SecurityWeek

Fortinet, Ivanti Patch Critical Vulnerabilities

Fortinet and Ivanti have released fixes for multiple vulnerabilities, including critical flaws leading to code execution.
Wired

OpenAI Really Wants Codex to Shut Up About Goblins

“Never talk about goblins, gremlins, raccoons, trolls, ogres, pigeons, or other animals or creatures unless it is absolutely and unambiguously relevant,” reads OpenAI’s coding agent instructions.
ZDNet

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Malicious web prompts can weaponize AI without your input. Indirect prompt injection is now a top LLM security risk. Don't treat AI chatbots as fully secure or all-knowing. Artificial intelligence (AI ...
Fast Company

There’s no rogue McDonald’s AI bot, but ‘prompt injection’ is still a risk for companies

There appears to be a recent epidemic of users hijacking companies’ AI-powered customer service bots to turn them into generic AI assistants. The goal is to get the branded bots to do their bidding, ...
CSOonline

Prompt injection turned Google’s Antigravity file search into RCE

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing Secure Mode protections. Security researchers have revealed a prompt ...
The Hacker News

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution. The flaw, since ...
VentureBeat

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway

Microsoft assigned CVE-2026-21520, a CVSS 7.5 indirect prompt injection vulnerability, to Copilot Studio. Capsule Security discovered the flaw, coordinated disclosure with Microsoft, and the patch was ...
BizTech

Prompt Injection Attacks: The LLM Security Risk IT Leaders Must Address

Security leaders must adapt large language model controls such as input validation, output filtering and least-privilege access for artificial intelligence systems to prevent prompt injection attacks.
CNBC

Jamie Dimon says Anthropic's Mythos reveals 'a lot more vulnerabilities' for cyberattacks

Jamie Dimon said AI is a double-edged sword: “it’s made it worse, it’s made it harder,” creating new cyber vulnerabilities even as it may eventually strengthen defenses. JPMorgan Chase is testing ...
9to5Mac

Researchers detail how a prompt injection attack bypassed Apple Intelligence protections

A now corrected issue allowed researchers to circumvent Apple’s restrictions and force the on-device LLM to execute attacker-controlled actions. Here’s how they did it. Interestingly, they ...
AppleInsider

On-device Apple Intelligence vulnerable to prompt injection techniques

Apple Intelligence's on-device AI can be manipulated by attackers using prompt injection techniques, according to new research that shows a high success rate and potential access to sensitive user ...