MonitoringBench: Semi-Automated Red-Teaming for Agent Monitoring

We introduce a red-teaming methodology that exposes harder-to-catch attacks for coding-agent monitors, suggesting that current practices may under-elicit attacks and overstate monitor performance. We identify three challenges with current red-teaming. First, mode collapse in attack generation,...

Threat modeling AI applications

Proactively identifying, assessing, and addressing risk in AI systems We cannot anticipate every misuse or emergent behavior in AI systems. We can , however, identify what can go wrong, assess how bad it could be, and design systems that help reduce the likelihood or impact of those failure modes...

Threat modeling AI applications

Proactively identifying, assessing, and addressing risk in AI systems We cannot anticipate every misuse or emergent behavior in AI systems. We can , however, identify what can go wrong, assess how bad it could be, and design systems that help reduce the likelihood or impact of those failure modes...

Diverse LLMs Vs. Vulnerabilities: Who Detects and Fixes Them Better?

Large Language Models LLMs are increasingly being studied for Software Vulnerability Detection SVD and Repair SVR. Individual LLMs have demonstrated code understanding abilities, but they frequently struggle when identifying complex vulnerabilities and generating fixes. This study presents...

EUVD-2025-117439

Malicious code in diverse-tomato-piranha npm...

EUVD-2025-117440

Malicious code in diverse-harlequin-gayal npm...

EUVD-2025-99751

Malicious code in diverseduckz3n npm...

EUVD-2025-105756

Malicious code in diversekiwiz3n npm...

Malicious code in diverse_kiwi_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6a0579cad4510e7750240331bfa22ed0c4761b3323454deef4f9e22b7459d76 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in diverse_donkey_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60136d73cdf175f62d4adcd7da831185ab02042124e9013b1e764daa7a101b4d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-74730

Malicious code in diversesalamanderaquamarine-37 npm...

EUVD-2025-77070

Malicious code in diversecoyote-strongdev npm...

EUVD-2025-77068

Malicious code in diverseyak-appteadev npm...

EUVD-2025-71606

Malicious code in diversethrushz3n npm...

EUVD-2025-64475

Malicious code in diverseporpoisez3n npm...

EUVD-2025-64477

Malicious code in diversemandrillz3n npm...

MAL-2025-94080 Malicious code in diverse_rhinoceros_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0f7edb5a621cee0fc0a04743d5aedecf8e2e3bb21f0e5a68b71108be906c81a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-64474

Malicious code in diverserhinocerosz3n npm...

EUVD-2025-54831

Malicious code in diverse-moccasin-marmoset npm...

EUVD-2025-54830

Malicious code in diverse-pink-clam npm...