Security / AI CVEs / Research

OWASP — Agentic AI Security Maturity Framework at Infosecurity Europe 2026 — 2026-06-08
Anthropic Frontier Red Team — AI Cyber Threats Mapped to MITRE ATT&CK — 2026-06-05
arXiv — Trojan Backdoors in Agentic Workspaces Reach 95.5% ASR — 2026-06-03
arXiv — Intelligence as Managed Autonomy, Agent Failure Escalation Framework — 2026-06-01
arXiv: Neutral Prompting Attacks — Stealthy Hallucination Steering in Agent Skills — 2026-06-01
arXiv — IterInject: Feedback-Guided Iterative Prompt Injection Against Agents — 2026-05-30
arXiv — AgentSecBench: Formal Security Framework for LLM Agents — 2026-05-29
MemMorph — Tool Hijacking in LLM Agents via Memory Poisoning — 2026-05-29
arXiv: Real-World Prompt Injection Attacks in LLM-Based Resume Screening — 2026-05-29
Axis Intelligence — AI Model Vulnerability Tracker: 71% Attack Success Rate Across Six Frontier Models — 2026-05-28
arXiv — Poisoning the Watchtower: Prompt Injection Against LLM-Augmented SOC Analysts — 2026-05-27
Huawei BeSafe-Bench — None of 13 AI Agents Clear 40% Safety Threshold — 2026-05-27
arXiv — Attested Tool-Server Admission for MCP (2605.24248) — 2026-05-26
arXiv INFRASCOPE — Automated Detection of Vulnerability Variants in AI Infrastructure — 2026-05-26
arXiv: 40.55% of Remote MCP Servers Expose Tools Without Auth — 2026-05-26
arXiv — Poisoning the Watchtower: Log-Substrate Prompt Injection in SOC Tools (2605.24421) — 2026-05-26
arXiv SUDP — Secret-Use Delegation Protocol for Agentic Systems — 2026-05-26
arXiv AgentWall Preprint (2605.16265) — OS-Level Runtime Interception for AI Agents — 2026-05-25
arXiv: Content-Aware Attack Detection in LLM Agent Tool-Call Traffic — 2026-05-25
Open-Source LLMs Vulnerable to Long Reasoning Multi-Turn Jailbreaks — 2026-05-25
Anthropic — Glasswing discovers 10,000+ zero-days, only 97 patched so far — 2026-05-24
arXiv — HBHC Protocol Solves Zombie Agent Credential Revocation — 2026-05-24
arXiv OverEager — coding agents exceed authorized scope on benign tasks — 2026-05-24
MDPI — attack surfaces of malicious remote MCP servers across LLM platforms — 2026-05-24
arXiv — ASPI Shows Clarification-Seeking Amplifies Prompt Injection in LLM Agents — 2026-05-23
arXiv — Domain-Camouflaged Prompt Injections Evade LLM Injection Detectors — 2026-05-23
arXiv: AI Agents May Always Fall for Prompt Injections — 2026-05-22
arXiv — Securing LLM Agents Needs Intent-to-Execution Integrity (2605.16976) — 2026-05-22
arXiv: Remembering More, Risking More — Longitudinal Safety in Memory Agents — 2026-05-22
arXiv Survey: Agentic AI in IT Ops Faces the Classic Confused-Deputy Problem — 2026-05-20
arXiv: AI Agents May Always Fall for Prompt Injections — 2026-05-20
arXiv: Semantic Compliance Hijacking — Payload-less Skill Attacks on AI Agents — 2026-05-20
Cloudflare — Project Glasswing: What Mythos Found Across 50+ Repositories — 2026-05-20
Anthropic — Mythos Glasswing Expands: Verizon Joins, Findings-Sharing Policy Revised — 2026-05-19
CrossMPI — Image-Only Prompt Injection Attacks Multimodal AI Models — 2026-05-18
ExploitBench — AI Agents Achieve Arbitrary Code Execution on V8 — 2026-05-18
arXiv — MATRA Threat Modeling Framework for Agentic AI Systems — 2026-05-17
arXiv — Securing AI Agents Like Operating Systems — 2026-05-17
arXiv — Security Risks in Tool-Enabled AI Agents in Privileged Cloud Environments — 2026-05-17
arXiv — Re-Triggering Safeguards: Embedding Disruption for Jailbreak Detection — 2026-05-16
Google GTIG — PROMPTSPY Autonomous AI Malware Interprets Systems and Generates Commands — 2026-05-16
UK AISI — New Mythos Checkpoint Completes Previously Unsolved Cyber Ranges — 2026-05-16
Anthropic — Glasswing Red Team Blog Discloses Thousands of AI-Found Zero-Days Across Major OS and Browsers — 2026-05-15
Google TIG — First Confirmed AI-Developed Zero-Day — 2026-05-15
VulnCheck — AI-Assisted Vulnerability Discovery Drives 563% CVE Surge Across Major Vendors — 2026-05-15
