Article

August 22, 2025

708

Lenovo AI Chatbot Incident: Critical XSS Vulnerability Exposes Enterprise AI Security Gaps

In August 2025, Lenovo quietly patched a critical vulnerability in its AI chatbot “Lena” that could have allowed attackers to steal session cookies and potentially compromise customer support systems through a single 400-character prompt—highlighting a new class of AI-driven security threats that most organizations are unprepared to defend against. The ...

August 21, 2025

256

Article + GenAI Security ADMIN

What Can Generative AI Red Teaming Learn from Cyber Red Teaming — Top Insights

The rapid deployment of generative AI systems across critical infrastructure has created an unprecedented security challenge: how do we effectively test and secure systems that can generate content, make decisions, and interact with users in ways we never fully anticipated — even with AI Red Teaming in place? A groundbreaking ...

August 19, 2025

2556

Article + Research admin

PROMISQROUTE: GPT-5 AI Router Novel Vulnerability Class Exposes the Fatal Flaw in Multi-Model Architectures

Executive Summary for CISO Security researchers from Adversa AI discovered that ChatGPT 5 have a fatal flaw: they can route your requests to cheaper, less secure models to save money. Attackers can exploit this to bypass AI security and safety measures with just a few words. What Is PROMISQROUTE? When ...

July 31, 2025

64

Article + Agentic AI Security ADMIN

Amazon AI Coding Assistant Q Incident: Lessons Learned

Introduction. When AI Becomes the Attack Vector In the world of AI red teaming, we often ask ourselves: “What’s the worst that could happen?” On July 2025, we got our answer—and it wasn’t from a sophisticated nation-state actor or a zero-day exploit. It came from a single frustrated hacker who ...

July 22, 2025

177

Article + MCP Security ADMIN

Top MCP Defense Resources: Essential Security Guide

The Model Context Protocol (MCP) has emerged as a “USB-C port for AI applications” that standardizes how AI systems interact with external data sources and tools. While MCP revolutionizes AI integration by enabling seamless connections between AI models and diverse services, this powerful capability introduces significant MCP defense and security challenges ...

July 17, 2025

141

Article + MCP Security ADMIN

Top MCP Threats Resources: A Comprehensive Guide to Model Context Protocol Security

The Model Context Protocol (MCP), introduced by Anthropic in November 2024, has rapidly emerged as the “USB-C port for AI Agents and applications” — revolutionizing how AI systems interact with external tools and data sources. This protocol standardizes the connection between Large Language Models (LLMs) and various services, enabling powerful ...

July 10, 2025

1050

Article + GenAI Security ADMIN

McDonald’s AI Hiring chatbot Olivia by Paradox.ai Security Incident: Complete Analysis and Lessons Learned

On 30 June 2025, security researchers Ian Carroll and Sam Curry opened McDonald’s recruiting site, clicked a tiny “Paradox team members” link, typed the universal joke password 123456, and found themselves inside the admin console of McHire—the AI-driven chatbot platform that screens applicants for about 90% of McDonald’s 40,000+ restaurants ...

June 25, 2025

1726

Article + MCP Security ADMIN

Asana AI Incident: Comprehensive Lessons Learned for Enterprise Security and CISO

Executive Summary: “The Asana MCP incident exposed 1,000 organizations’ data through a single line of code, proving that when AI meets enterprise SaaS, yesterday’s security playbook is obsolete. This isn’t about one vendor’s mistake – it’s about an industry racing to deploy AI without understanding the fundamentally different threat model ...

June 10, 2025

570

Article + Agentic AI Security ADMIN

Agentic AI Red Teaming Interview: Can Autonomous Agents Handle Adversarial Testing? Conversation with ChatGPT, Claude, Grok & Deepseek

As AI systems shift from passive responders to autonomous agents capable of planning, tool use, and long-term memory, they introduce new security challenges that traditional red teaming methods fail to address. To explore the current state of Agentic AI Red Teaming, we interviewed four leading language models—ChatGPT, Claude, Grok, and ...

Lenovo AI Chatbot Incident: Critical XSS Vulnerability Exposes Enterprise AI Security Gaps

What Can Generative AI Red Teaming Learn from Cyber Red Teaming — Top Insights

PROMISQROUTE: GPT-5 AI Router Novel Vulnerability Class Exposes the Fatal Flaw in Multi-Model Architectures

Amazon AI Coding Assistant Q Incident: Lessons Learned

Top MCP Defense Resources: Essential Security Guide

Top MCP Threats Resources: A Comprehensive Guide to Model Context Protocol Security

McDonald’s AI Hiring chatbot Olivia by Paradox.ai Security Incident: Complete Analysis and Lessons Learned

Asana AI Incident: Comprehensive Lessons Learned for Enterprise Security and CISO

Agentic AI Red Teaming Interview: Can Autonomous Agents Handle Adversarial Testing? Conversation with ChatGPT, Claude, Grok & Deepseek

Trusted AI Security

Explore Our Blog

Featured Post

Universal LLM Jailbreak: ChatGPT, GPT-4, BARD, BING, Anthropic, and Beyond

Latest Posts

OWASP ASI03: Identity & Privilege Abuse in AI Agents

Solving the “Breaking the Prompt” DEF CON AI CTF with AI Red Teaming Agent

Top GenAI security resources — June 2026

AIRQ: The First Independent AI Agent Security Rating and Open Source Risk Scoring Framework Ranks 100+ AI Agents

Top MCP security resources — June 2026

The AI risk quadrant for agents: scoring 100 digital workers nobody secured

Top Agentic AI security resources — June 2026

SymJack: the approval prompt is lying to you. A symlink-hijack RCE in six AI coding agents

OWASP ASI02: tool misuse and exploitation — the definitive security guide

AI risk management insurance is tightening. Cyber insurance history shows exactly where it ends up.

Top GenAI security resources — May 2026

TrustFall: coding agent security flaw enables one-click RCE in Claude, Cursor, Gemini CLI and GitHub Copilot