The Hacker News

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Three patched LangGraph flaws could let attackers chain SQL injection and unsafe deserialization for RCE in self-hosted ...

Why decades-old attacks still work, and why that should worry you

AI systems inherit decades-old security flaws many organizations still fail to address consistently.
InfoWorld

Building AI agents the safe way

The best defense against prompt injection and other AI attacks is to do some basic engineering, test more, and not rely on AI to protect you. If you want to know what is actually happening in ...

AI agents can now manipulate your organization. Are you ready?

Agentic AI is moving quickly while the threat models that should constrain it are still being written. The sensible response is to treat the security layer the way you treated network security in 2010 ...
InfoQ

Security Experts Exploit Airport Security Loophole with SQL Injection

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Birgitta Böckeler, Distinguished Engineer at ...
GizChina

Prompt Injection Attack Exposes Security Flaw in Apple Intelligence

Prompt injection, a type of exploit targeting AI systems based on large language models (LLMs), allows attackers to manipulate the AI into performing unintended actions. Zhou’s successful manipulation ...
TechJuice

LangChain Framework Hit With Critical CVEs

LangChain and LangGraph patch three vulnerabilities exposing files, secrets, and conversation histories used by 60M+ ...
WhoWhatWhy on MSN

Saturday hashtag: #AIPoisonPill

Welcome to Saturday Hashtag, a weekly place for broader context. Saturday Hashtag: #AIPoisonPill originally appeared on ...
Tech Times

GitHub Copilot CLI Adds Pre-Commit Security Scanner: LLM Inference at the Detection Layer

GitHub Copilot security scanning arrives in the terminal with /security-review, an experimental pre-commit slash command that ...
techtimes

AI Agent Security Hits Its Reckoning: Prompt Injection May Be a Permanent Flaw, Not a Patchable Bug

Prompt injection is the technique of smuggling instructions to an AI agent through content the agent reads — a document, a calendar invite, a web page, a code comment — so that hostile text carries ...