Tagged articles

143 articles

Page 1 of 2

May 19, 2026 · Information Security

Securing AI Tool Calls with PermissionGate and BashSandbox: A Deep Dive

The article analyzes the security challenges of AI coding assistants that can read files, run shell commands, and call external APIs, and presents a layered defense architecture—PermissionGate for tool‑level gating and BashSandbox for command‑level filtering—detailing design principles, risk classifications, user‑authorization flows, and prompt‑injection detection.

AI securityBashSandboxPermissionGate

0 likes · 28 min read

Securing AI Tool Calls with PermissionGate and BashSandbox: A Deep Dive

AI Engineer Programming

May 18, 2026 · Artificial Intelligence

Designing an Agent Gateway: Bridging Business Logic and Protocol Infrastructure

The article analyzes why traditional API gateways cannot meet the needs of stateful Agentic workflows and proposes a dedicated Agent gateway that handles access control, cross‑service execution tracing, and pre‑LLM security enforcement while addressing connection overhead, session fan‑out, and observability challenges.

A2AAI securityAgent Gateway

0 likes · 14 min read

Designing an Agent Gateway: Bridging Business Logic and Protocol Infrastructure

Machine Learning Algorithms & Natural Language Processing

May 14, 2026 · Artificial Intelligence

Embodied AI Security Survey: A Multi‑Layer Framework for Risks, Attacks, and Defenses

This survey systematically reviews Embodied AI security, proposing a five‑layer taxonomy (perception, cognition, planning, action & interaction, agentic system) that organizes over 400 papers on attacks, defenses, and open challenges, and highlights overlooked vulnerabilities such as multimodal perception fusion and planning instability under jailbreak attacks.

AI securityEmbodied AIadversarial attacks

0 likes · 26 min read

Embodied AI Security Survey: A Multi‑Layer Framework for Risks, Attacks, and Defenses

Black & White Path

May 13, 2026 · Information Security

AI‑Powered 0‑Day Discovery: How Attackers Autonomously Bypassed 2FA

In May 2026, Google Threat Intelligence disclosed that a cybercrime group used a large‑language model to autonomously identify a semantic‑logic flaw in a popular open‑source Python‑based web management tool, generate a Python exploit that bypasses its two‑factor authentication, and launch mass automated attacks, prompting new blue‑team detection and defense strategies.

0-day2FA bypassAI security

0 likes · 12 min read

AI‑Powered 0‑Day Discovery: How Attackers Autonomously Bypassed 2FA

Black & White Path

May 13, 2026 · Information Security

Why the 90‑Day Vulnerability Disclosure Policy Is Effectively Dead

The article argues that AI‑driven discovery, rapid exploit generation, and simultaneous reporting have shattered the four original assumptions of the 90‑day disclosure window, leaving the policy obsolete as patches often lag behind public exploits and industry debates intensify.

AI securityLinux kernelexploit development

0 likes · 15 min read

Why the 90‑Day Vulnerability Disclosure Policy Is Effectively Dead

Black & White Path

May 12, 2026 · Information Security

16 CVEs Reveal Hidden Risks in Automotive Open‑Source Components

In May 2026, sixteen CVEs exposing vulnerabilities in small automotive open‑source libraries—covering CAN, UDS, ISO‑TP, and J1939—highlight how over‑trusted protocol fields, underestimated local boundaries, and neglected supply‑chain maintenance create a blind spot in vehicle security, prompting AI‑assisted research and concrete defensive recommendations.

AI securityCVESupply Chain

0 likes · 13 min read

16 CVEs Reveal Hidden Risks in Automotive Open‑Source Components

Machine Learning Algorithms & Natural Language Processing

May 11, 2026 · Artificial Intelligence

Claude Mythos Cracks AI Benchmark Ceiling, Super‑Exponential Leap Toward 2027 Singularity

Claude Mythos shattered the METR AI evaluation ceiling by achieving a 50% success rate on 16‑hour tasks, indicating a super‑exponential growth that already outpaces the 2027 AGI timeline, while raising urgent security and industry‑wide implications.

AGI timelineAI benchmarkingAI security

0 likes · 9 min read

Claude Mythos Cracks AI Benchmark Ceiling, Super‑Exponential Leap Toward 2027 Singularity

Black & White Path

May 9, 2026 · Information Security

Ollama ‘Bleeding Llama’ Vulnerability Puts 300K Servers at Risk of Sensitive Data Exposure

A critical CVE‑2026‑7482 flaw in Ollama’s model quantization pipeline, dubbed “Bleeding Llama,” allows unauthenticated attackers to craft GGUF files that read beyond buffer limits, potentially leaking prompts, API keys and other confidential data from over 300,000 internet‑exposed servers, with mitigation requiring an upgrade to version 0.17.1 and stricter network controls.

AI securityBleeding LlamaCVE-2026-7482

0 likes · 5 min read

Ollama ‘Bleeding Llama’ Vulnerability Puts 300K Servers at Risk of Sensitive Data Exposure

Woodpecker Software Testing

May 7, 2026 · Artificial Intelligence

Open-Source AI Security Testing Tools Every Test Engineer Must Know

As AI becomes core to systems, traditional testing falls short; this article compares four production‑grade open‑source tools, shows real‑world failure cases, and outlines three practical rules for integrating AI security testing into CI/CD pipelines.

AI securityLLM safetyadversarial robustness

0 likes · 9 min read

Open-Source AI Security Testing Tools Every Test Engineer Must Know

Architects' Tech Alliance

May 6, 2026 · Artificial Intelligence

Why Anthropic Is Hiding Claude Mythos and What It Means for China

Anthropic’s Claude Mythos, a supposedly world‑leading AI model for autonomous zero‑day discovery and network defense, is kept secret and only shared with a handful of US tech giants, prompting a deep analysis of its capabilities, risks, and implications for China’s cybersecurity landscape.

AI securityAnthropicCapability Safety

0 likes · 8 min read

Why Anthropic Is Hiding Claude Mythos and What It Means for China

SuanNi

May 6, 2026 · Information Security

Why AI Can't Keep Secrets and How Output Filtering Provides a Bulletproof Defense

Developers often hide credentials in system prompts, but a massive stress test by Swept AI and the University of Michigan shows that given enough time, large language models inevitably reveal those secrets, and only strict output‑filtering defenses consistently prevent leakage.

AI securityLarge Language Modelsoutput filtering

0 likes · 10 min read

Why AI Can't Keep Secrets and How Output Filtering Provides a Bulletproof Defense

21CTO

May 3, 2026 · Artificial Intelligence

Pentagon CTO Says Anthropic Remains Barred as Mythos Raises Security Stakes

Pentagon CTO Emil Michael clarifies that, despite interest in Anthropic’s Claude Mythos for its remarkable ability to uncover and exploit legacy code vulnerabilities, the U.S. defense department is only evaluating the model and has no plans to deploy it, citing national‑security and supply‑chain risks.

AI securityAnthropicClaude Mythos

0 likes · 5 min read

Pentagon CTO Says Anthropic Remains Barred as Mythos Raises Security Stakes

Black & White Path

May 3, 2026 · Information Security

Pentest‑AI: One‑Command, Fully Automated Penetration Testing in 4 Minutes

Pentest‑AI is an MIT‑licensed, locally‑run framework that automates reconnaissance, authentication, vulnerability chaining, PoC validation, and report generation for web, AD, cloud, and more, delivering a client‑ready Markdown/HTML/PDF/SARIF report in about four minutes with a single command.

