Уже доступно! Исследование Telegram 2025 — ключевые инсайты года 
AISecHub
Открыть в Telegram
Powered by InnovGuard.com | Business inquiries: https://calendly.com/innovguard/meeting | tal.eliyahu@innovguard.com
БольшеСтрана не указанаТехнологии и приложения28 351
2 462
Подписчики
+824 часа
+197 дней
+14730 день
Загрузка данных...
Похожие каналы
Нет данных
Возникли проблемы? Пожалуйста, обновите страницу или обратитесь к нашему support-менеджеру .
Облако тегов
Входящие и исходящие упоминания
---
---
---
---
---
---
Привлечение подписчиков
июнь '26
июнь '26
+64
в 3 каналах
май '26
+163
в 4 каналах
Get PRO
апрель '26
+100
в 2 каналах
Get PRO
март '26
+192
в 3 каналах
Get PRO
февраль '26
+239
в 5 каналах
Get PRO
январь '26
+394
в 4 каналах
Get PRO
декабрь '25
+204
в 4 каналах
Get PRO
ноябрь '25
+140
в 4 каналах
Get PRO
октябрь '25
+167
в 3 каналах
Get PRO
сентябрь '25
+270
в 1 каналах
Get PRO
август '25
+95
в 1 каналах
Get PRO
июль '25
+93
в 2 каналах
Get PRO
июнь '25
+68
в 1 каналах
Get PRO
май '25
+375
в 3 каналах
Get PRO
апрель '25
+43
в 2 каналах
Get PRO
март '25
+735
в 1 каналах
| Дата | Привлечение подписчиков | Упоминания | Каналы | |
| 17 июня | +2 | |||
| 16 июня | +12 | |||
| 15 июня | +2 | |||
| 14 июня | +2 | |||
| 13 июня | +6 | |||
| 12 июня | +1 | |||
| 11 июня | +1 | |||
| 10 июня | +7 | |||
| 09 июня | +4 | |||
| 08 июня | +4 | |||
| 07 июня | +1 | |||
| 06 июня | 0 | |||
| 05 июня | +2 | |||
| 04 июня | +5 | |||
| 03 июня | +6 | |||
| 02 июня | +4 | |||
| 01 июня | +5 |
Посты канала
| 2 | 1781041254360.pdf | 2 |
| 3 | The New SDLC With Vibe Coding - https://drive.google.com/file/d/1wNEl8FMpTso8aXlb_joxgzparxi-0ciM/view | 191 |
| 4 | LiteLLM vulnerability chain: low-privilege users to AI gateway server takeover
Reported chain in the LiteLLM proxy starts from a default low-privilege account and escalates to admin, ending in server-side code execution; in an AI gateway, that same control-plane compromise can expose the provider API keys and other stored secrets used to broker model calls.
#VulnerabilityResearch #AppSec #AISecurity #News
https://thehackernews.com/2026/06/litellm-vulnerability-chain-lets-low.html | 233 |
| 5 | SearchLeak: chaining a crafted URL into Microsoft 365 Copilot data access
The report describes a vulnerability chain where an attacker-controlled URL can steer Microsoft 365 Copilot Enterprise’s search/retrieval flow to surface sensitive content (mailbox, OneDrive, SharePoint) to the attacker, highlighting the risk when untrusted inputs influence retrieval over privileged user data.
#AISupplyChain #AppSec #AISecurity #News
https://bleepingcomputer.com/news/security/new-attack-turned-microsoft-365-copilot-into-1-click-data-theft-tool | 214 |
| 6 | GAS-Leak-LLM: Genetic Algorithm Suffix Optimization for Black-Box LLM Jailbreaking
The paper describes a black-box jailbreaking method that uses a genetic algorithm (selection/mutation/crossover) to evolve adversarial prompt suffixes that bypass safety filters, suggesting some defenses can be probed and optimized against purely via API feedback.
#PromptInjection #LLMSecurity #AISecurity #Research
https://arxiv.org/abs/2606.15788 | 163 |
| 7 | Rapid Poison: Practical Poisoning Attacks on the Rapid Response Framework
The paper describes prompt injection into a “rapid response” loop that generates synthetic jailbreak variants for retraining detection classifiers, injecting poisoned samples even when the attacker can only alter jailbreak inputs. The result is targeted false positives on benign patterns and trigger-based false negatives (backdoors) under that constrained data-control model.
