Whispering poetry at AI can make it break its own rules

Most of the big AI makers don't like people using their models for unsavory activity. Ask one of the mainstream AI models how to make a bomb or create nerve gas and you'll get the standard "I don't help people do harmful things" response. That has spawned a cat-and-mouse game of people who try to...

EUVD-2025-27083

Malicious code in bioql PyPI...

CVE-2025-54382 Cherry Studio RCE Vulnerability Disclosure

Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution RCE vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’s implicit trust in the oauth auth redirecti...

Malicious code in model-providers (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3bc812776fc9ca2678deabf678d9dae58067e353d0d7131e35d68fa452ff57f5 The OpenSSF Package Analysis project identified 'model-providers' @...

MAL-2025-6105 Malicious code in model-providers (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3bc812776fc9ca2678deabf678d9dae58067e353d0d7131e35d68fa452ff57f5 The OpenSSF Package Analysis project identified 'model-providers' @...