-forces-vercel-into-platform-level-remediation/When compromised axios npm versions carried a North Korean RAT, Vercel blocked C2 egress at the deploy layer because the npm registry did not verify OIDC provenance.Wed, 27 May 2026 13:04:28 GMTGroundy Editorial2026-05-27T00:00:00.000Znpm-supply-chainaxiosvercelsapphire-sleetoidc-provenancepackage-securityGroundy Editorialhttps://groundy.com/articles/next-js-dev-server-cve-2025-48068-any-web-page-could-read-your-source-files/https://groundy.com/articles/next-js-dev-server-cve-2025-48068-any-web-page-could-read-your-source-files/CVE-2025-48068 lets any webpage read source files from a running Next.js dev server via cross-origin script inclusion, exposing secrets loaded in .env files.Wed, 27 May 2026 11:26:45 GMTGroundy Editorial2026-05-27T00:00:00.000Znextjscvecross-origindev-serverfrontend-securitylocalhostGroundy Editorialhttps://groundy.com/articles/apple-names-claude-in-cve-credit-line-setting-vendor-attribution-precedent/https://groundy.com/articles/apple-names-claude-in-cve-credit-line-setting-vendor-attribution-precedent/Apple named Claude in a macOS Tahoe 26.5 CVE credit, the first major vendor to credit an LLM in a security advisory, forcing a decision on AI attribution across the industry.Tue, 26 May 2026 13:10:04 GMTGroundy Editorial2026-06-10T00:00:00.000Zcve-attributionai-security-researchapple-securitybug-bountyvulnerability-disclosureclaudeGroundy Editorialhttps://groundy.com/articles/cisas-internal-data-leak-tests-the-disclosure-standards-it-sets-for-others/https://groundy.com/articles/cisas-internal-data-leak-tests-the-disclosure-standards-it-sets-for-others/CISA exposed cloud credentials on GitHub for months while preparing to mandate 72-hour breach reporting under CIRCIA, undermining its enforcement credibility.Mon, 25 May 2026 15:48:54 GMTGroundy Editorial2026-05-26T00:00:00.000Zcisacirciabreach-disclosurecredential-leakcybersecurity-policyincident-responseGroundy Editorialhttps://groundy.com/articles/tanstack-npm-attack-when-oidc-trusted-publishing-becomes-the-attack-vector/https://groundy.com/articles/tanstack-npm-attack-when-oidc-trusted-publishing-becomes-the-attack-vector/The TanStack npm attack published 84 malicious packages without a leaked token, exploiting OIDC trusted publishing so the CI workflow itself became the credential.Mon, 25 May 2026 15:04:39 GMTGroundy Editorial2026-05-26T00:00:00.000Zsupply-chainoidcnpmgithub-actionstrusted-publishingsecurityGroundy Editorialhttps://groundy.com/articles/nx-s1ngularity-attackers-used-local-claude-code-and-gemini-cli-to-steal/https://groundy.com/articles/nx-s1ngularity-attackers-used-local-claude-code-and-gemini-cli-to-steal/The s1ngularity attack used AI coding agents on developer machines to steal credentials from over 1,000 accounts, exposing a gap that npm scanning alone cannot close.Mon, 25 May 2026 12:57:03 GMTGroundy Editorial2026-05-26T00:00:00.000Zsupply-chain-securityai-coding-agentsnpm-securitycredential-harvestingdeveloper-toolss1ngularity-attackGroundy Editorialhttps://groundy.com/articles/openai-ships-lockdown-mode-and-elevated-risk-labels-for-chatgpt-sessions/https://groundy.com/articles/openai-ships-lockdown-mode-and-elevated-risk-labels-for-chatgpt-sessions/OpenAI's Lockdown Mode kills ChatGPT network exfiltration paths at the infrastructure layer, conceding that model-level filtering cannot stop prompt injection.Sun, 24 May 2026 16:51:51 GMTGroundy Editorial2026-05-24T00:00:00.000Zprompt-injectionchatgpt-securitylockdown-modeai-safetydata-exfiltrationenterprise-aiGroundy Editorial