CSO Online — Pen Tests: AI Security Flaws 2.5× More Severe Than Legacy Bugs — 2026-05-14
arXiv PinTrace — LLMs Systematically Pin Vulnerable Dependency Versions — 2026-05-13
Adversa AI — IICL Attack Bypasses GPT-5.4 Safety at 60% Success Rate — 2026-05-12
arXiv — Response-Path Attacks on LLM Agents Outperform Prompt Injection — 2026-05-12
Google GTIG — AI-Assisted Zero-Day 2FA Bypass for Mass Exploitation — 2026-05-12
Jeff Kaufman — AI Is Breaking Two Vulnerability Disclosure Cultures — 2026-05-09
Noma Security — MCP Servers and Skills: The Observability Gap in AI Agent Deployments — 2026-05-09
Anthropic — Natural Language Autoencoders Reveal Models Can Detect Safety Tests — 2026-05-08
EU AI Act Simplification — Nudification Ban Enacted, High-Risk Rules Delayed — 2026-05-08
arXiv — MOSAIC-Bench: Coding Agents Ship Exploitable Code via Sequenced Prompts — 2026-05-07
arXiv — Agentic Red Teaming Agent Compresses AI Testing from Weeks to Hours — 2026-05-06
arXiv — Tool-Mediated LLM Architecture with Lean 4 Proofs for Autonomous Cyber Defense — 2026-05-06
AISI: GPT-5.5 Matches Mythos on Offensive Cyber Tasks — 2026-05-02
arXiv: Comparative Evaluation of AI Agent Security Guardrails — 2026-05-02
ArXiv — Indirect Prompt Injection in the Wild: 15.3K Instances Across 24.8M Hosts — 2026-05-02
[un]prompted 2026 — Netflix Researchers on Source-to-Sink LLM Vulnerability Discovery — 2026-05-02
DSN 2026 — First Cross-Entity Security Study of the MCP Ecosystem — 2026-04-30
MCPTox — Tool Poisoning Benchmark Shows 73% Attack Success Rate on MCP Agents — 2026-04-30
RAGShield — Numerical Claim Manipulation in RAG Systems Evades Embedding Defenses — 2026-04-30
arXiv — LLMs Fail at Open-Ended Threat Hunting (3.8% Best Score) — 2026-04-29
T-MAP — Red-Teaming LLM Agents with Trajectory-aware Evolutionary Search — 2026-04-29
Foresiet — Meta AI Agent Hallucinates Permissions, Exposes Internal Data — 2026-04-27
Mozilla — 271 Vulnerabilities Found in Firefox 150 by Claude Mythos Preview — 2026-04-27
arXiv — Behavioral Transfer in AI Agents Reveals Privacy Risks at Scale — 2026-04-26
arXiv — GAAP: An AI Agent Execution Environment to Safeguard User Data — 2026-04-25
arXiv — Morality Attacks Jailbreak Both LLMs and Guardrail Models — 2026-04-25
IBM X-Force — OpenClaw as a Case Study in Agentic AI Vulnerability — 2026-04-25
Palo Alto Unit 42 — Autonomous AI Multi-Agent System Attacks Cloud Infrastructure — 2026-04-25
Zero Day Initiative — AI-Driven Bug Submission Surge Forces Major Programs to Pause — 2026-04-25
CSA Research — ZionSiphon AI-Assisted ICS Malware Targeting Water Infrastructure — 2026-04-25
Adversa AI — IICL Bypasses GPT-5.4 Safety While GPT-5 Remains Immune — 2026-04-24
LangWatch Scenario — Open-Source Multi-Turn Red-Teaming Framework for AI Agents — 2026-04-24
CSA — Mythos-Ready Security Program and VulnOps — 2026-04-21
LogJack — Indirect Prompt Injection Through Cloud Logs Against LLM Debugging Agents — 2026-04-21
Prompt Injection as Role Confusion — CoT Forgery Achieves 60% ASR on Frontier Models — 2026-04-21
UK AI Safety Institute — LLM Jailbreaks and Cyber Evaluations — 2026-04-21
Unit42 — Frontier AI Models Autonomously Discovering Vulnerabilities — 2026-04-21
ClawGuard — Runtime Security Framework for Tool-Augmented LLM Agents — 2026-04-19
Kill-Chain Canaries — arXiv:2603.28013 Stage-Level Prompt Injection Tracking — 2026-04-19
Enterprises Stuck at Monitoring While AI Agents Need Isolation — 2026-04-18
arXiv — MCP-DPT: Defense Placement Taxonomy for Model Context Protocol Security — 2026-04-12 12:35
Anthropic — Mythos Preview autonomously discovers thousands of zero-day vulnerabilities across major systems — 2026-04-09
Salt Security — 1H 2026 State of AI and API Security Report reveals agentic visibility crisis — 2026-04-09
Anthropic — Claude discovers FreeBSD kernel RCE, writes full exploit — 2026-04-03
arXiv — Semantic Intent Fragmentation Attack on Multi-Agent AI Pipelines — 2026-04-01
Lyptus Research — AI offensive cyber capabilities doubling every 6 months — 2026-04-01
