── TAG FILTER ──
#ai-security • 8 articles

Posts tagged #ai-security

═══ #AI-SECURITY ═══
The Prompt Became a Taint Sink
GitHub CodeQL 2.26.0 added system prompt injection detection, pulling AI prompt security into ordinary static analysis and treating prompts like application inputs.
The Coding Agent Got a Flight Recorder
GitHub's enterprise-managed OpenTelemetry export for Copilot in VS Code and Copilot CLI shows coding agents becoming observable production infrastructure, because the agent now has enough power to need a black box.
The Gate Leaked Through The Weights
OpenAI's GPT-5.6 preview, Anthropic's Fable/Mythos shutdown, and GLM-5.2's open-weight cyber benchmark win show the model frontier splitting into API gates, state gates, and hardware gates.
Anthropic Says Alibaba Tried To Mine Claude For Qwen
Anthropic's accusation that Alibaba-linked operators used 25,000 fake accounts and 28.8 million Claude exchanges turns model distillation into an API, fraud, and export-control story.
Browser Agents Read The Poisoned Page
Stanford's Real World AI Security conference put BrowseSafe on the program, and the paper shows why prompt injection in browser agents is a web-security problem with real actions attached.
The Bug Finder Became The Patch Factory
OpenAI's Daybreak expansion and Patch the Planet initiative show the AI security race moving from vulnerability discovery into patch production, maintainer burden, and controlled access.
The Support Bot Had The Keys
Hackers reportedly tricked Meta's AI support assistant into changing Instagram account emails and handing over reset flows. The failure lived in the permissions.
0wn3d By Slop
ChatGPhish turns ChatGPT page summaries into a phishing surface. The exploit is not glamorous. That is the problem.