AI Agents May Always Fall for Prompt Injections

Prompt injection is the most critical vulnerability in deployed AI agents. Despite recent progress, we show that the prevailing defense paradigm data-instruction separation both fails to detect attacks that operate through contextual manipulation and degrades contextually appropriate behavior. We...

Ghost in the Agent: Redefining Information Flow Tracking for LLM Agents

Autonomous Large Language Model LLM agents are increasingly deployed to conduct complex tasks by interacting with external tools, APIs, and memory stores. However, processing untrusted external data exposes these agents to severe security threats, such as indirect prompt injection and unauthorize...

[SECURITY] Fedora 44 Update: kf6-purpose-6.25.0-1.fc44

Purpose offers the possibility to create integrate services and actions on any application without having to implement them specifically. Purpose will offer them mechanisms to list the different alternatives to execute given the requested action type and will facilitate components so that all the...

angr (>=9.2.187 <=9.2.214), angr-management (>=9.2.187 <=9.2.214) +25 more potentially affected by unknown CVE via uefi-firmware (=1.11.0)

uefi-firmware PYPI version =1.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on uefi-firmware and may be impacted: - angr =9.2.187, =9.2.187, =1.0.0rc2, =1.0.7, =1.0.4, =9.2.7, =0.0.1, =9.2.187, =1.0.3, =0.1.0, =2.3.2, =0.1.0, =0.1.5 and more Source...

Optimizing Agent Planning for Security and Autonomy

Indirect prompt injection attacks threaten AI agents that execute consequential actions, motivating deterministic system-level defenses. Such defenses can provably block unsafe actions by enforcing confidentiality and integrity policies, but currently appear costly: they reduce task completion...

SecIC3: Customizing IC3 for Hardware Security Verification

Recent years have seen significant advances in using formal verification to check hardware security properties. Of particular practical interest are checking confidentiality and integrity of secrets, by checking that there is no information flow between the secrets and observable outputs. A...

EUVD-2022-24821

Malicious code in bioql PyPI...

Securing AI Agents with Information-Flow Control

As AI agents become increasingly autonomous and capable, ensuring their security against vulnerabilities such as prompt injection becomes critical. This paper explores the use of information-flow control IFC to provide security guarantees for AI agents. We present a formal model to reason about t...

Securing P4 Programs by Information Flow Control

Software-Defined Networking SDN has transformed network architectures by decoupling the control and data-planes, enabling fine-grained control over packet processing and forwarding. P4, a language designed for programming data-plane devices, allows developers to define custom packet processing...

ACE: a Security Architecture for LLM-Integrated App Systems

LLM-integrated app systems extend the utility of Large Language Models LLMs with third-party apps that are invoked by a system LLM using interleaved planning and execution phases to answer user queries. These systems introduce new attack vectors where malicious apps can cause integrity violation ...

An Algebraic Approach to Asymmetric Delegation and Polymorphic Label Inference (Technical Report)

Language-based information flow control IFC enables reasoning about and enforcing security policies in decentralized applications. While information flow properties are relatively extensional and compositional, designing expressive systems that enforce such properties remains challenging. In...

DejaVuzz: Disclosing Transient Execution Bugs with Dynamic Swappable Memory and Differential Information Flow Tracking Assisted Processor Fuzzing

Transient execution vulnerabilities have emerged as a critical threat to modern processors. Hardware fuzzing testing techniques have recently shown promising results in discovering transient execution bugs in large-scale out-of-order processor designs. However, their poor microarchitectural...

AIs as Trusted Third Parties

This is a truly fascinating paper: "Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography." The basic idea is that AIs can act as trusted third parties: Abstract: We often interact with untrusted parties. Prioritization of privacy can limit t...

CVE-2022-1523

Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a write-what-where condition, which could allow an attacker to overwrite program memory to manipulate the flow of information...

CVE-2022-1523

Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a write-what-where condition, which could allow an attacker to overwrite program memory to manipulate the flow of information...

Fuji Electric D300win 缓冲区错误漏洞

The Fuji Electric D300win is a PLC product and solution from Fuji Electric Japan. A security vulnerability exists in the Fuji Electric D300win that stems from vulnerability to a write-what-where condition, which can be exploited by an attacker to overwrite program memory in order to manipulate th...

OrbiTeam BSCW Server XSS / LFI / User Enumeration Vulnerabilities

OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below suffer from path traversal, cross site scripting, HTTP header, session object manipulation, local file inclusion, and user enumeration vulnerabilities...

API Securing in 2021 — Top 10 Best Practices

API Securing in 2021📋 — Top 10 Best Practices I love drawing inspiration from real life and todays article is no different. I often get asked the question on how to hack an API but what some people don’t realise is that almost everything is connected to an API these days, even the smart fridges i...

SQL Injection Vulnerability in the infoflowId Parameter of Wave Software Administrative Services System

The Administrative Service System ASS is a comprehensive administrative service system that integrates information and consultation, approval and charging, management and coordination, and complaints and supervision. A SQL injection vulnerability exists in the infoflowId parameter of the Wave...