Critical command injection vulnerability discovered in Universal Robots PolyScope 5

Universal Robots urges users to update PolyScope software following critical vulnerability ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

AI agents have fundamentally changed the threat model of AI model-based applications. By equipping these models with plugins (also called tools), your agents no longer just generate text; they now ...
TechRepublic

Indirect Prompt Injection Is Now a Real-World AI Security Threat

AI agents are now being weaponized through prompt injection, exposing why model guardrails are not enough to protect enterprise data. Last week, researchers at Google and Forcepoint reported that ...
Wired

OpenAI Really Wants Codex to Shut Up About Goblins

“Never talk about goblins, gremlins, raccoons, trolls, ogres, pigeons, or other animals or creatures unless it is absolutely and unambiguously relevant,” reads OpenAI’s coding agent instructions.
ZDNet

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Malicious web prompts can weaponize AI without your input. Indirect prompt injection is now a top LLM security risk. Don't treat AI chatbots as fully secure or all-knowing. Artificial intelligence (AI ...
Fast Company

There’s no rogue McDonald’s AI bot, but ‘prompt injection’ is still a risk for companies

There appears to be a recent epidemic of users hijacking companies’ AI-powered customer service bots to turn them into generic AI assistants. The goal is to get the branded bots to do their bidding, ...
VentureBeat

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...
CSOonline

Prompt injection turned Google’s Antigravity file search into RCE

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing Secure Mode protections. Security researchers have revealed a prompt ...
The Hacker News

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution. The flaw, since ...
VentureBeat

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway

Microsoft assigned CVE-2026-21520, a CVSS 7.5 indirect prompt injection vulnerability, to Copilot Studio. Capsule Security discovered the flaw, coordinated disclosure with Microsoft, and the patch was ...
BizTech

Prompt Injection Attacks: The LLM Security Risk IT Leaders Must Address

Security leaders must adapt large language model controls such as input validation, output filtering and least-privilege access for artificial intelligence systems to prevent prompt injection attacks.