Novee has introduced an AI Red Teaming platform to proactively identify security vulnerabilities in LLM-powered applications. Their research recently uncovered ...
Read Analysis →Wiz Research identified critical isolation vulnerabilities in Hugging Face's AI-as-a-Service platform, allowing remote code execution and potential cross-t...
Read Analysis →The OpenClaw open-source AI agent project rapidly exposed at least three high-risk Remote Code Execution (RCE) vulnerabilities, allowing attackers to perform hi...
Read Analysis →The OpenClaw AI bot farm is plagued by critical security flaws, including a one-click remote code execution vulnerability and two command injection vulnerabilit...
Read Analysis →A critical vulnerability, codenamed DockerDash, in Docker's Ask Gordon AI assistant allowed remote code execution and data exfiltration. This "Meta-Co...
Read Analysis →A critical token exfiltration vulnerability, tracked as CVE-2026-25253, was discovered in the OpenClaw (Moltbot/Clawdbot) AI assistant. This one-click remote co...
Read Analysis →The OpenClaw vulnerability in AI coding assistants allows single-click Remote Code Execution (RCE) by exploiting the trust relationship between developers and A...
Read Analysis →A high-severity vulnerability, tracked as CVE-2026-25253, in OpenClaw allows one-click remote code execution (RCE) via a crafted malicious link. This exploit le...
Read Analysis →Cybersecurity experts have identified a critical authentication bypass vulnerability in the Clawdbot AI assistant, stemming from improperly configured reverse p...
Read Analysis →This article details potential Remote Code Execution (RCE) vulnerabilities arising from the use of modern AI/ML formats and libraries. It investigates how these...
Read Analysis →Prompt injection is a prevalent AI-specific vulnerability where Large Language Models (LLMs) misinterpret external data as executable instructions, bypassing in...
Read Analysis →Security researcher Ari Marzouk disclosed "IDEsaster," a collection of over 30 vulnerabilities, with 24 assigned CVEs, affecting various AI-powered In...
Read Analysis →The article details a Remote Code Execution (RCE) vulnerability, tracked as CVE-2024-12366, affecting agentic AI systems that execute LLM-generated code without...
Read Analysis →Attackers can achieve remote code execution (RCE) on developer machines by leveraging indirect prompt injection against agentic AI developer tools. This is acco...
Read Analysis →An attack chain on an AI chatbot demonstrated how indirect prompt injection (OWASP LLM01:2025) and system prompt leakage (OWASP LLM07:2025) can be leveraged. Th...
Read Analysis →An advanced attack chain exploits an LLM chatbot through indirect prompt injection (OWASP LLM01:2025) to achieve system prompt leakage and abuse excessive agenc...
Read Analysis →LLM-based applications are susceptible to remote code execution (RCE) vulnerabilities when executing LLM-generated code via functions like `exec` or `eval` with...
Read Analysis →The NVIDIA AI Red Team identifies critical vulnerabilities in LLM applications, including remote code execution (RCE) via prompt injection when executing unsand...
Read Analysis →The NVIDIA AI Red Team highlights critical vulnerabilities in LLM-based applications, most notably Remote Code Execution (RCE) via prompt injection when LLM-gen...
Read Analysis →AI coding tools like Claude Code integrate security features to identify common vulnerabilities such as SQL injection, XSS, RCE, and SSRF during development wor...
Read Analysis →The article details advanced prompt injection and watering hole techniques that exploit LLM-based coding agents, leveraging their ability to interpret malicious...
Read Analysis →The article highlights critical security vulnerabilities in LLMs integrated with coding agents, primarily exploiting advanced prompt injection techniques. Attac...
Read Analysis →The article highlights novel prompt injection techniques, such as ASCII Smuggling and hidden instructions in public code repositories, designed to be impercepti...
Read Analysis →The article details critical security vulnerabilities within Model Context Protocol (MCP) deployments, including a remote code execution exploit (CVE-2025-49596...
Read Analysis →A critical remote code execution (RCE) vulnerability, CVE-2025-49596 (CVSS 9.4), has been identified in Anthropic's Model Context Protocol (MCP) Inspector,...
Read Analysis →AI agentic applications face significant security threats, including prompt injection, tool misuse, and unsecured code interpreters, which can result in informa...
Read Analysis →