This article presents a security scanner specifically designed for AI agent skills, capable of detecting issues like prompt injection and data exfiltration. It supports various analysis methods, including static and behavioral detection, and integrates with tools like VirusTotal and cloud providers.

This article discusses the security risks associated with AI agents, particularly prompt injection vulnerabilities. It introduces the "Agents Rule of Two," a framework designed to minimize risks by limiting the properties an agent can have in a session to avoid harmful outcomes.

The article discusses how AI agents could spread harmful instructions, similar to the Morris worm that infected early Internet computers. These "prompt worms" exploit AI's nature of following commands, potentially leading to widespread security issues. Researchers warn that this new type of contagion could emerge as AI systems communicate with each other.

The article details a security flaw in AI agent skills, demonstrated through a logic-based attack that uses an invisible instruction hidden in a PDF. This attack bypasses human review and platform safety measures, leading to potential phishing schemes. It highlights the need for improved governance over agent behavior rather than relying solely on static defenses.

This article explains how AI systems handle web links while protecting user data from exposure. It focuses on preventing URL-based data leaks through a mechanism that verifies if a URL is publicly accessible. The approach aims to keep users informed and in control when an unverified link is accessed.

Malicious actors can exploit default settings in ServiceNow's Now Assist AI to execute prompt injection attacks, allowing unauthorized access to sensitive data. These attacks leverage agent collaboration features, making it easy for attackers to manipulate benign requests into harmful actions without detection. Organizations must reassess their configurations to mitigate these risks.

ClawSec is a security toolkit for OpenClaw agents that installs and manages various protective skills. It offers features like integrity verification, automated security audits, and live CVE updates to safeguard against vulnerabilities.

Comet, an AI assistant, faces the challenge of malicious prompt injection, which manipulates its decision-making without exploiting software bugs. To combat this, Perplexity employs a defense-in-depth strategy that includes real-time detection, user controls, and transparent notifications to maintain user trust and safety.

The article discusses a security vulnerability known as prompt injection that can lead to remote code execution (RCE) in AI agents. It outlines the mechanisms of this exploit, the potential impact on AI systems, and the importance of implementing robust security measures to mitigate such risks. The findings underscore the need for vigilance in the development and deployment of AI technologies.

Google DeepMind has released a white paper detailing the security enhancements made to Gemini 2.5, focusing on combating indirect prompt injection attacks which pose cybersecurity risks. The article highlights the use of automated red teaming and model hardening to improve Gemini's defenses, ensuring the AI can better recognize and disregard malicious instructions while maintaining performance on normal tasks.