OWASP — GenAI Exploit Round-up Report Q1 2026 — 2026-04-01
Steganographic Canaries — arXiv:2603.28655 LLM Misuse Detection — 2026-04-01
Varonis — STARTAGENT: Architectural Vulnerabilities in Agentic LLM Browsers — 2026-04-01
arXiv — VibeGuard: Security Gate Framework for AI-Generated Code — 2026-04-01
arXiv — How AI agents are used across 177,000 MCP tools — 2026-03-28
arXiv — Agent-Sentry bounding LLM agents — 2026-03-27
arXiv — Indirect prompt injection competition findings for AI agents — 2026-03-22
arXiv — Measuring AI agents on multi-step cyber attack scenarios — 2026-03-22
arXiv — VeriGrey greybox agent validation — 2026-03-22
Unit 42 — Prompt fuzzing shows LLM guardrails remain fragile across open and closed models — 2026-03-19
arXiv — Contextualized privacy defense for LLM agents — 2026-03-08
arXiv — Image-based prompt injection against multimodal LLMs — 2026-03-08
arXiv — Prompt Injection 2.0: hybrid AI threats — 2026-03-03
arXiv — Jailbreaking LLMs & VLMs: mechanisms and unified defenses — 2026-03-02
arXiv — Analysis of LLMs against prompt injection and jailbreak attacks — 2026-02-28
arXiv — Agentic AI as a cybersecurity attack surface — 2026-02-27
arXiv — Silent Egress: implicit prompt injection makes LLM agents leak without a trace — 2026-02-27
OpenReview — Jailbreaking the Matrix with Nullspace Steering — 2026-02-27
arXiv — LLM-agent threat model and attack taxonomy survey — 2026-02-26
arXiv — AgentDyn prompt injection benchmark — 2026-02-25
arXiv — Prompt injection vs LLM rankers — 2026-02-24
arXiv — Authenticated prompts & context for LLM security — 2026-02-18
arXiv — Jailbreaking leaves a trace via latent representations — 2026-02-17
arXiv — Optimizing agent planning for security and autonomy — 2026-02-17
arXiv — MUZZLE red-teaming web agents against indirect prompt injection — 2026-02-16
arXiv — Threat modeling for emerging AI-agent protocols — 2026-02-16
arXiv — The Landscape of Prompt Injection Threats in LLM Agents — 2026-02-12
Microsoft Security Blog — One-prompt attack breaks LLM safety alignment — 2026-02-11
arXiv — CVE-Factory: Scaling Expert-Level Agentic Tasks for Code Security Vulnerability — 2026-02-09
arXiv — Bypassing AI control protocols via Agent-as-a-Proxy attacks — 2026-02-07
arXiv — Learning to Inject: automated prompt injection via reinforcement learning — 2026-02-07
arXiv — ChatInject: abusing chat templates for prompt injection in LLM agents — 2026-02-05
arXiv — Systematic Review of LLM Defenses Against Prompt Injection: Expanding NIST Taxonomy — 2026-02-05
Bengio et al. — 2026 International AI Safety Report: AI-powered cyberattacks and safety-testing evasion — 2026-02-03
UCSC / The Register — CHAI: physical prompt injection hijacks self-driving cars and drones via road signs — 2026-02-03
arXiv — AgentDoG: a diagnostic guardrail framework for AI agent safety and security — 2026-02-02
arXiv — The Promptware Kill Chain: reframing prompt injection as multi-step malware — 2026-02-02
arXiv — SENTINEL: securing AI agents in cyber-physical systems against deepfake and MCP-mediated attacks — 2026-02-02
arXiv — System prompt extraction via code agents (JustAsk) — 2026-01-31
vLLM — Mixture-of-Models routing on AMD GPUs (vLLM-SR) — 2026-01-31
arXiv/EACL — PHISH: persona jailbreaking via implicit steering in chat history — 2026-01-30
arXiv — From prompt injections to protocol exploits — 2026-01-30
arXiv — SoK: prompt injection attacks on agentic coding assistants — 2026-01-30
arXiv — Thought-Transfer: clean-label poisoning via chain-of-thought traces — 2026-01-30
arXiv — Cascaded vulnerability attacks in software supply chains (ICSE 2026 EA) — 2026-01-30
IEEE Spectrum — Why LLMs keep falling for prompt injection (and why agents raise the stakes) — 2026-01-30
arXiv — Breaking the Protocol: MCP security analysis (capability attestation + origin auth gaps) — 2026-01-30
arXiv: SoK on prompt injection attacks against agentic coding assistants — 2026-01-30