AI securityCI/CD integrationPentest-AI

0 likes · 10 min read

Pentest‑AI: One‑Command, Fully Automated Penetration Testing in 4 Minutes

SuanNi

May 1, 2026 · Artificial Intelligence

Agent Skill Future Outlook: Trends, Challenges, and Opportunities

This analysis explores the seven openness challenges of Agent Skills, the evolution of capability and trust models, combination security, lifecycle management, autonomous skill generation, multi‑modal extensions, ecosystem growth, commercialization pathways, long‑term human‑AI collaboration, and security risks, concluding with actionable recommendations for developers, enterprises, and ecosystem builders.

AI agentsAI futureAI security

0 likes · 9 min read

Agent Skill Future Outlook: Trends, Challenges, and Opportunities

AI Waka

Apr 27, 2026 · Information Security

Building Intelligent Security Agents with Claude Skills: A Complete AI Cybersecurity Guide

The article explains how Anthropic’s Claude Skills framework enables AI agents to execute expert-level cybersecurity tasks by organizing 734+ MITRE ATT&CK‑mapped skills, detailing their structure, progressive loading, real‑world workflows, deployment steps, customization, and the operational benefits for SOCs, detection engineers, and incident responders.

AI securityAgent SkillsClaude

0 likes · 17 min read

Building Intelligent Security Agents with Claude Skills: A Complete AI Cybersecurity Guide

Machine Heart

Apr 27, 2026 · Artificial Intelligence

What Do Your Logits Know? Surprising Insights from Apple’s New AI Paper

Apple’s recent AI paper probes whether large vision‑language models truly forget user data by examining residual streams and final logits, revealing that hidden image attributes persist in top‑k outputs and exposing significant privacy and security risks.

AI securityVision-Language Modelsinformation bottleneck

0 likes · 11 min read

What Do Your Logits Know? Surprising Insights from Apple’s New AI Paper

Java Tech Enthusiast

Apr 26, 2026 · Industry Insights

Should Legacy Open‑Source Projects Embrace AI‑Generated Code?

The article examines the split in the open‑source community over AI‑generated contributions, contrasting strict bans by projects like Vim Classic and Redox with the majority of major projects that now accept labeled AI code, and explores the resulting policy experiments, legal concerns, and security implications.

AI securityAI-generated codeLinux kernel

0 likes · 13 min read

Should Legacy Open‑Source Projects Embrace AI‑Generated Code?

DataFunTalk

Apr 25, 2026 · Artificial Intelligence

DeepSeek‑V4 vs GPT‑5.5: First Real‑World Tests Reveal Surprising Results

On the day GPT‑5.5 launched, DeepSeek‑V4 followed, and a series of head‑to‑head tests—including a logic puzzle, an IMO math problem, HTML generation, game‑engine coding, token‑efficiency measurement, and a network‑security challenge—showed GPT‑5.5 generally leading while DeepSeek demonstrated notable strengths and cost advantages.

AI model benchmarkAI securityCoding Agent

0 likes · 14 min read

DeepSeek‑V4 vs GPT‑5.5: First Real‑World Tests Reveal Surprising Results

AI Explorer

Apr 24, 2026 · Artificial Intelligence

Hands‑On Large‑Model Tutorial: From Fine‑Tuning to Security Attacks (34k‑Star Repo)

This article introduces the open‑source "Dive into LLMs" tutorial (34k+ GitHub stars) that offers a complete, hands‑on workflow for large language models—from fine‑tuning and deployment to prompt engineering, knowledge editing, math reasoning, watermarking, and jailbreak security experiments—along with step‑by‑step Jupyter notebooks and easy setup instructions.

AI securityFine-tuningJupyter Notebook

0 likes · 6 min read

Hands‑On Large‑Model Tutorial: From Fine‑Tuning to Security Attacks (34k‑Star Repo)

SuanNi

Apr 24, 2026 · Artificial Intelligence

2026 Agent Skills Technical & Security Whitepaper Released – A Comprehensive Guide for AI Engineers

The 2026 Agent Skills whitepaper, officially released by the算泥 community, analyzes the evolution of prompting, function calling, the Model Context Protocol (MCP), core limitations of current AI agents, and the rapid expansion of the Agent Skills ecosystem across coding and non‑coding scenarios.

AI agentsAI ecosystemAI security

0 likes · 9 min read

2026 Agent Skills Technical & Security Whitepaper Released – A Comprehensive Guide for AI Engineers

Black & White Path

Apr 23, 2026 · Information Security

Anthropic’s Mythos Model Breached: How a Simple URL Guess Undermined AI Security

Anthropic’s flagship AI model Claude Mythos was accessed by unauthorized Discord users through contractor credentials and URL guessing, prompting an official response, disputed claims by ShinyHunters, alarming AISI test results, and a ripple of concern across the AI and financial sectors.

AI securityAISIAnthropic

0 likes · 9 min read

Anthropic’s Mythos Model Breached: How a Simple URL Guess Undermined AI Security

Black & White Path

Apr 22, 2026 · Information Security

Multi‑Stage Web‑Induced RCE Attack Bypassing OpenClaw’s Safeguards

The article dissects a multi‑stage web‑induced remote code execution attack against OpenClaw, detailing how crafted HTML pages manipulate the tool‑calling workflow, evade built‑in security notices, and ultimately trigger a malicious curl‑pipe‑python command, followed by a thorough source‑code analysis and defensive recommendations.

AI securityOpenClawRCE

0 likes · 21 min read

Multi‑Stage Web‑Induced RCE Attack Bypassing OpenClaw’s Safeguards

Black & White Path

Apr 21, 2026 · Information Security

Anthropic MCP Protocol’s Design-Level Flaw Threatens Over 200K Servers – AI Supply‑Chain Alarm

A security report by OX Security reveals a systemic design flaw in Anthropic's Model Context Protocol (MCP) STDIO layer that enables command injection, whitelist bypass, zero‑click prompt attacks, and marketplace poisoning, affecting more than 200,000 servers and prompting urgent mitigation across the AI supply chain.

AI securityAnthropicCVE

0 likes · 11 min read

Anthropic MCP Protocol’s Design-Level Flaw Threatens Over 200K Servers – AI Supply‑Chain Alarm

Black & White Path

Apr 21, 2026 · Information Security

Claude Opus Demonstrates AI‑Assisted Chrome Exploit Chain Construction

A security researcher used Anthropic's Claude Opus to automatically combine two V8 vulnerabilities—CVE‑2026‑5873 and a sandbox‑escape flaw—to build a full Chrome exploit chain against an outdated Electron‑based Discord client, highlighting patch‑lag risks, economic incentives, and current AI limitations.

AI securityCVE-2026-5873Chrome exploit

0 likes · 5 min read

Claude Opus Demonstrates AI‑Assisted Chrome Exploit Chain Construction

ITPUB

Apr 20, 2026 · Industry Insights

Why Cal.com Closed Its Source: AI‑Driven Threats Redefining Open‑Source Security

The article analyzes Cal.com’s abrupt shift to a closed‑source model, arguing that AI‑powered vulnerability discovery has turned open‑source transparency from a defensive advantage into a liability, and explores industry reactions, supporting data, and broader implications for the future of open‑source software.

