Exploit for Unprotected Alternate Channel in Litellm

CVE-2026-40217 — LiteLLM Guardrail Sandbox Escape LiteLLM...

No Attack Required: Semantic Fuzzing for Specification Violations in Agent Skills

LLM-powered agents can silently delete documents, leak credentials, or transfer funds on a routine user request, not because the agent was attacked, but because the skill it invoked broke its own declared safety rules. We call these specification violations: benign inputs cause a skill to breach...

GHSA-F2QX-66WF-WVVX phpseclib guardrails needed on OID length

Impact Any application using that loads untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. Patches https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59 Workarounds No. Resources...

EUVD-2024-0936

phpseclib: guardrails needed on isPrime and randomPrime...

Wiz Code Week Recap: Securing AI Native Development

Providing Application Security teams with visibility and guardrails to secure agentic software development and the modern software supply chain...

Deterministic + Agentic AI: The Architecture Exposure Validation Requires

Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s...

CVE-2026-31992

OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at...

CVE-2026-31992

OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at...

CVE-2026-31992 OpenClaw < 2026.2.23 - Allowlist Exec-Guard Bypass via env -S

OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at...

EUVD-2026-11408

FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox fastgpt-sandbox includes guardrails intended to prevent file writes static detection + seccomp. These guardrails are bypassable by remapping stdout fd 1 to an arbitrary writable file descriptor using fcntl...

Introducing the Generative Application Firewall (GAF)

This paper introduces the Generative Application Firewall GAF, a new architectural layer for securing LLM applications. Existing defenses -- prompt filters, guardrails, and data-masking -- remain fragmented; GAF unifies them into a single enforcement point, much like a WAF coordinates defenses fo...

SecureCAI: Injection-Resilient LLM Assistants for Cybersecurity Operations

Large Language Models have emerged as transformative tools for Security Operations Centers, enabling automated log analysis, phishing triage, and malware explanation; however, deployment in adversarial cybersecurity environments exposes critical vulnerabilities to prompt injection attacks where...

Understanding Security Risks of AI Agents' Dependency Updates

Package dependencies are a critical control point in modern software supply chains. Dependency changes can substantially alter a project's security posture. As AI coding agents increasingly modify software via pull requests, it is unclear whether their dependency decisions introduce distinct...

Prompt injection is a problem that may never be fixed, warns NCSC

Prompt injection is shaping up to be one of the most stubborn problems in AI security, and the UK’s National Cyber Security Centre NCSC has warned that it may never be “fixed” in the way SQL injection was. Two years ago, the NCSC said prompt injection might turn out to be the “SQL injection of th...

EUVD-2025-200120

Portkey.ai Gateway: Server-Side Request Forgery SSRF in Custom Host...

EchoGram Flaw Bypasses Guardrails in Major LLMs

HiddenLayer reveals the EchoGram vulnerability, which bypasses safety guardrails on GPT-5.1 and other major LLMs, giving security teams just a 3-month head start...

Atlas browser’s Omnibox opens up new privacy and security risks

It seems that with every new agentic browser we discover yet another way to abuse one. OpenAI recently introduced a ChatGPT based AI browser called Atlas. It didn’t take researchers long to find that the combined search and prompt bar—called the Omnibox—can be exploited. By pasting a specially...

Hoist with His Own Petard: Inducing Guardrails to Facilitate Denial-Of-Service Attacks on Retrieval-Augmented Generation of LLMs

Whitepaper called Hoist With His Own Petard: Inducing Guardrails To Facilitate Denial-Of-Service Attacks On Retrieval-Augmented Generation Of LLMs...

DualBreach: Efficient Dual-Jailbreaking Via Target-Driven Initialization and Multi-Target Optimization

Recent research has focused on exploring the vulnerabilities of Large Language Models LLMs, aiming to elicit harmful and/or sensitive content from LLMs. However, due to the insufficient research on dual-jailbreaking -- attacks targeting both LLMs and Guardrails, the effectiveness of existing...

Race Condition Attacks against LLMs

These are two attacks against the system components surrounding LLMs: We propose that LLM Flowbreaking, following jailbreaking and prompt injection, joins as the third on the growing list of LLM attack types. Flowbreaking is less about whether prompt or response guardrails can be bypassed, and mo...