#prompt injection
27 stories taggedprompt injection.
Poisoned Repos Can Trick Claude Code Into Opening a Reverse Shell
Researchers show that prompt injection hidden inside a repository's files is enough to turn Anthropic's agentic coding tool against the developer running it.
Prompt Injection in Git Repos Can Turn Claude Code Into a Reverse Shell Launcher
Malicious instructions buried in a repository's files can hijack Anthropic's Claude Code agent and open a backdoor on the developer's own machine — no obvious malware required.
North Korean Malware Tells AI Analyzers to Look Away
A macOS sample attributed to Pyongyang-linked actors contains prompts designed to make LLM-assisted security tools abandon their analysis. Defenders are starting to notice the pattern.
MCP's Enterprise Overhaul Hands Security Problems to Developers
A major revision to the Model Context Protocol repositions itself as enterprise-ready — then quietly offloads the hard security work onto the teams building on top of it.
Gaslight: A Rust macOS Stealer That Tries to Talk Your AI Analyst Out of Looking
The implant ships with an embedded prompt injection payload aimed at LLM-assisted reverse engineering tools — a small but telling escalation in adversarial UX.
AI Agents Are Being Manipulated Through the Data They Trust
Hidden content injections and context poisoning are turning autonomous AI pipelines into attack surfaces. Here's what defenders need to understand before deploying agents at scale.
Agentic AI Runs on Context. Feed It the Wrong Kind and Decisions Go Sideways Fast.
The core vulnerability in agentic AI systems isn't the model — it's the context window. Bad inputs, machine-speed outputs.
When the Trigger Pulls Itself: Agentic AI and the End of the Human-in-the-Loop
Every weapon in history extended a human decision. Agentic systems are the first that try to replace it — and the security implications are not theoretical.
Zero Trust as the AI Control Plane: What Zscaler's Vienna Pitch Means for APAC CISOs
AI agents are joining the workforce whether security teams are ready or not. At Zenith Live 2026, Zscaler made its case for why zero trust should govern them the same way it governs humans.
SearchLeak Shows How a Single Crafted URL Can Drain Your M365 Tenant
Varonis researchers chained three weaknesses in Copilot Enterprise Search into a full data-exfiltration path. Microsoft patched it. The attack class isn't going anywhere.
Estonia Wants to Give AI Agents Government-Issued IDs — With Spelled-Out Permission Scopes
The Baltic nation's AI Council is proposing state-backed digital identities for AI agents, defining exactly what they're allowed to do before they touch your data or your bank account.
SearchLeak: How a microsoft.com Link Could Have Drained a Copilot Tenant
Varonis Threat Labs chained three bugs in Microsoft 365 Copilot Enterprise Search into a one-click exfil path that lived behind a trusted Microsoft URL.
Agentjacking: Poisoned Sentry Error Reports Hijack AI Coding Assistants
Researchers describe a prompt-injection class that turns developer error-tracking pipelines into a remote code execution path against AI coding agents.
AI Web Agents Have No Reliable Prompt Injection Defenses, Benchmark Finds
Researchers ran 3,168 adversarial tests against GPT-5 and Gemini-powered agents. The 'Robust Behavior' outcome — agent completes task, attacker gets nothing — never appeared.
Researchers Turn OpenClaw Into a Confused Deputy With Hidden Prompts
Two teams show the self-hosted AI agent will execute attacker instructions smuggled inside contacts, location pins, and other benign-looking inputs.