AI securityindustry insightsopen‑source

0 likes · 11 min read

Why Cal.com Closed Its Source: AI‑Driven Threats Redefining Open‑Source Security

21CTO

Apr 20, 2026 · Information Security

How Anthropic’s Opus Model Generates Real‑World Chrome Exploits and What It Means for Security

Anthropic’s Opus 4.6 model can automatically craft a working V8 JavaScript engine exploit for Chrome 138, costing $2,283 in API usage, which demonstrates how AI‑driven code generation is reshaping vulnerability research, shortening patch windows, and forcing a rethink of software security practices.

AI securityChrome vulnerabilityOpus model

0 likes · 7 min read

How Anthropic’s Opus Model Generates Real‑World Chrome Exploits and What It Means for Security

ByteDance SE Lab

Apr 15, 2026 · Information Security

Why Traditional IAM Fails for Agentic AI and How New Identity Frameworks Secure OpenClaw

The rapid rise of autonomous AI agents like OpenClaw exposes severe security gaps—over‑privileged access, unauthenticated public instances, and one‑click RCE—forcing a rethink of identity‑centric IAM designs that can protect agents through propagation, secretless auth, context awareness, and intent‑aware authorization.

AI securityAgentic AIIAM

0 likes · 15 min read

Why Traditional IAM Fails for Agentic AI and How New Identity Frameworks Secure OpenClaw

Machine Heart

Apr 15, 2026 · Artificial Intelligence

When Usability Becomes a Weakness: How VENOM Breaks Vertical Federated Learning

The paper reveals that intermediate representations in vertical federated learning retain exploitable geometric structure, and introduces VENOM—a geometry‑aware model‑stealing framework that outperforms existing defenses across multiple datasets, even under distribution shift.

AI securityVENOMgeometry-based attack

0 likes · 6 min read

When Usability Becomes a Weakness: How VENOM Breaks Vertical Federated Learning

Machine Heart

Apr 15, 2026 · Information Security

OpenAI Unveils Cyber‑Focused GPT‑5.4‑Cyber, Sparking Comparison with Anthropic’s Claude Mythos

OpenAI has introduced GPT‑5.4‑Cyber, a security‑tuned version of its GPT‑5.4 model released through the Trusted Access for Cyber (TAC) program, offering higher‑level permissions for vetted defenders and prompting industry observers to compare it with Anthropic’s recently launched Claude Mythos.

AI securityClaude MythosGPT-5.4-Cyber

0 likes · 6 min read

OpenAI Unveils Cyber‑Focused GPT‑5.4‑Cyber, Sparking Comparison with Anthropic’s Claude Mythos

Machine Learning Algorithms & Natural Language Processing

Apr 12, 2026 · Information Security

Anthropic Warns: AI‑Driven 0‑Day Explosions Threaten SaaS Giants and Trigger Billion‑Dollar Market Crash

Anthropic’s Claude Mythos preview scored a perfect Cybench benchmark, uncovered multiple zero‑day bugs, and sparked a steep plunge in Cloudflare’s stock, prompting a warning that AI‑accelerated vulnerability discovery could collapse SaaS business models and force a shift to AI‑driven security practices.

AI securityAnthropicClaude Mythos

0 likes · 7 min read

Anthropic Warns: AI‑Driven 0‑Day Explosions Threaten SaaS Giants and Trigger Billion‑Dollar Market Crash

SuanNi

Apr 10, 2026 · Information Security

How Tiny Memory Files Turn AI Assistants into Hackable Backdoors

Researchers from UC Berkeley, NUS, Tencent and ByteDance reveal that a single hidden line in an AI assistant’s memory file can trigger OpenClaw to leak core keys or erase disks, detailing a three‑dimensional CIK attack model, real‑world tests on four top LLMs, and mitigation strategies.

AI securityCIK architectureMemory injection

0 likes · 11 min read

How Tiny Memory Files Turn AI Assistants into Hackable Backdoors

AI Explorer

Apr 10, 2026 · Industry Insights

AI Daily (Apr 10 2026): Content Creation Beats Humans, Meta App Store Surge, Gemini 3D Upgrade, and More

The April 10 2026 AI roundup reports that AI‑generated content is projected to outpace human writing by year‑end, Meta’s Muse Spark app climbs to #5 in the US App Store, Google Gemini adds interactive 3D tools for education, Anthropic tops OpenAI in revenue, and several breakthroughs span security frameworks, chip verification, open‑source physical AI, music generation, and vision‑language models.

AI chipsAI educationAI music

0 likes · 7 min read

AI Daily (Apr 10 2026): Content Creation Beats Humans, Meta App Store Surge, Gemini 3D Upgrade, and More

Machine Learning Algorithms & Natural Language Processing

Apr 9, 2026 · Industry Insights

Claude Mythos Unveiled: Beats Opus 4.6 by a Wide Margin, Costs 5× More, and Is Locked Away for Safety

Claude Mythos, Anthropic’s latest model, outperforms Opus 4.6 across benchmarks (SWE‑bench +24%, Verified +13%, Terminal‑Bench +17%), costs roughly five times more, and is being kept under lock‑down in the “Project Glasswing” security initiative involving major tech firms to mitigate its newly discovered high‑risk vulnerabilities.

AI securityAnthropicClaude Mythos

0 likes · 6 min read

Claude Mythos Unveiled: Beats Opus 4.6 by a Wide Margin, Costs 5× More, and Is Locked Away for Safety

SuanNi

Apr 9, 2026 · Industry Insights

Can AI Models Like Claude Mythos Prevent the Next Wave of Zero‑Day Exploits?

Anthropic’s Claude Mythos Preview demonstrates how advanced AI can autonomously discover and exploit thousands of zero‑day vulnerabilities, prompting a coalition of tech giants to launch Project Glasswing to harness this power for defensive security across critical infrastructure, while warning of the escalating risks of AI‑driven attacks.

AI securityClaude MythosIndustry collaboration

0 likes · 11 min read

Can AI Models Like Claude Mythos Prevent the Next Wave of Zero‑Day Exploits?

Black & White Path

Apr 9, 2026 · Information Security

When AI Steals Jobs: Lessons from Claude Mythos Ban for Security Professionals

Anthropic’s decision to withhold the powerful Claude Mythos model sparked a joint industry effort called Project Glasswing, revealing how AI can dramatically accelerate vulnerability discovery and prompting security professionals to rethink their roles, adopt AI tools, and evolve their skill sets.

AI securityClaude MythosProject Glasswing

0 likes · 9 min read

When AI Steals Jobs: Lessons from Claude Mythos Ban for Security Professionals

Machine Heart

Apr 8, 2026 · Artificial Intelligence

Claude Mythos Preview: A Powerful, Dangerous AI Model and Anthropic’s Security Initiative

Anthropic’s Claude Mythos Preview demonstrates a dramatic leap in code‑understanding and autonomous reasoning, autonomously uncovering thousands of zero‑day bugs and outperforming prior models on security and reasoning benchmarks, while prompting a cautious release strategy, high operational costs, and the launch of the industry‑wide Project Glasswing.

AI securityAnthropicClaude Mythos

0 likes · 14 min read

Claude Mythos Preview: A Powerful, Dangerous AI Model and Anthropic’s Security Initiative

ShiZhen AI

Apr 8, 2026 · Artificial Intelligence

Why Anthropic’s Claude Mythos Preview Is Too Powerful to Sell

Anthropic’s Claude Mythos Preview uncovered thousands of zero‑day bugs across major operating systems and browsers, outperformed all benchmark suites, and is being kept out of the public market in favor of a exclusive Project Glasswing partnership with twelve tech giants.

