Generative AI has rapidly become ubiquitous in business applications, and the installed base of AI assistants already exceeds one billion users. Security considerations for this wide adoption range from sophisticated prompt-injection attacks to novel side-channel vulnerabilities, and the threat landscape for AI systems continues to evolve at an unprecedented pace. This digest compiles the most important GenAI security resources from December 2025 to help security professionals stay ahead of emerging risks.
This digest covers 26 top GenAI security resources across 11 categories:
This article explores a novel technique called Antigravity that exploits trust boundaries in AI systems. It demonstrates how attackers can bypass security controls to exfiltrate sensitive information from AI-powered applications.
Tenable researchers uncover new AI vulnerabilities that enable private data leakage. The findings highlight critical security gaps in popular AI implementations that organizations must address.
Security researchers demonstrate critical remote code execution vulnerabilities in Claude Desktop through prompt manipulation. The attack chain shows how innocent-looking prompts can be weaponized.
This tutorial covers improper output handling vulnerabilities in LLMs. It provides practical examples of how attackers exploit these weaknesses and offers mitigation strategies.
A new prompt injection variant enables data exfiltration from Claude APIs. The technique bypasses existing security measures and poses risks to applications using Claude’s API endpoints.
A GitHub issue documents a persistent XSS vulnerability in DeepSeek-V3 triggered through prompt injection. The attack enables client-side data exfiltration from affected systems.
A new tool designed to help security professionals test and analyze prompt injection vulnerabilities. It provides automated testing capabilities for identifying AI security weaknesses.
A LinkedIn post reveals a new jailbreak technique targeting Claude Haiku. The discovery highlights ongoing challenges in maintaining AI safety guardrails against adversarial attacks.
An open-source security framework for testing and securing LLM deployments. It provides a comprehensive toolkit for identifying vulnerabilities in AI systems.
A system prompt benchmark tool for security testing production LLM applications. It helps organizations evaluate the robustness of their AI systems against common attack vectors.
An open-source implementation of the Whisper Leak side-channel attack. Security researchers can use this tool to test their systems against this novel attack technique.
A benchmarking tool for evaluating AI system subversion attempts. It helps measure and improve the resilience of machine learning systems against adversarial manipulation.
Academic research exploring how attackers can manipulate chain-of-thought reasoning in LLMs. The paper demonstrates techniques to hijack the reasoning process for malicious purposes.
Researchers discover that adversarial poetry can serve as a universal jailbreak technique. This single-turn attack method bypasses safety measures across multiple LLM platforms.
A detailed exploration of techniques used to extract Claude AI’s system prompts. The article reveals methods attackers use to uncover hidden instructions in AI systems.
Documentation of a sophisticated prompt injection technique using multi-layered personas. The attack attempts to override AI system rules through carefully crafted identity manipulation.
Google Cloud’s CISO blog explains why AI security assurance requires a fundamentally different approach than traditional QA. Essential reading for security leaders implementing AI governance.
Oligo Security uncovers a global attack campaign where AI systems are hijacked to form self-propagating botnets. The incident demonstrates how attackers weaponize AI infrastructure at scale.
Microsoft Security reveals a novel side-channel attack targeting remote language models. The vulnerability allows attackers to extract sensitive information through timing analysis.
Palo Alto Networks outlines the importance of building security into AI systems from the ground up. The article provides a framework for implementing secure AI design principles.
A video tutorial on setting up Microsoft’s AI red teaming playground. It provides step-by-step guidance for security professionals building AI testing environments.
A comprehensive training course by Brian Vermeer covering prompt injection fundamentals. It explores techniques, real-world challenges, and advanced escalation methods.
An accessible introduction to AI security concepts for newcomers. It explains fundamental risks and why organizations must prioritize AI security in their strategies.
A curated collection of real-world LLM misuse datasets and classification taxonomies. Valuable resource for researchers studying AI safety and developing protective measures.
Harness releases a comprehensive report on AI-native application security. It identifies critical blind spots organizations face when securing AI-powered applications.
The GenAI security landscape continues to evolve rapidly, with new attack vectors and defense mechanisms emerging constantly. The gap between attack innovation and organizational preparedness continues to widen, as evidenced by incidents like ShadowRay 2.0. Organizations can no longer treat AI security as an afterthought or extension of traditional cybersecurity — the time for proactive AI security strategies, red team exercises, and specialized defensive tools is now, before your AI systems become the next attack vector.
Stay vigilant, stay informed, and remember: in the rapidly evolving world of GenAI security, today’s innovative defense becomes tomorrow’s baseline requirement.
Stay up to date with what is happening! Plus, get a first look at news, noteworthy research, and the worst attacks on AI — delivered right to your inbox.
December 2025 MCP Security Digest As the Model Context Protocol (MCP) celebrates its first anniversary, security has emerged as the critical foundation for the agentic AI ecosystem. MCP enables AI ...
