AI agent
‘Ghostcommit’ hides prompt injection in images to fool AI agents, steal secrets
Researchers have built a pull request that steals a repository’s secrets by hiding the malicious instruction inside a PNG that AI code reviewers never open. The reviewer waves the change through. Later, a coding agent reads the picture, opens the repo’s .env, and writes every key into the source as a harmless-looking list of numbers. […]
JadePuffer ransomware used AI agent to automate entire attack
Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent. According to cloud security company Sysdig, JadePuffer used an autonomous AI agent for reconnaissance on the target, to steal credentials, move laterally, establish persistence, escalate privileges, and to encrypt data. The […]
New BioShocking attack manipulates AI browser into data theft
A new prompt injection attack dubbed “BioShocking” could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, causing them to ignore any safety guardrails. A proof-of-concept (PoC) for the attack, devised by researchers at LayerX, was successfully tested against six mainstream agentic browser products (ChatGPT Atlas, Comet, Fellou, Genspark Browser, […]
Clean GitHub repo tricks AI coding agents into running malware
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious payload that remains invisible to security scanners, AI agents, and human reviewers. Researchers at Mozilla’s Zero Day Investigative Network (0DIN) AI security platform say that the compromise happens with “no exploit code, no warning, no suspicious […]
OpenClaw AI agent found falling for phishing attacks, spills user data
Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. The OpenClaw open-source AI agent framework allows large language models (LLMs) to interact with real-world systems and perform actions autonomously. It can be used as an email agent for basic reasoning and operations. Researchers […]
Google Chrome adds new security layer for Gemini AI agentic browsing
Google is introducing in the Chrome browser a new defense layer called ‘User Alignment Critic’ to protect upcoming agentic AI browsing features powered by Gemini. Agentic browsing is an emerging mode in which an AI agent is configured to autonomously perform for the user multi-step tasks on the web, including navigating sites, reading their content, […]
Spoofed AI sidebars can trick Atlas, Comet users into dangerous actions
OpenAI’s Atlas and Perplexity’s Comet browsers are vulnerable to attacks that spoof the built-in AI sidebar and can lead users into following malicious instructions. The AI Sidebar Spoofing attack was devised by researchers at browser security company SquareX and works on the latest versions of the two browsers. The researchers created three realistic attack scenarios where a […]
OpenAI is testing a new GPT-5-based AI agent “GPT-Alpha”
OpenAI is internally testing a new version of its AI agent, which uses a special version of GPT-5 dubbed “GPT-Alpha.” Earlier today, OpenAI accidentally pushed an unreleased feature to everyone. As you can see in the above screenshot shared on X, the new feature is called “Agent with Truncation” and it can be found under Alpha Models. […]