AI securityAnthropicClaude Mythos

0 likes · 11 min read

Why Anthropic’s Claude Mythos Preview Is Too Powerful to Sell

Node.js Tech Stack

Apr 8, 2026 · Artificial Intelligence

Anthropic’s Mythos Preview Crushes Opus 4.6 and Remains Unreleased

Anthropic introduced the Mythos Preview model, which outperforms its flagship Opus 4.6 across coding benchmarks and uncovers thousands of high‑severity security bugs, yet the company keeps the model private and launches a $100 million Project Glasswing initiative with major tech partners to secure critical software.

AI securityAnthropicLarge Language Models

0 likes · 9 min read

Anthropic’s Mythos Preview Crushes Opus 4.6 and Remains Unreleased

AI Insight Log

Apr 7, 2026 · Artificial Intelligence

Anthropic Unveils ‘Too Powerful to Release’ Mythos Model; Apple, Microsoft, Google Join Security Alliance

Anthropic released the Claude Mythos Preview, a model that outperforms Claude Opus 4.6 on multiple software‑engineering benchmarks and uncovers thousands of high‑severity vulnerabilities, while forming the Project Glasswing alliance with twelve tech giants to safeguard critical software infrastructure, yet keeping the model closed to the public.

AI securityAnthropicMythos

0 likes · 8 min read

Anthropic Unveils ‘Too Powerful to Release’ Mythos Model; Apple, Microsoft, Google Join Security Alliance

Machine Learning Algorithms & Natural Language Processing

Apr 7, 2026 · Artificial Intelligence

Claude Cracks the World's Most Secure OS in 4 Hours—AI Crosses the Rubicon

In a four‑hour, fully autonomous operation, Claude exploited a newly disclosed FreeBSD kernel vulnerability, built two functional exploits, and gained root access, illustrating a dramatic shift where AI now matches nation‑state offensive capabilities and accelerates security threats at an exponential pace.

AI capability growthAI securityCVE-2026-4747

0 likes · 10 min read

Claude Cracks the World's Most Secure OS in 4 Hours—AI Crosses the Rubicon

Machine Heart

Apr 6, 2026 · Information Security

Bridging the Trust Gap in Agent Deployment: Introducing AgentWard Full-Stack Defense OS

AgentWard is a full‑stack security operating system for autonomous AI agents that protects the entire lifecycle—from startup and input handling to memory, decision alignment, and execution—using layered defenses that have already blocked over 95% of simulated attacks in real‑world tests.

AI securityAgentWardAutonomous Agents

0 likes · 19 min read

Bridging the Trust Gap in Agent Deployment: Introducing AgentWard Full-Stack Defense OS

Alibaba Cloud Native

Apr 3, 2026 · Information Security

How a Supply‑Chain Poisoning of LiteLLM Exposed Critical AI API Secrets – and What to Do

A March 2026 supply‑chain attack injected malicious code into LiteLLM versions 1.82.7/1.82.8, silently stealing API keys, SSH credentials, cloud tokens and more, while a cloud‑native AI gateway from Alibaba offers a secure, zero‑exposure alternative and detailed remediation steps.

AI securityAPI Key LeakageAlibaba Cloud AI Gateway

0 likes · 14 min read

How a Supply‑Chain Poisoning of LiteLLM Exposed Critical AI API Secrets – and What to Do

AI Large-Model Wave and Transformation Guide

Apr 2, 2026 · Information Security

What the Claude Code Source Leak Exposes About AI Tool Security

The accidental publication of 512,000 lines of Claude Code's TypeScript source via a mis‑packaged .map file sparked a rapid 48‑hour crisis that exposed internal APIs, feature flags, and unreleased features, prompting a deep technical dissection, impact analysis on users, Anthropic, and the broader AI industry, and a set of concrete security recommendations for AI product development.

AI securityClaude CodeDevOps

0 likes · 10 min read

What the Claude Code Source Leak Exposes About AI Tool Security

AntTech

Apr 2, 2026 · Information Security

How ClawAegis Secures OpenClaw AI Agents with a Native Immunity System

Ant Group’s AI Security Lab and Tsinghua University have open‑sourced ClawAegis, a native security‑immune framework for OpenClaw agents that protects the entire lifecycle—from initialization to execution—by detecting malicious skill injections, memory poisoning, permission abuse, and providing dynamic auditing, configurable policies, and resource‑level safeguards.

AI securityAgent safetyOpenClaw

0 likes · 5 min read

How ClawAegis Secures OpenClaw AI Agents with a Native Immunity System

SuanNi

Apr 1, 2026 · Information Security

What the Claude Code Leak Reveals About AI Model Security and Hidden Features

An accidental packaging error exposed the full Claude Code source—over 500,000 lines of TypeScript, internal anti‑distillation safeguards, hidden "Undercover" and "Buddy" modules, and a zero‑interaction backdoor—prompting a worldwide security analysis and fierce community reaction.

AI securityClaudeSoftware Architecture

0 likes · 13 min read

What the Claude Code Leak Reveals About AI Model Security and Hidden Features

ITPUB

Apr 1, 2026 · Industry Insights

What a 59.8 MB Source Map Revealed About Claude Code’s Architecture and Security

A misconfigured npm package unintentionally published a massive source‑map that exposed over 1,900 files and 51,000 lines of Claude Code’s TypeScript, unveiling its full architecture, hidden features, and security flaws while prompting industry‑wide lessons on supply‑chain hygiene and AI safety.

AI securityAnthropicClaude Code

0 likes · 8 min read

What a 59.8 MB Source Map Revealed About Claude Code’s Architecture and Security

ByteDance SE Lab

Apr 1, 2026 · Information Security

How Hidden Prompt Attacks Threaten OpenClaw Agents and the AgentArmor Defense

The article analyzes how malicious prompt injections can hijack OpenClaw agents' decision logic, outlines three core risk categories—intent deviation, workflow hijack, and data leakage—and presents AgentArmor's runtime protection framework that uses intent alignment, control‑flow integrity, and data‑flow confidentiality checks to mitigate these threats.

AI securityAgentArmorOpenClaw

0 likes · 19 min read

How Hidden Prompt Attacks Threaten OpenClaw Agents and the AgentArmor Defense

Black & White Path

Mar 31, 2026 · Information Security

DeepSeek’s Early‑Year Security Fallout: A Post‑Mortem

The article dissects DeepSeek’s series of security breaches in early 2025—including an open ClickHouse database, multiple XSS flaws, model‑level attacks, and regulatory fallout—highlighting how rapid AI product rollout can outpace essential security safeguards.

AI securityClickHouse exposureDeepSeek

0 likes · 14 min read

DeepSeek’s Early‑Year Security Fallout: A Post‑Mortem

Black & White Path

Mar 30, 2026 · Information Security

OWASP Top 10 Risks for LLMs Every AI Security Beginner Must Know

The article outlines the OWASP Top 10 threats for large language model applications—including prompt injection, data leakage, supply‑chain attacks, model poisoning, improper output handling, excessive agency, system prompt leakage, vector embedding weaknesses, misinformation, and unbounded consumption—plus three essential mitigation rules for newcomers.

