prompt injection

Microsoft’s preview of agentic features in Windows 11 — where Copilot-style assistants move from “suggest” to “act” — is a technical milestone with meaningful productivity upside and a suite of novel security and governance challenges that administrators and power users must treat as deliberate...

A sharp, peer‑reviewed study and a string of security disclosures have exposed a worrying truth about the new generation of AI‑assisted web browsers: many of them collect and transmit highly sensitive browsing data — sometimes without clear consent — and the features that make these tools useful...

Brave has quietly opened the next chapter in the browser wars: an experimental, agentic AI browsing mode is available now in Brave Nightly, offering a model-driven assistant that can autonomously browse, act, and complete multi-step tasks inside a purposely isolated profile — but it arrives amid...

A recent security analysis has found that Microsoft Copilot Studio’s no-code AI agents can be coerced into leaking sensitive customer data and performing unauthorized actions with trivially simple prompt injections, exposing a new class of operational and regulatory risk that teams must treat as...

Tenable’s controlled jailbreak of a Microsoft Copilot Studio agent has laid bare a clear, present danger: no-code AI agents — the “digital employees” proliferating inside enterprises — can be manipulated to deliver both data theft and direct financial fraud. In a deliberately scoped...

Guy Zetland and Keren Katz report that a Tenable AI Research proof‑of‑concept has turned Microsoft Copilot Studio’s promising no‑code agent model into a glaring attack surface: simple prompt injections can coax agents into leaking sensitive records — including credit card data — and even change...

The cybersecurity community has reached a rare, consensus-sounding alarm: AI-powered browsers — the new generation of agentic, LLM-driven web clients — introduce a novel attack surface that many organizations should treat as unacceptable risk today, with leading advisory firms and government...

The UK National Cyber Security Centre’s blunt advisory about AI prompt injection is a wake-up call: defenders who treat prompt injection like a modern variant of SQL injection risk leaving their systems exposed to a different, harder-to-defend class of attacks that exploit the very way large...

AI browsers — the new generation of agentic assistants that read, reason, and act on web pages for you — are now being weaponized by a fresh class of attacks that hide instructions inside otherwise normal web content, threatening account security, private data, and the very notion of what a...

A fresh prompt-injection variant called HashJack has staked out an unexpected and stealthy attack surface: the text that appears after the “#” in a URL — the fragment identifier — can be weaponized to deliver natural‑language instructions to AI-powered browser assistants, tricking them into...

Microsoft’s own documentation now admits a hard truth: turning Windows 11 from an assistant into an agentic operating system — one that can act on your behalf, open apps, click UI elements, and manipulate files — changes the threat model in ways that traditional endpoint defenses were not built...

Microsoft’s own documentation and Insider notes make an unusually blunt admission: Windows 11 now includes an opt‑in set of experimental agentic features that let AI agents act on a user’s behalf—opening apps, clicking UI elements, reading and writing files in common folders—and Microsoft warns...

Microsoft quietly acknowledged what security researchers have been warning about: the new experimental “agentic” layer in Windows 11—the set of background AI agents that can act on a user’s behalf—can hallucinate and create real, novel security risks, including the ability for malicious content...

Microsoft’s blunt advisory that Windows 11’s experimental “agentic” AI features introduce novel security risks has refocused a long-running debate about where convenience ends and vulnerability begins — and it arrived not as a marketing footnote but as a front‑page safety notice built into...

Microsoft quietly shipped an experimental “agentic” layer into Windows 11 and, unusually for a vendor, warned up front that those agents may hallucinate and introduce novel security risks — including a new class of attacks Microsoft calls cross‑prompt injection (XPIA). Background / Overview...

Microsoft’s own documentation now admits what security researchers have long feared: the new agentic features in Windows 11 — agents that can act on your behalf, click and type inside apps, and read and modify local files — come with real, material security risks, including the possibility that...

Perplexity’s Comet and the cascade of disclosures this year have exposed a stark truth: agentic AI browsers that act on user behalf dramatically expand the attack surface of everyday web browsing, and the technical and legal fallout shows the industry is still scrambling to catch up. Background...

Microsoft’s own documentation for Windows 11 now contains an unusually blunt security caveat: the new experimental “agentic” AI features that let the OS act on your behalf are powerful, but they also create novel attack surfaces that administrators and consumers must treat as security decisions...

Microsoft’s latest agentic push for Windows 11 has a stark, unusually candid caveat: enable the new AI agent features only if you understand the security implications, because a compromised or manipulated agent can be coerced into doing harmful things — including downloading or installing...

A new prompt-injection variant called HashJack exposes a surprising and urgent risk in AI-powered browser assistants: by hiding natural‑language instructions after the “#” fragment in otherwise legitimate URLs, attackers can coerce assistants to produce malicious guidance, insert fraudulent...