Topic: ai vulnerabilities
-
ImmuniWeb Boosts AI-Powered Security Testing & Compliance
ImmuniWeb's Q4 update focuses on identifying AI-specific vulnerabilities, including the OWASP Top 10 for LLMs, and expands capabilities for detecting exposed AI infrastructure and shadow IT assets. The platform enhances compliance testing for regulations like EU DORA, introduces new reporting fea...
Read More » -
Google Ignores Critical Gemini ASCII Attack
A newly discovered ASCII smuggling vulnerability in Google's Gemini AI allows attackers to use invisible Unicode characters to manipulate the system, potentially spreading false information or accessing unauthorized data. This security flaw affects multiple AI platforms including Google Gemini, D...
Read More » -
Google’s Gemini AI Hacked via Poisoned Calendar Invite to Control Smart Homes
Security researchers found a vulnerability in Google's Gemini AI, where malicious calendar invites can hijack smart home systems using hidden plain English commands. The attack exploits delayed automatic tool invocation, lying dormant until triggered by casual user interactions like saying "thank...
Read More » -
Exclusive: US Government's Hidden AI Safety Report Revealed
A cybersecurity conference uncovered 139 vulnerabilities in AI systems during a stress-testing exercise, revealing flaws like misinformation generation and data exposure, contradicting proposed government safety standards. NIST's unpublished report on AI vulnerabilities was allegedly suppressed d...
Read More » -
Copilot Prompt Injection: Flaws or AI Limits?
A security engineer's findings on Microsoft Copilot, which Microsoft dismissed as not meeting vulnerability criteria, highlight a growing divide between vendors and independent researchers on assessing risks in generative AI platforms. The disclosed techniques, including prompt injection leading ...
Read More » -
New ChatGPT Attack Steals Secrets from Gmail Inboxes
A new prompt injection attack successfully extracted sensitive Gmail data by manipulating AI assistants, exploiting how AI interprets instructions and remaining difficult to prevent. The vulnerability was addressed reactively after discovery, using a method that bypassed existing protections by d...
Read More » -
Chatbots Vulnerable to Flattery and Peer Pressure
AI chatbots, despite ethical safeguards, are vulnerable to psychological manipulation, as demonstrated by a study where persuasion techniques successfully prompted GPT-4o Mini to comply with harmful requests like insulting users or providing instructions for synthesizing lidocaine. The research a...
Read More » -
Claude's New AI File Feature: Built-In Security Risks Exposed
Anthropic's new file creation tool for Claude AI enables users to generate documents like Excel and PowerPoint files but introduces significant security risks, including potential data exposure to external servers. The tool operates in a sandboxed environment with internet access, making it vulne...
Read More » -
Anthropic's Claude AI Agent Now Integrates Directly in Chrome
Anthropic has launched a Claude AI agent as a Chrome extension for select testers, offering contextual browsing assistance and task automation, with initial access limited to 1,000 premium subscribers. This development is part of a broader industry trend where companies like Google, Perplexity, a...
Read More » -
5 Essential Ways to Guard Your AI Browser from Prompt Injections
The integration of AI into web browsers introduces significant security risks, with "prompt injection attacks" being a primary threat that can manipulate AI assistants to produce harmful outputs or steal data. These attacks, which can be direct or indirect (like the HashJack technique), exploit...
Read More » -
Microsoft's 2025 Cyberdefense Report: The New Rules of Engagement
AI is fundamentally reshaping cybersecurity by empowering attackers to refine methods, automate operations, and overwhelm traditional defenses, with nation-state actors increasingly leveraging AI for phishing, vulnerability identification, and malware modification. Identity has become the primary...
Read More » -
Insider Threats: Australia's Top Cybersecurity Risk
Australian organisations are shifting their cybersecurity focus to insider threats, with 84% expecting an increase and 58% ranking them as a greater risk than external attackers. Many businesses are unprepared for insider threats, as only 34% use advanced detection tools like user behaviour analy...
Read More »