AI securityLLMOWASP

0 likes · 6 min read

OWASP Top 10 Risks for LLMs Every AI Security Beginner Must Know

Black & White Path

Mar 29, 2026 · Information Security

How Hackers Leveraged AI to Compromise Trivy and LiteLLM – A Supply‑Chain Attack Case Study

An obscure hacker group, TeamPCP, used an AI agent powered by Anthropic’s Claude to trick the open‑source security scanner Trivy into revealing its GitHub credentials, then injected malicious code into Trivy’s updates and subsequently compromised the AI gateway LiteLLM, exposing critical supply‑chain vulnerabilities in popular AI development tools.

AI securityClaudeLiteLLM

0 likes · 5 min read

How Hackers Leveraged AI to Compromise Trivy and LiteLLM – A Supply‑Chain Attack Case Study

ShiZhen AI

Mar 27, 2026 · Artificial Intelligence

Anthropic’s Secret ‘Capybara’ Model Leaked: So Powerful Even the Company Hesitates to Release It

A CMS misconfiguration exposed Anthropic’s unreleased Claude Mythos model, codenamed Capybara, revealing its unprecedented cybersecurity capabilities, massive scale, and the company’s cautious rollout strategy amid fierce competition from OpenAI and Google.

AI competitionAI securityAnthropic

0 likes · 6 min read

Anthropic’s Secret ‘Capybara’ Model Leaked: So Powerful Even the Company Hesitates to Release It

JavaEdge

Mar 26, 2026 · Information Security

How Claude Code’s Automatic Permission System Balances Security and Usability

The article analyzes Claude Code’s new automatic permission mode, detailing its three operation options, two‑layer classifier architecture, threat model, decision flow, rule customization, evaluation results, design trade‑offs, and future plans for improving AI‑driven security.

AI securityAutomated approvalClaude Code

0 likes · 10 min read

How Claude Code’s Automatic Permission System Balances Security and Usability

Black & White Path

Mar 26, 2026 · Information Security

ProjectDiscovery Unveils Neo: AI‑Driven Autonomous Penetration Testing Platform at RSAC 2026

At RSAC 2026, ProjectDiscovery launched Neo, an AI‑powered, end‑to‑end autonomous penetration testing platform that integrates 30+ security agents, delivers verifiable exploits, and outperformed traditional scanners by finding 66 vulnerabilities—including 24 unseen by any other tool—in three AI‑generated full‑stack applications.

AI securityNeo platformProjectDiscovery

0 likes · 6 min read

ProjectDiscovery Unveils Neo: AI‑Driven Autonomous Penetration Testing Platform at RSAC 2026

Black & White Path

Mar 26, 2026 · Industry Insights

Google’s 15‑Year Bug Bounty Payouts Reach $81.6 Million, 2025 Rewards Jump 40%

In 2025 Google’s Vulnerability Reward Program paid $17.1 million—40% more than the previous year—bringing the 15‑year cumulative bounty to $81.6 million, with major payouts to Chrome, Cloud, AI, Android and other product teams.

AI securityAndroid SecurityBug Bounty

0 likes · 4 min read

Google’s 15‑Year Bug Bounty Payouts Reach $81.6 Million, 2025 Rewards Jump 40%

AI Open-Source Efficiency Guide

Mar 23, 2026 · Artificial Intelligence

Can OpenClaw’s Broad Permissions Be Tamed? Introducing ClawReins – an Audited AI Agent Guard

The article explains how OpenClaw agents can pose severe security risks when granted root access and presents ClawReins, a watchdog layer that intercepts dangerous actions, requires human approval, logs decisions, runs pre‑execution scans, and integrates ToolShield to provide production‑grade AI safety.

AI securityClawReinsNode.js

0 likes · 17 min read

Can OpenClaw’s Broad Permissions Be Tamed? Introducing ClawReins – an Audited AI Agent Guard

AI Explorer

Mar 20, 2026 · Industry Insights

Key AI Breakthroughs and Market Moves on March 20 2026

On March 20 2026, Alibaba’s Qwen 3.5‑Max topped the LMArena blind‑test, OpenAI bought Astral to boost AI coding, Zhejiang University released a real‑time 4D world model, Meta’s Agent leaked data, and a series of AI‑driven innovations from Nvidia, robotics to drug discovery reshaped the industry.

AI design toolsAI hardwareAI programming

0 likes · 7 min read

Key AI Breakthroughs and Market Moves on March 20 2026

NiuNiu MaTe

Mar 16, 2026 · Information Security

Is OpenClaw Safe? Inside the Massive AI Agent Security Crisis

OpenClaw, the popular AI agent with over 300,000 GitHub stars, harbors severe security flaws—including 512 vulnerabilities, malicious skill injections, and an exposed backend—allowing attackers to execute commands, steal credentials, and hijack systems; this article outlines the four main threat vectors and practical steps to mitigate them.

AI securityOpenClawprivilege escalation

0 likes · 9 min read

Is OpenClaw Safe? Inside the Massive AI Agent Security Crisis

phodal

Mar 12, 2026 · Information Security

How AI-Generated Code Amplifies Vulnerabilities and What Security Scans Reveal

An in‑depth analysis of Codex Security’s scans shows that AI‑assisted code production doesn’t create new bug types but dramatically speeds up the spread of existing flaws, prompting a shift toward automated, engineering‑driven defenses for large‑scale code generation.

AI securityVulnerability Managementautomation

0 likes · 11 min read

How AI-Generated Code Amplifies Vulnerabilities and What Security Scans Reveal

Black & White Path

Mar 10, 2026 · Information Security

Inside OpenClaw Skill Market: Popularity, Threats, and Defense Strategies

The article analyzes OpenClaw’s rapidly growing Skill ecosystem, exposing over 600 malicious plugins hidden among 13,000+ skills, details four poisoning techniques, presents a multi‑source detection pipeline with AI‑driven semantic audit, and offers practical defenses for both enterprises and ordinary users.

AI securityAgentArmorOpenClaw

0 likes · 18 min read

Inside OpenClaw Skill Market: Popularity, Threats, and Defense Strategies

AI Explorer

Mar 8, 2026 · Information Security

Anthropic’s Claude Opus Finds 22 Firefox Bugs in Two Weeks, Hinting at a Security Paradigm Shift

In just two weeks, Anthropic’s Claude Opus 4.6 model identified 22 security flaws in the Firefox codebase, including 14 high‑severity issues, demonstrating that advanced AI can move from auxiliary analysis to core vulnerability hunting and potentially reshape the security industry’s fundamental dynamics.

AI securityClaude OpusDevSecOps

0 likes · 6 min read

Anthropic’s Claude Opus Finds 22 Firefox Bugs in Two Weeks, Hinting at a Security Paradigm Shift

PaperAgent

Mar 8, 2026 · Information Security

Why IronClaw Could Be the Secure Future of OpenClaw AI Assistants

A new watchboard reveals over 258,000 publicly exposed OpenClaw instances, prompting urgent security measures, while the recently released IronClaw—built with Rust, WASM sandboxing, and multi‑layer defenses—offers a hardened alternative, detailing its orchestrator, worker, and routine engines and how they protect AI assistants from prompt‑injection attacks.

AI securityOpenClawRust

0 likes · 4 min read

Why IronClaw Could Be the Secure Future of OpenClaw AI Assistants

Woodpecker Software Testing

Mar 6, 2026 · Artificial Intelligence

A Practical Guide to Implementing AI Security Testing in Production

With AI now core to production systems, this guide outlines a four‑step, measurable, auditable approach—defining security boundaries, building lightweight test toolchains, creating explainable test cases, and establishing cross‑functional collaboration—backed by real‑world banking and healthcare deployments and concrete metrics.

