A researcher has disclosed the details of the AI attack method he has named ‘Comment and Control’.
The post Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments appeared first on SecurityWeek.
OpenAI Launches Bug Bounty Program for Abuse and Safety Risks
Through the new program, OpenAI will reward reports covering design or implementation issues leading to material harm.
The post OpenAI Launches Bug Bounty Program for Abuse and Safety Risks appeared first on SecurityWeek.
GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
Attackers can inject malicious instructions in a GitHub Issue that are automatically processed by Copilot when launching a Codespace from that issue.
The post GitHub Issues Abused in Copilot Attack Leading to Repository Takeover appeared first on SecurityWeek.
Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data
GeminiJack is a zero-click Gemini attack that could have been exploited using specially crafted emails, calendar invites, or documents.
The post Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data appeared first on SecurityWeek.
Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks
Chrome’s new agentic browsing protections include user alignment critic, expanded origin-isolation capabilities, and user confirmations.
The post Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks appeared first on SecurityWeek.
Google Patches Gemini AI Hacks Involving Poisoned Logs, Search Results
Researchers found more methods for tricking an AI assistant into aiding sensitive data theft.
The post Google Patches Gemini AI Hacks Involving Poisoned Logs, Search Results appeared first on SecurityWeek.
Salesforce AI Hack Enabled CRM Data Theft
Prompt injection has been leveraged alongside an expired domain to steal Salesforce data in an attack named ForcedLeak.
The post Salesforce AI Hack Enabled CRM Data Theft appeared first on SecurityWeek.
AI Systems Vulnerable to Prompt Injection via Image Scaling Attack
Researchers show how popular AI systems can be tricked into processing malicious instructions by hiding them in images.
The post AI Systems Vulnerable to Prompt Injection via Image Scaling Attack appeared first on SecurityWeek.
Google Gemini Tricked Into Showing Phishing Message Hidden in Email
Google Gemini for Workspace can be tricked into displaying a phishing message when asked to summarize an email.
The post Google Gemini Tricked Into Showing Phishing Message Hidden in Email appeared first on SecurityWeek.
