AI Security

CodeSentinel: Three-Layer Defense Against Indirect Prompt Injection in Code LLMs

CodeSentinel is a three-layer inference-time sanitizer designed to protect large language models from indirect prompt injection attacks hidden in code contexts such as comments, strings, and identifiers. It uses Tree-sitter to identify high-risk code syntax tree nodes and applies sanitization to pr...

Why it matters: As code LLMs increasingly rely on external code repositories and documentation, they become vulnerable to subtle prompt injection attacks that can manipulate their behavior. CodeSentinel addresses this emerging security risk by providing a targeted defense mechanism during model inference.

AI-assisted summary based on listed sources.

AI Security Agent Tackles Multi-Vector Fraud and AML in Banking

Banks face both signature-based fraud and behavioral financial crimes, which require different detection methods. An AI security agent addresses these challenges by combining approaches to detect threats like card-not-present attacks and business email compromise.

Why it matters: Traditional static rule engines fail to detect complex behavioral fraud such as business email compromise. AI-driven multi-vector detection enhances security across retail and corporate banking accounts.

AI-assisted summary based on listed sources.

Deep-XPIA: Prompt Injection Benchmark for Multi-Agent AI Systems

Deep-XPIA is a new benchmark designed to evaluate prompt injection vulnerabilities in multi-agent AI systems. It aims to help researchers identify and mitigate security risks in AI interactions.

Why it matters: As AI systems increasingly interact with each other, understanding and preventing prompt injection attacks is critical to maintaining system integrity and trustworthiness. Deep-XPIA provides a standardized way to assess these vulnerabilities.

AI-assisted summary based on listed sources.

Risk-Aware Causal Gating Enhances LLM Agent Security via Tool Contract Integrity

Risk-Aware Causal Gating (RACG) protects tool-augmented large language model (LLM) agents from indirect prompt injection by restricting access to dangerous tools. This approach shifts the trust requirement to the integrity of the tool contracts rather than the agent's compliance alone.

Why it matters: By limiting an agent's visible action space, RACG reduces the risk of unauthorized tool use, improving security in AI systems. However, it highlights the importance of trustworthy tool contracts as a critical component of safe AI tool integration.

AI-assisted summary based on listed sources.

Security Challenges and Framework for Long-Horizon Agentic AI Systems

This paper analyzes security threats and evaluation methods for long-horizon agentic AI systems, proposing a taxonomy of threats and a framework for attack propagation analysis. It aims to guide future research in securing agentic AI.

Why it matters: As agentic AI systems operate over extended periods and make autonomous decisions, understanding their security vulnerabilities is critical to prevent cascading attacks. The proposed framework helps structure defenses and evaluation strategies for these complex AI systems.

AI-assisted summary based on listed sources.

Mitigating prompt injection attacks with a layered defense strategy

<span class="byline-author">Posted by Adam Gavish, Google GenAI Security Team</span><div><br /></div><div><span id="docs-internal-guid-673cf5ee-7fff-42cb-83fa-7f963bac5563"><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span fac...

Google Workspace’s continuous approach to mitigating indirect prompt injections

<span class="byline-author">Posted by Adam Gavish, Google GenAI Security Team</span><div><br /></div><div><span id="docs-internal-guid-963e2379-7fff-2c42-f377-675bf409d663"><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span fac...

The catalogue of prompt injection attacks

Hacker News discussion with 8 points and 3 comments.

Securing CI/CD in an agentic world: Claude Code Github action case

<p>Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific conditions. This research examines the attack chain, responsible disclosure process, Anthropic's mitigat...

An AI Security Agent for University ACMIS: Multi-Vector Threat Detection and Automated Response

University Academic Management Information Systems (ACMIS) are high-value targets for a wide spectrum of security threats including brute-force login attacks, payment fraud, privilege escalation, insider data theft, and academic integrity violations. Traditio...

Safeguarding VS Code against prompt injections

<p>When a chat conversation is poisoned by indirect prompt injection, it can result in the exposure of GitHub tokens, confidential files, or even the execution of arbitrary code without the user's explicit consent. In this blog post, we'll explain which VS Co...

Architecting Security for Agentic Capabilities in Chrome

<span class="byline-author">Posted by Nathan Parker, Chrome security team</span> <p> Chrome has been advancing the web’s security for well over 15 years, and we’re committed to meeting new challenges and opportunities with AI. Billions of people trust Chrome...