AI securitybehavioral contractsci/cd

0 likes · 8 min read

A Practical Guide to Implementing AI Security Testing in Production

AI Explorer

Mar 5, 2026 · Information Security

Shannon Lite: Fully Automated AI-Powered White-Box Penetration Testing for Modern CI/CD

Shannon Lite, an open-source AI-driven white-box penetration testing tool from Keygraph, automatically analyzes source code and performs real-world attacks on web applications and APIs, delivering exploitable vulnerability reports with a 96.15% success rate, and integrates seamlessly into CI/CD pipelines for rapid security testing.

AI securityShannon Liteci/cd

0 likes · 7 min read

Shannon Lite: Fully Automated AI-Powered White-Box Penetration Testing for Modern CI/CD

Woodpecker Software Testing

Mar 2, 2026 · Artificial Intelligence

Adversarial Testing: Three Disruptive Trends Shaping AI Quality in 2026

As AI becomes integral to systems, 2026 sees adversarial testing evolve into a core quality paradigm, highlighted by Dynamic Red‑Team as a Service, quantitative semantic robustness metrics, and large‑model‑driven autonomous test generation, each backed by real‑world case studies and measurable impact.

AI securityDRaaSLarge Language Models

0 likes · 7 min read

Adversarial Testing: Three Disruptive Trends Shaping AI Quality in 2026

PaperAgent

Feb 26, 2026 · Industry Insights

How Anthropic’s Claude Was Distilled at Scale and the Open‑Source DataClaw Response

Anthropic accused DeepSeek, Moonshot AI and MiniMax of running a massive distillation attack on Claude using over 24,000 fake accounts and 16 million interactions, prompting community member POM to release 155,000 Claude Code logs and the open‑source DataClaw tool for safe dataset creation.

AI securityClaudeDataClaw

0 likes · 4 min read

How Anthropic’s Claude Was Distilled at Scale and the Open‑Source DataClaw Response

Black & White Path

Feb 25, 2026 · Information Security

AI vs Human Hackers: Who Will Dominate Penetration Testing in 2026?

A joint study by Wiz and Irregular pits leading LLM agents against a senior pentester across ten real‑world vulnerability scenarios, revealing that AI can breach nine targets at under $10 per attack yet still lags in tool usage, creative reasoning, and prioritisation, offering crucial insights for security professionals.

AI securityLarge Language Modelshuman vs AI

0 likes · 13 min read

AI vs Human Hackers: Who Will Dominate Penetration Testing in 2026?

ShiZhen AI

Feb 25, 2026 · Artificial Intelligence

Anthropic Accuses Chinese AI Labs of Large-Scale Distillation Attack; Community Notes and Musk React

Anthropic's report alleges that DeepSeek, Moonshot AI, and MiniMax used 24,000 fake accounts to harvest 16 million Claude interactions for illicit model distillation, prompting Community Notes to expose Anthropic's own past data‑piracy settlements and sparking a rebuttal from Elon Musk.

AI securityAnthropicClaude

0 likes · 10 min read

Anthropic Accuses Chinese AI Labs of Large-Scale Distillation Attack; Community Notes and Musk React

Black & White Path

Feb 24, 2026 · Information Security

Hacker Groups Massively Exploit OpenClaw Vulnerabilities to Steal API Keys and Deploy Malware

Multiple hacking groups have leveraged critical vulnerabilities in the open‑source AI framework OpenClaw—formerly MoltBot and ClawdBot—to conduct large‑scale credential theft, supply‑chain poisoning, and malware deployment, compromising tens of thousands of instances worldwide within days of its viral spread.

AI securityAPI key theftCVE-2026-25253

0 likes · 4 min read

Hacker Groups Massively Exploit OpenClaw Vulnerabilities to Steal API Keys and Deploy Malware

Black & White Path

Feb 23, 2026 · Information Security

Claude Code Security Launch Triggers Billions‑Level Drop in Cybersecurity Stocks

When Anthropic quietly introduced Claude Code Security on February 20, the cybersecurity sector saw an immediate market shock, with CrowdStrike, Cloudflare, Okta and others plunging 7‑10% in hours, highlighting investors’ fear that AI‑driven code‑security could upend traditional security business models.

AI securityAnthropicClaude Code Security

0 likes · 6 min read

Claude Code Security Launch Triggers Billions‑Level Drop in Cybersecurity Stocks

AI Engineering

Feb 21, 2026 · Information Security

Anthropic Unveils Claude Code Security: AI Takes Over Code Vulnerability Detection

Anthropic's new Claude Code Security tool uses an AI model that reads code like a human researcher, detecting complex logic‑flaw and permission‑control bugs missed by traditional pattern‑matching scanners, providing multi‑round verification, confidence scores, and AI‑generated patches while still requiring developer approval.

AI securityAnthropicClaude

0 likes · 6 min read

Anthropic Unveils Claude Code Security: AI Takes Over Code Vulnerability Detection

Machine Learning Algorithms & Natural Language Processing

Feb 21, 2026 · Industry Insights

Claude's New Security Tool Triggers $10B Drop in Cybersecurity Stocks Overnight

Anthropic's Claude Code Security tool, which uncovered over 500 long‑standing bugs, sparked a market panic that saw leading cybersecurity stocks like CrowdStrike, Cloudflare and Okta plunge more than 5%, erasing over $100 billion in market value and raising concerns about AI's disruptive impact on the security industry.

AI securityAnthropicClaude

0 likes · 9 min read

Claude's New Security Tool Triggers $10B Drop in Cybersecurity Stocks Overnight

AI Insight Log

Feb 20, 2026 · Artificial Intelligence

Claude Code Security Agent Launch Sparks Cybersecurity Stock Crash – What Next?

Anthropic’s limited‑preview Claude Code Security, an AI agent that reads and patches code, triggered a sharp sell‑off in major cybersecurity stocks, while its ability to uncover hundreds of hidden bugs raises questions about the future role of traditional security firms and junior analysts.

AI securityAnthropicClaude Code

0 likes · 7 min read

Claude Code Security Agent Launch Sparks Cybersecurity Stock Crash – What Next?

Machine Learning Algorithms & Natural Language Processing

Feb 16, 2026 · Artificial Intelligence

How ICML 2026 Used Prompt Injection to Trap Automated Reviewers

Reviewers discovered hidden text in ICML 2026 PDFs that injects specific phrases into large‑language‑model generated reviews, turning an attack technique into a defense mechanism and prompting new safeguards such as watermarking and OCR‑based checks.

AI securityAcademic Peer ReviewICML 2026

0 likes · 6 min read

How ICML 2026 Used Prompt Injection to Trap Automated Reviewers

Black & White Path

Feb 13, 2026 · Information Security

Why AI-Powered Attack Toolkits Are Inevitable, Says Google Security Exec

Google senior security leaders warn that attackers are already using AI for tasks like phishing and data‑theft command generation, and that fully automated, end‑to‑end AI attack kits are only a matter of time, forcing defenders to rethink protection strategies.

AI securityAI-driven attackscloud security

0 likes · 6 min read

Why AI-Powered Attack Toolkits Are Inevitable, Says Google Security Exec

PaperAgent

Jan 21, 2026 · Artificial Intelligence

Can Single-Agent Skill Systems Outperform Multi-Agent Architectures?

