This month’s top resources cover highly concerning developments, including a novel IICL technique that bypassed GPT-5.4 safety guardrails and the real-world implications of Anthropic’s Mythos model successfully executing a 32-step corporate network attack. Adversaries can now automate their red teaming and uncover fundamental flaws in vector databases. However, defenders are also making progress in practical framework development and fundamental approaches to attack detection.
Total resources: 22
Category breakdown:
| Category | Count |
|---|---|
| Research | 5 |
| GenAI 101 | 3 |
| GenAI defense | 3 |
| GenAI red teaming | 2 |
| GenAI for CISO | 2 |
| Article | 2 |
| GenAI threat model | 1 |
| GenAI attack technique | 1 |
| GenAI attack | 1 |
| Framework | 1 |
| Report | 1 |
Adversa AI researchers managed to bypass GPT-5.4 safety guardrails using a novel technique called Involuntary In-Context Learning (IICL). The attacker’s success rate reached 60%, exploiting a vulnerability introduced in recent model updates.
The BadStyle framework demonstrates how to embed imperceptible writing-style triggers into LLMs during fine-tuning. These triggers preserve semantics and fluency while acting as a reliable backdoor.
Vector databases powering RAG systems are fundamentally vulnerable to a geometric poisoning attack. This exploit can contaminate up to 99.85% of query results with just 1% injected vectors.
The STACK methodology systematically defeats safeguard pipelines by attacking each component sequentially. This approach achieves a 71% attack success rate in black-box environments.
The AB-JB approach is a three-stage hybrid jailbreak framework combining black-box semantic adversarial prompt generation and white-box suffix optimization. This methodology achieves a 93% average attack success rate against targeted LLMs.
A comprehensive essay dismantling four potential defensive moats against unaligned AI systems. The author argues that LLMs cannot safely be given autonomous power in their current state.
This comprehensive developer guide covers fundamental risks including prompt injection, data exfiltration, and MCP security. It provides practical defensive strategies for teams building AI applications.
A systematic walkthrough of the 10 most common AI web vulnerabilities. The guide covers everything from basic prompt injection and data leakage to broken authorization.
The ER-CAT framework adds singular-value-variance regularization to improve adversarial training for LLMs. This technique provides a better robustness-utility tradeoff across six different models.
TwinGate introduces a dual-encoder defense mechanism using Asymmetric Contrastive Learning. It achieves high recall with less than a 0.2% false positive rate on a massive 3.62M-request dataset.
Researchers adopted seven detection techniques from forensic linguistics, bioinformatics, and network security to identify prompt injections. The local-alignment detector significantly improved the F1 score from 0.033 to 0.378.
This Nature paper proposes a specialized three-pillar red teaming framework for healthcare chatbots. It utilizes error stratification and dual-pronged testing to ensure medical safety standards.
Researchers propose Adaptive Instruction Composition, a contextual bandit reinforcement learning layer designed for AI red teaming. This technique doubles the WildTeaming attack success rate by dynamically adapting to the target model.
A 30-page strategy briefing from CSA, SANS, and OWASP that outlines how to prepare for advanced AI agents. It maps emerging risks to the OWASP LLM, MITRE ATLAS, and NIST CSF 2.0 frameworks.
Anthropic’s Mythos model successfully completed a 32-step corporate network attack autonomously in just hours. This analysis highlights that AI-driven exploitation is not exclusive to Mythos, putting existing AI systems at immediate risk.
This post analyzes leaked system prompts from major providers including OpenAI, Anthropic, and Google. It demonstrates how exposed tool schemas define the attack surfaces of these frontier models.
A curated digest of seven major AI safety papers covering the latest academic developments. Topics range from alignment auditing and data poisoning to jailbreaks of Constitutional Classifiers.
RAG systems introduce entirely novel security risks beyond standard LLM deployments. This paper establishes an operational boundary and organizes the literature around four distinct security surfaces.
LLM safety alignment proves fragile as refusal behaviors in low-rank subspaces can be surgically ablated at inference time. The CRA framework achieves a 15.2x improvement over baselines in bypassing restrictions.
This Eval Injection vulnerability in MaxKB AI assistant’s Markdown rendering enables Stored XSS. The flaw carries a CVSS 4.0 score of 6.9 MEDIUM.
The Center for Internet Security released an official companion guide mapping the CIS Controls v8.1 to AI/LLM-specific security requirements. It provides actionable guidance across the full AI lifecycle.
This report details six real-world AI security incidents that occurred over a 15-day span. It includes full attack paths and MITRE ATT&CK technique references along with a defensive playbook.
The transition from theoretical prompt injections to autonomous, multi-step attacks fundamentally changes the generative AI threat landscape. Security teams must move beyond static defenses and implement continuous, stateful monitoring architectures to protect their AI pipelines from dynamic manipulation and automated red-teaming frameworks.
A regression in the Claude Code trust dialog and a settings-scope inconsistency let a cloned repo run unsandboxed code with one keypress, and on CI runners with none. Learn why ...
