Secure AI Weekly

From Lenovo’s chatbot breach exposing session cookies to our own research uncovering PROMISQROUTE, a novel vulnerability in GPT-5’s routing mechanism found by Adversa AI Research team, this week showed how fragile AI security architectures still are. The risks are not limited to technical flaws: regulators are struggling too, as NIST ...

From GPT-5 jailbreaks leaking harmful instructions within hours of release to new benchmarks exposing systemic weaknesses in major models, this week highlighted how fragile LLM Security remains. Despite new training methods, Jailbreak LLM attacks like context poisoning and obfuscation continue to bypass guardrails. As enterprises experiment with tool-using and multi-agent ...

From poisoned calendar invites that let attackers open smart shutters to hallucinated software packages seeding malware into supply chains, this week’s AI security stories highlight just how many doors are left open in generative and agentic systems. Research at Black Hat USA showed that even seemingly routine integrations — like ...

From compromised coding assistants to identity-collapsing agent chains, this week’s AI security incidents reveal just how fragile the foundations of generative and agentic systems remain. The Amazon Q supply chain breach showed how a single malicious prompt could wipe infrastructure at scale—if not for a lucky syntax error. Meanwhile, researchers ...

From fast food to frameworks, this week highlights the widening gap in AI security maturity. A massive breach at McDonald’s AI hiring platform shows how basic security oversights—like hardcoded credentials and IDOR flaws—can still devastate modern AI infrastructure. With over 64 million applicant records exposed via a third-party chatbot, the ...

AI systems are scaling fast — and so are the risks. This month’s digest highlights urgent developments shaping the future of GenAI security. From SANS and OWASP’s landmark partnership to define standard AI security controls, to Accenture’s warning that most enterprises lack foundational AI defenses, the message is clear: security ...

This week’s digest shows how fast the threat landscape around LLMs is shifting. Researchers have now found malware samples embedding prompt injection attacks directly into their payloads—marking the first real-world attempt to evade AI-powered analysis tools. Meanwhile, cybercriminals are offering jailbroken versions of Grok and Mixtral for phishing and malware ...

This week’s digest exposes how attackers exploit AI agents through prompt injection, jailbreak public APIs to revive malicious models, and compromise developer tools at the supply chain level. Multiple incidents—like the Asana data leak and the Atlassian exploit—stem from insecure use of the Model Context Protocol (MCP), a rising standard ...

As AI systems transition from passive tools to autonomous agents, the risks surrounding them evolve just as fast. This week’s digest reveals how attackers are already exploiting agentic AI, how regulators are racing to keep up, and how industry is responding with new benchmarks and standards. From Microsoft’s EchoLeak zero-click ...