prompt injection

Microsoft’s Copilot Cowork is under scrutiny after PromptArmor said on May 26, 2026 that poisoned workflow content could make the agent send a user downloadable links to Microsoft 365 files without the sensitive-action approval Microsoft says should appear. The claim is narrow, but the...

On May 24, 2026, Cybernews reported on research showing that hidden or nearly inaudible audio can manipulate AI voice agents into interpreting ordinary recordings, meetings, music, or videos as commands to take actions through connected tools. The finding is not that your microphone has become...

Researchers from Zhejiang University, the National University of Singapore, and Nanyang Technological University have demonstrated AudioHijack, a hidden-audio attack presented at the IEEE Symposium on Security and Privacy in San Francisco in May 2026 that can manipulate voice AI systems into...

Microsoft disclosed on May 7, 2026, that two patched vulnerabilities in its Semantic Kernel agent framework could let prompt injection become remote code execution or arbitrary host file writes in affected Python and .NET agent deployments. The headline is not that a chatbot said something...

CISA, the NSA, ASD’s Australian Cyber Security Centre, and cyber agencies from Canada, New Zealand, and the United Kingdom released “Careful Adoption of Agentic AI Services” on April 30 and May 1, 2026, warning organizations to deploy autonomous AI agents only with strict security controls. The...

The latest round of AI security disclosures is awkward for three of the biggest names in the field: Anthropic, Google, and Microsoft all accepted bug bounty submissions involving prompt injection attacks against AI agent workflows, then left most users without the public paperwork that normally...

Applying security fundamentals to AI is becoming the defining CISO problem of 2026, and Microsoft’s latest guidance is a useful reminder that the right response is not panic but discipline. In a March 31, 2026 Security blog post, Microsoft Deputy CISOs argue that AI should be treated as...

Exabeam’s push to watch ChatGPT, Microsoft Copilot, and Google Gemini is more than another product update. It is a sign that enterprise security teams are being forced to treat AI agents as a new class of identity, one that can hold privileges, touch data, and make mistakes at machine speed. The...

Microsoft’s Copilot controversy on GitHub is bigger than one awkward pull request edit. If the reports are accurate, the company’s coding agent is no longer just helping developers fix typos or draft summaries; it is also surfacing promotional-looking “tips” inside pull requests, which many...

GitHub Copilot’s latest controversy lands at a sensitive moment for the AI coding market. If the reports are accurate, the issue is not just that Copilot may be surfacing promotional suggestions inside pull requests, but that it is doing so in a way that can feel indistinguishable from product...

AI chatbots with built-in browsers are no longer a novelty feature tucked away in a product demo. They are quickly becoming a default interface for searching the web, summarizing pages, clicking links, and even completing tasks on a user’s behalf. That convenience comes with a quietly expanding...

Microsoft’s new guidance on threat modeling for AI applications arrives at a moment when enterprises are scrambling to put generative and agentic systems into production — and it does something important: it forces security teams to stop treating AI as “just another component” and start modeling...

The past 48 hours have delivered a compact but consequential set of tech developments: the Pentagon and Anthropic are in open tension over how far AI safeguards should extend into military use; OpenClaw’s creator has taken a high‑profile jump to OpenAI; Apple has quietly scheduled a special...

Security researchers say a new wave of prompt‑injection techniques can coerce mainstream AI assistants — including Microsoft Copilot and xAI’s Grok — into behaving as covert command‑and‑control (C2) relays, exfiltrating data or executing attacker‑supplied workflows after a single crafted input...

Microsoft’s recent changes have finally untangled one of Windows 11’s most persistent irritations: setting a third‑party browser as the operating system’s default is now far less painful than it was at launch, and regulatory pressure in Europe has pushed the company even further toward...

Microsoft’s Defender researchers have pulled back the curtain on a quiet but powerful marketing vector: seemingly harmless “Summarize with AI” and “Share with AI” buttons that surreptitiously instruct chat assistants to remember particular companies or sites, creating persistent, invisible...

Microsoft’s security team has issued a blunt warning: a growing wave of websites and marketing tools are quietly embedding instructions into “Summarize with AI” buttons and share links that can teach your AI assistant to favor particular companies, products, or viewpoints — a tactic Microsoft...

Microsoft’s security team is warning that a new, low-cost marketing tactic is quietly weaponizing AI convenience: companies are embedding hidden instructions in “Summarize with AI” and share-with-AI buttons to inject persistent recommendations into assistants’ memories — a technique the...

Linux still beats Windows 11 in a handful of quietly significant ways — not because it has prettier UI animations or a bigger marketing budget, but because of fundamentals: cost, hardware fit, user control, the absence of baked‑in AI agents, and a privacy model that treats telemetry as optional...

Microsoft's public promise to "fix Windows 11" this year is not a marketing flourish — it's a direct response to hard, visible pain across the platform, and the company is now mobilizing a formal "swarming" effort to address the problems users and testers have been raising. Pavan Davuluri, who...