#AISOC #SecurityAutomation #AISecurity #Research
https://arxiv.org/abs/2606.16242 | 149 |
| 8 | SkillVetBench: LLM-as-Judge for Multi-Dimensional Security Risk Evaluation of Open-Source LLM Agent Skills
SkillVetBench applies an LLM-as-judge to score agent “skills” at the instruction layer (not just code), using a 5-dimension risk metric plus CVSS v4 vector breakdown to surface prompt-injection, memory-poisoning, and multi-agent chaining behaviors that static scanners can miss.
#AgentSecurity #LLMSecurity #AISecurity #Research
https://arxiv.org/abs/2606.15899 | 141 |
| 9 | 🔴 Feds Freaked Over Fable 5 After Simple "Fix This Code" Prompt — Not a Jailbreak
The Register reports that the US government's abrupt export-control shutdown of Anthropic's Fable 5 and Mythos 5 was triggered by a simple "fix this code" prompt — not a sophisticated jailbreak. Katie Moussouris (Luta Security) says researchers asked the model to fix code, it obliged, and that was enough to trigger national security intervention. The concern wasn't about bypassing safety filters but about the raw capability itself being deemed too dangerous for foreign access.
#Anthropic #Fable5 #ExportControl #AIRegulation #AISecurity
https://www.theregister.com/security/2026/06/15/feds-freaked-over-fable-5-after-simple-fix-this-code-prompt-not-jailbreak-says-researcher/5255827 | 148 |
| 10 | 🔴 Feds Freaked Over Fable 5 After Simple "Fix This Code" Prompt — Not a Jailbreak
The Register reports that the US government's abrupt export-control shutdown of Anthropic's Fable 5 and Mythos 5 was triggered by a simple "fix this code" prompt — not a sophisticated jailbreak. A researcher demonstrated the model's code-generation capability and that was enough to trigger national security intervention. This reframes the incident: the concern wasn't about bypassing safety filters but about the raw capability itself being deemed too dangerous for foreign access.
#Anthropic #Fable5 #ExportControl #AIRegulation #AISecurity
https://www.theregister.com/security/2026/06/15/feds-freaked-over-fable-5-after-simple-fix-this-code-prompt-not-jailbreak-says-researcher/ | 142 |
| 11 | 🔴 New arXiv: LLM API Routers Are Application-Layer MITM — "The Proxy Knows Too Much"
Researchers show that LLM API routers (increasingly used by AI agents) terminate client TLS and open separate upstream sessions, holding full plaintext interactions. This makes routers a privileged MITM: they can read, modify, log, or exfiltrate every prompt and response. The paper proposes attested TEE-based sealing as a mitigation. Relevant to any org routing agent traffic through gateway proxies.
#LLM #APIRouter #MITM #TEE #arXiv #AISecurity
https://arxiv.org/pdf/2606.16358 | 136 |
| 12 | 🟡 First In-the-Wild LLM Agent Post-Exploitation Attack — Marimo RCE to Full DB Exfiltration in Under 2 Minutes
Sysdig documented the first confirmed real-world attack where an LLM agent autonomously conducted post-exploitation: exploiting CVE-2026-39987 (pre-auth RCE in Marimo notebooks), then dynamically pivoting through cloud credential extraction → AWS Secrets Manager → SSH bastion → PostgreSQL database exfiltration — all in 4 automated steps under 120 seconds. The agent adapted to each step's output without pre-scripted commands. Development infrastructure is now a prime target.
#LLMAgent #PostExploitation #Marimo #Sysdig #AISecurity
https://breached.company/llm-agent-post-exploitation-marimo-cve-2026-39987-sysdig-2026/ | 126 |
| 13 | 🔴 New arXiv: Dynamic Malicious Skills in Agentic AI — Poisoning Agent Capabilities Through Documentation
Researchers demonstrate a new attack surface: embedding malicious instructions in natural-language skill documentation that AI agents consume. When an agent loads a "skill" (a common pattern in agent frameworks), poisoned docs can hijack tool calls, exfiltrate data, or execute arbitrary commands. Directly relevant to the Agentjacking disclosure — both exploit the trust boundary between agents and externally-influenced content.
#AgenticAI #Skills #SupplyChain #arXiv #AISecurity
https://arxiv.org/pdf/2606.16287 | 97 |
| 14 | 🔴 New arXiv: UNIATTACK — Automated Jailbreak Targeting Multiple Defense Strategies Simultaneously
Researchers present a unified adversarial testing framework that combines multiple jailbreak techniques (roleplay, encoding, multi-turn decomposition) into a single automated attack. Designed to defeat layered defenses rather than single guardrails — the kind of attack real adversaries would use against production LLM deployments.