This article analyzes recent Claude Skills research, revealing security flaws in over a quarter of skills, a systemic performance collapse when single-agent skill sets exceed 50‑100 items, and how hierarchical routing and cognitive‑capacity limits can restore accuracy while mitigating security risks.

AI securityAgent SkillsClaude

0 likes · 9 min read

Can Single-Agent Skill Systems Outperform Multi-Agent Architectures?

AI Insight Log

Jan 17, 2026 · Information Security

How the Django Co‑founder Used Claude to Reverse‑Engineer Its Own Sandbox

Simon Willison instructed Claude Cowork to explore its own application bundle, revealing that the AI runs inside a full Ubuntu 22.04 virtual machine on macOS via Apple’s Virtualization.framework, protected by a dual sandbox of VM isolation and Bubblewrap, with strict user and syscall restrictions.

AI securityBubblewrapClaude

0 likes · 6 min read

How the Django Co‑founder Used Claude to Reverse‑Engineer Its Own Sandbox

Aikesheng Open Source Community

Dec 7, 2025 · Information Security

How to Secure AI Vector Embeddings in MySQL: Risks and Best Practices

AI applications rely on vector embeddings for search and recommendation, but these rich vectors expose new security and privacy threats; this article explains the main risks, attack methods, and mature MySQL strategies—including secure storage, access control, encryption, auditing, and compliance—to protect vector data.

AI securityData Protectionaccess control

0 likes · 12 min read

How to Secure AI Vector Embeddings in MySQL: Risks and Best Practices

JavaEdge

Nov 16, 2025 · Artificial Intelligence

How Anthropic’s Claude Code Sandbox Secures AI Coding with OS‑Level Isolation

Anthropic introduced a sandbox for Claude Code that isolates file system and network access at the operating‑system level, reducing permission prompts and security risks while allowing developers to run, test, and submit code changes from a secure cloud VM.

AI securityAnthropicClaude Code

0 likes · 5 min read

How Anthropic’s Claude Code Sandbox Secures AI Coding with OS‑Level Isolation

Sohu Tech Products

Oct 29, 2025 · Information Security

Why a New Multimodal AI Security Dataset Is Essential for Detecting Deepfakes

As multimodal AI models become capable of generating realistic images, videos, and audio, the OpenMMSec benchmark provides a comprehensive, open‑source dataset and evaluation metrics that help researchers and developers detect and localize AI‑generated forgeries across all three modalities, addressing emerging security challenges.

AI securityEvaluation MetricsOpenMMSec

0 likes · 18 min read

Why a New Multimodal AI Security Dataset Is Essential for Detecting Deepfakes

21CTO

Oct 27, 2025 · Information Security

Why OpenAI’s Atlas Browser Faces Critical Prompt Injection Threats

OpenAI’s new Atlas browser is vulnerable to indirect prompt injection, a systemic risk for AI‑enabled browsers that lets attackers embed malicious commands in web pages, prompting security researchers to warn of immediate injection attacks, discuss mitigation attempts, and advise cautious use.

AI securityBrowser AgentsOpenAI Atlas

0 likes · 8 min read

Why OpenAI’s Atlas Browser Faces Critical Prompt Injection Threats

Volcano Engine Developer Services

Oct 23, 2025 · Artificial Intelligence

How Jeddak AgentArmor Secures AI Agents: A Deep Dive into Trustworthy AI

This article examines ByteDance's Jeddak AgentArmor framework, detailing the systemic risks of intent misinterpretation and constraint violations in AI agents, the full‑lifecycle threat model, dual probabilistic trust and policy mechanisms, and real‑world validation cases that demonstrate its effectiveness.

AI securityAgentArmorpolicy compliance

0 likes · 15 min read

How Jeddak AgentArmor Secures AI Agents: A Deep Dive into Trustworthy AI

Baidu Tech Salon

Oct 16, 2025 · Artificial Intelligence

How Baidu’s Large‑Model Security Guard Won Vivo’s Top Security Partner Award

At the 2025 Vivo Developer Conference, Baidu Security earned the Best Security Technology Partner award for its edge‑focused large‑model security solution, which tackles multi‑layered threats on devices through comprehensive content protection, tailored edge defenses, advanced attack detection, and a rigorous evaluation framework.

AI securityBaidu Securitycontent moderation

0 likes · 5 min read

How Baidu’s Large‑Model Security Guard Won Vivo’s Top Security Partner Award

Efficient Ops

Oct 12, 2025 · Information Security

What Exposed the AI Companion Apps? A Deep Dive into the Massive Data Leak

A recent breach of the AI companion apps Chattee and GiMe Chat exposed over 40 million private conversations, hundreds of thousands of media files, and transaction records due to publicly accessible Kafka brokers lacking any authentication, putting user privacy and security at serious risk.

AI securityKafkadata breach

0 likes · 3 min read

What Exposed the AI Companion Apps? A Deep Dive into the Massive Data Leak

DataFunTalk

Oct 12, 2025 · Artificial Intelligence

Can AI Be Hacked? Eric Schmidt Warns of Prompt Injection and Jailbreak Risks

Former Google CEO Eric Schmidt cautions that both open‑source and closed‑source AI models can be compromised through prompt injection and jailbreak techniques, urging the creation of a non‑proliferation regime to curb the growing security threats posed by advanced AI systems.

AI securityEric Schmidtjailbreak

0 likes · 5 min read

Can AI Be Hacked? Eric Schmidt Warns of Prompt Injection and Jailbreak Risks

Linux Code Review Hub

Oct 9, 2025 · Operations

Non‑Intrusive MCP Observability with eBPF: Introducing MCPSpy

The article explains how the emerging Model Context Protocol (MCP) for AI tools lacks visibility, outlines security and monitoring challenges, compares alternative tracing methods, and presents MCPSpy—a Linux‑only eBPF‑based, non‑intrusive solution that captures MCP stdio traffic, parses JSON‑RPC messages, and outputs human‑readable or JSON logs.

AI securityGoMCP

0 likes · 17 min read

Non‑Intrusive MCP Observability with eBPF: Introducing MCPSpy

Volcano Engine Developer Services

Sep 23, 2025 · Information Security

How to Secure Model Context Protocol (MCP) in AI Ecosystems: Threats and Solutions

This article examines the security challenges of the Model Context Protocol (MCP) in AI applications, analyzes attack surface expansion across creation, runtime, and update phases, and presents a comprehensive AI‑enhanced scanning architecture with mitigation strategies to protect the entire AI ecosystem.

AI securityCloud NativeMCP

0 likes · 23 min read

How to Secure Model Context Protocol (MCP) in AI Ecosystems: Threats and Solutions

360 Tech Engineering

Aug 14, 2025 · Artificial Intelligence

Why 2024 Is the Year of AI Agents: Insights from Zhou Hongyi

Zhou Hongyi’s article highlights AI’s pivotal role in the new technological wave, outlines the challenges of large models, introduces a five‑level taxonomy of intelligent agents, showcases 360’s swarm‑based deployments, and stresses the urgent need for security‑focused agents as AI reshapes enterprises.

AI securityAI trendsIntelligent agents

0 likes · 7 min read

Why 2024 Is the Year of AI Agents: Insights from Zhou Hongyi

AntTech

Jul 14, 2025 · Artificial Intelligence

How Can We Build Trustworthy AI with Systemic Multi‑Agent Governance?

