Security / AI CVEs / Research
- CSA — Mythos-Ready Security Program and VulnOps — 2026-04-21
- LogJack — Indirect Prompt Injection Through Cloud Logs Against LLM Debugging Agents — 2026-04-21
- Prompt Injection as Role Confusion — CoT Forgery Achieves 60% ASR on Frontier Models — 2026-04-21
- UK AI Safety Institute — LLM Jailbreaks and Cyber Evaluations — 2026-04-21
- Unit42 — Frontier AI Models Autonomously Discovering Vulnerabilities — 2026-04-21
- ClawGuard — Runtime Security Framework for Tool-Augmented LLM Agents — 2026-04-19
- Kill-Chain Canaries — arXiv:2603.28013 Stage-Level Prompt Injection Tracking — 2026-04-19
- Enterprises Stuck at Monitoring While AI Agents Need Isolation — 2026-04-18
- arXiv — MCP-DPT: Defense Placement Taxonomy for Model Context Protocol Security — 2026-04-12 12:35
- Anthropic — Mythos Preview autonomously discovers thousands of zero-day vulnerabilities across major systems — 2026-04-09
- Salt Security — 1H 2026 State of AI and API Security Report reveals agentic visibility crisis — 2026-04-09
- Anthropic — Claude discovers FreeBSD kernel RCE, writes full exploit — 2026-04-03
- arXiv — Semantic Intent Fragmentation Attack on Multi-Agent AI Pipelines — 2026-04-01
- Lyptus Research — AI offensive cyber capabilities doubling every 6 months — 2026-04-01
- OWASP — GenAI Exploit Round-up Report Q1 2026 — 2026-04-01
- Steganographic Canaries — arXiv:2603.28655 LLM Misuse Detection — 2026-04-01
- Varonis — STARTAGENT: Architectural Vulnerabilities in Agentic LLM Browsers — 2026-04-01
- arXiv — VibeGuard: Security Gate Framework for AI-Generated Code — 2026-04-01
- arXiv — How AI agents are used across 177,000 MCP tools — 2026-03-28
- arXiv — Agent-Sentry bounding LLM agents — 2026-03-27
- arXiv — Indirect prompt injection competition findings for AI agents — 2026-03-22
- arXiv — Measuring AI agents on multi-step cyber attack scenarios — 2026-03-22
- arXiv — VeriGrey greybox agent validation — 2026-03-22
- Unit 42 — Prompt fuzzing shows LLM guardrails remain fragile across open and closed models — 2026-03-19
- arXiv — Contextualized privacy defense for LLM agents — 2026-03-08
- arXiv — Image-based prompt injection against multimodal LLMs — 2026-03-08
- arXiv — Prompt Injection 2.0: hybrid AI threats — 2026-03-03
- arXiv — Jailbreaking LLMs & VLMs: mechanisms and unified defenses — 2026-03-02
- arXiv — Analysis of LLMs against prompt injection and jailbreak attacks — 2026-02-28
- arXiv — Agentic AI as a cybersecurity attack surface — 2026-02-27
- arXiv — Silent Egress: implicit prompt injection makes LLM agents leak without a trace — 2026-02-27
- OpenReview — Jailbreaking the Matrix with Nullspace Steering — 2026-02-27
- arXiv — LLM-agent threat model and attack taxonomy survey — 2026-02-26
- arXiv — AgentDyn prompt injection benchmark — 2026-02-25
- arXiv — Prompt injection vs LLM rankers — 2026-02-24
- arXiv — Authenticated prompts & context for LLM security — 2026-02-18
- arXiv — Jailbreaking leaves a trace via latent representations — 2026-02-17
- arXiv — Optimizing agent planning for security and autonomy — 2026-02-17
- arXiv — MUZZLE red-teaming web agents against indirect prompt injection — 2026-02-16
- arXiv — Threat modeling for emerging AI-agent protocols — 2026-02-16
- arXiv — The Landscape of Prompt Injection Threats in LLM Agents — 2026-02-12
- Microsoft Security Blog — One-prompt attack breaks LLM safety alignment — 2026-02-11
- arXiv — CVE-Factory: Scaling Expert-Level Agentic Tasks for Code Security Vulnerability — 2026-02-09
- arXiv — Bypassing AI control protocols via Agent-as-a-Proxy attacks — 2026-02-07
- arXiv — Learning to Inject: automated prompt injection via reinforcement learning — 2026-02-07
- arXiv — ChatInject: abusing chat templates for prompt injection in LLM agents — 2026-02-05
- arXiv — Systematic Review of LLM Defenses Against Prompt Injection: Expanding NIST Taxonomy — 2026-02-05
- Bengio et al. — 2026 International AI Safety Report: AI-powered cyberattacks and safety-testing evasion — 2026-02-03
- UCSC / The Register — CHAI: physical prompt injection hijacks self-driving cars and drones via road signs — 2026-02-03
- arXiv — AgentDoG: a diagnostic guardrail framework for AI agent safety and security — 2026-02-02
- arXiv — The Promptware Kill Chain: reframing prompt injection as multi-step malware — 2026-02-02
- arXiv — SENTINEL: securing AI agents in cyber-physical systems against deepfake and MCP-mediated attacks — 2026-02-02
- arXiv — System prompt extraction via code agents (JustAsk) — 2026-01-31
- vLLM — Mixture-of-Models routing on AMD GPUs (vLLM-SR) — 2026-01-31
- arXiv/EACL — PHISH: persona jailbreaking via implicit steering in chat history — 2026-01-30
- arXiv — From prompt injections to protocol exploits — 2026-01-30
- arXiv — SoK: prompt injection attacks on agentic coding assistants — 2026-01-30
- arXiv — Thought-Transfer: clean-label poisoning via chain-of-thought traces — 2026-01-30
- arXiv — Cascaded vulnerability attacks in software supply chains (ICSE 2026 EA) — 2026-01-30
- IEEE Spectrum — Why LLMs keep falling for prompt injection (and why agents raise the stakes) — 2026-01-30
- arXiv — Breaking the Protocol: MCP security analysis (capability attestation + origin auth gaps) — 2026-01-30
- arXiv: SoK on prompt injection attacks against agentic coding assistants — 2026-01-30