#Jailbreak #LLM #AdversarialML #arXiv #AISecurity
https://arxiv.org/pdf/2606.16751 | 93 |
| 15 | 🔴 New arXiv: LLM Search Agents Vulnerable to Web Content Manipulation (SearchGEO)
Researchers introduce SearchGEO, a framework measuring how attacker-published web pages become endorsed claims through LLM search agents. As agents increasingly synthesize open-web content into actionable recommendations, poisoned pages can corrupt agent outputs at scale — a new class of indirect prompt injection where the attack surface is the entire web.
#LLM #SearchAgents #PromptInjection #arXiv #AISecurity
https://arxiv.org/pdf/2606.16821 | 106 |
| 16 | 🔴 PromptSnatcher — Ad Blocker Extensions Caught Stealing AI Chats from ChatGPT, Claude & Gemini
Malicious browser extensions posing as ad blockers were found exfiltrating users' AI chat histories from ChatGPT, Claude, and Gemini. The extensions intercepted and forwarded conversation content to attacker-controlled servers — a new frontier in AI data theft where the target isn't credentials but the intellectual property and sensitive discussions inside AI chat sessions.
#PromptSnatcher #BrowserExtensions #DataExfiltration #AISecurity
https://cybersecuritynews.com/promptsnatcher-ad-blocker-extensions-steal-ai-chats/ | 93 |
| 17 | 🟡 Landmark Ruling: German Court Holds Google Liable for AI Overviews' False Statements
Munich Regional Court (Case 26 O 869/26, May 28) ruled that Google's AI Overviews are Google's own content — not protected third-party search results. The AI fabricated claims linking publishers to scams that didn't exist in any linked source. The court rejected Google's "users can fact-check" defense and stated AI-generated opinions deserve less free speech protection than human ones because they're "the result of an algorithm, not an acquired conviction." Google is appealing. This precedent matters for every enterprise AI system that turns third-party content into confident customer-facing answers.
#AILiability #Google #AIOverviews #LegalPrecedent #AISecurity
https://the-decoder.com/landmark-german-ruling-declares-googles-ai-overviews-are-googles-own-words-and-makes-it-liable-for-false-answers | 91 |
| 18 | 🟡 Claude Code GitHub Action Vulnerability — Repository Hijacking via Prompt Injection
Researcher RyotaK (GMO Flatt Security) found that Anthropic's Claude Code GitHub Action had a [bot] permission bypass allowing anyone to register a GitHub App, open a malicious issue on any public repo, and have Claude execute attacker-controlled commands via indirect prompt injection. The flaw could have enabled a recursive supply chain attack — Anthropic's own repo used the vulnerable workflow. Fixed in claude-code-action v1.0.94. Anthropic paid a bug bounty.
#ClaudeCode #GitHub #PromptInjection #SupplyChain #AISecurity
https://aviatrix.ai/threat-research-center/claude-code-github-action-flaw-2026 | 88 |
| 19 | 🔴 FBI Dismantles Massive AI-Powered Phishing-as-a-Service Operation "Outsider Enterprise"
FBI, Google, and Black Lotus Labs took down a Chinese cybercrime network that used AI to distribute phishing kits at industrial scale: 9,000 fake websites, 1M+ fraudulent URLs, 3.8M credit card records stolen, $1.9B estimated losses. The operation used Gemini AI to generate convincing phishing content and sold kits via a Shopify storefront and Telegram bot. Authorities seized servers, domains, $100K USDT, and the Telegram bot. Part of FBI's Operation Riptide.
#Phishing #AI #OutsiderEnterprise #FBI #AISecurity
https://www.bleepingcomputer.com/news/security/fbi-disrupts-massive-ai-powered-phishing-service-using-a-million-urls | 93 |
| 20 | 🔴 US Orders Anthropic to Disable Fable 5 & Mythos 5 for All Foreign Nationals
On June 12, the US Commerce Department issued an export control directive forcing Anthropic to abruptly disable Claude Fable 5 and Mythos 5 for all users worldwide — including Anthropic's own foreign-national employees. The models launched publicly on June 9; three days later they were gone. The directive turns frontier AI model access into an export-control weapon with no warning, exposing a new class of supply chain and regulatory risk for any enterprise dependent on US-controlled AI providers.
#Anthropic #ExportControl #Fable5 #Mythos5 #AISecurity
https://cybercenter.space/2026/06/13/software-as-a-controlled-export-the-mythos-directive-and-the-new-architecture-of-ai-governance | 113 |