The article reviews Yang Xiaofang’s presentation on trustworthy AI, emphasizing the need for systematic support, inclusive design, and participatory governance, and outlines the evolution, capabilities, risks, and multi‑layered solutions for multi‑agent AI systems.

AI securitygovernancemulti-agent systems

0 likes · 9 min read

How Can We Build Trustworthy AI with Systemic Multi‑Agent Governance?

Data Thinking Notes

Jul 10, 2025 · Artificial Intelligence

What Are China's Top 10 AI Trends for 2025? Insights from Gartner

Gartner's 2025 China AI Top Ten Trends report outlines ten key directions—including open‑source GenAI models, self‑built strategies, agent AI, frugal solutions, engineering focus, collaborative defense, talent growth, ubiquitous adoption, inclusive ecosystems, and data‑driven AI—while providing forecasts through 2030.

AI securityAI trendsChina

0 likes · 9 min read

What Are China's Top 10 AI Trends for 2025? Insights from Gartner

360 Tech Engineering

Jul 4, 2025 · Artificial Intelligence

How AI is Revolutionizing Security Operations: Insights from the 2025 Global Digital Economy Conference

The 2025 Global Digital Economy Conference highlighted the fusion of big data and AI in security, revealing both the transformative potential of large‑model technologies for operational efficiency and the critical challenges they pose, while showcasing 360's AI‑native platform and measurable performance gains.

AI securityBig DataDigital Transformation

0 likes · 5 min read

How AI is Revolutionizing Security Operations: Insights from the 2025 Global Digital Economy Conference

Tencent Technical Engineering

Jul 1, 2025 · Information Security

How Wukong AI Agent Uncovered a Critical RCE Vulnerability in LLaMA‑Factory (CVE‑2025‑53002)

This article details how the Wukong AI Agent automatically audited the popular LLaMA‑Factory project, discovered a high‑severity remote code execution vulnerability (CVE‑2025‑53002) caused by unsafe torch.load usage, reported it to the maintainers, and demonstrated the official fix that adds a secure weights_only flag.

AI securityCVE-2025-53002LLaMA-Factory

0 likes · 8 min read

How Wukong AI Agent Uncovered a Critical RCE Vulnerability in LLaMA‑Factory (CVE‑2025‑53002)

DataFunTalk

Jun 17, 2025 · Artificial Intelligence

Inside the Leaked US Government AI Platform: What ai.gov Aims to Do

A leaked GitHub repository reveals the Trump administration’s ambitious ai.gov project, slated to launch on July 4, which seeks to embed AI across federal agencies through chatbots, a super‑API, and a monitoring console, sparking debate over feasibility, security and FedRAMP compliance.

AI GovernanceAI policyAI security

0 likes · 7 min read

Inside the Leaked US Government AI Platform: What ai.gov Aims to Do

Zuoyebang Tech Team

Jun 12, 2025 · Information Security

How AI‑Powered RAG and Agents Are Revolutionizing Enterprise Security Operations

This article explains how the rise of AI large‑model technology and Retrieval‑Augmented Generation (RAG) combined with autonomous AI agents enable a three‑layer network‑boundary defense, address deep operational challenges such as alert overload and response latency, and dramatically improve incident‑response efficiency in large‑scale enterprises.

AI agentsAI securityLarge Language Models

0 likes · 16 min read

How AI‑Powered RAG and Agents Are Revolutionizing Enterprise Security Operations

MaGe Linux Operations

Jun 9, 2025 · Artificial Intelligence

Is Cursor AI Editor the Future of Coding? A Deep Dive into New Features and Risks

Anysphere's Cursor 1.0 launch introduces AI‑driven tools like BugBot, Background Agent, and Memories, while sparking debate over its VS Code fork strategy, competitive standing, revenue model, and emerging security concerns such as prompt‑injection attacks.

AI coding toolsAI editorAI security

0 likes · 11 min read

Is Cursor AI Editor the Future of Coding? A Deep Dive into New Features and Risks

Architecture Digest

Jun 4, 2025 · Information Security

Toxic Agent Flow: Exploiting GitHub MCP to Leak Private Repositories via Prompt Injection

A newly disclosed vulnerability in GitHub's Model‑Centric Programming (MCP) enables attackers to hijack AI agents through crafted GitHub Issues, injecting malicious prompts that cause the assistant to retrieve and expose private repository data, while the article also outlines mitigation strategies and defensive code examples.

AI securityAgent DefenseGitHub

0 likes · 7 min read

Toxic Agent Flow: Exploiting GitHub MCP to Leak Private Repositories via Prompt Injection

Data Thinking Notes

May 13, 2025 · Information Security

DeepSeek Security: Top 5 Model Threats and How to Defend

This report examines DeepSeek’s security and reliability by detailing five core model threats—DDoS attacks, unlimited inference, vulnerability exploitation, data poisoning, and jailbreak—alongside two private‑deployment risks and three external threats such as counterfeit apps, offering targeted mitigation strategies to help users safely adopt the platform.

AI securityDeepSeekmodel safety

0 likes · 8 min read

DeepSeek Security: Top 5 Model Threats and How to Defend

Java Backend Technology

Apr 30, 2025 · Information Security

When AI Becomes the Suspect: Dissecting a Crypto Theft and Code‑Poisoning Case

A crypto firm lost hundreds of thousands of USDT after a hard‑coded wallet address, allegedly inserted by an employee who blamed AI, prompting investigators to rule out AI misconduct and highlight human sabotage, while a separate ChatGPT‑generated code snippet secretly exfiltrated private keys, underscoring the emerging security risks of AI‑assisted programming.

AI riskAI securityBlockchain

0 likes · 4 min read

When AI Becomes the Suspect: Dissecting a Crypto Theft and Code‑Poisoning Case

Tencent Technical Engineering

Apr 10, 2025 · Information Security

AI-Generated Code Introduces XSS Vulnerabilities: A Case Study and Security Guidance

The Woodpecker team shows that AI‑generated code, exemplified by Simon Willison’s HTML slideshow tool, can embed unsanitized inputs that create exploitable XSS flaws, and they recommend zero‑trust AI prompts, rigorous input filtering, CSP, AI‑assisted scanning, and secure supply‑chain practices to mitigate such risks.

AI securityCSPSimon Willison

0 likes · 9 min read

AI-Generated Code Introduces XSS Vulnerabilities: A Case Study and Security Guidance

Tencent Technical Engineering

Mar 27, 2025 · Information Security

AI Programming Assistants Can Be Hijacked: Configuration File Poisoning and Security Risks

AI programming assistants such as GitHub Copilot and Cursor can be hijacked through poisoned configuration files that hide malicious prompts using invisible Unicode characters, exposing developers to risks like data leakage, DDoS, cryptomining and trojan injection, so they must avoid unknown configs, sandbox generated code, and employ static analysis and AI audits to mitigate threats.

AI securitycode poisoningconfiguration files

0 likes · 12 min read

AI Programming Assistants Can Be Hijacked: Configuration File Poisoning and Security Risks

Tencent Technical Engineering

Mar 19, 2025 · Information Security

AI Programming Security Risks and Countermeasures

As AI tools soon generate the majority of software, they dramatically amplify hidden security risks—such as hard‑coded secrets, XXE, directory traversal, and privilege escalation—requiring zero‑trust scanning, secret interception, command filtering, privilege‑fuse safeguards, and AI‑native semantic analysis to protect the modern code supply chain.

AI programmingAI securitySoftware Security

0 likes · 9 min read

AI Programming Security Risks and Countermeasures