Lucene search
K

166 matches found

Packet Storm News
Packet Storm News
added 2026/05/05 12:0 a.m.7 views

Redefining AI Red Teaming in the Agentic Era: From Weeks to Hours

AI systems are entering critical domains like healthcare, finance, and defense, yet remain vulnerable to adversarial attacks. While AI red teaming is a primary defense, current approaches force operators into manual, library-specific workflows. Operators spend weeks hand-crafting workflows -...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/03 12:0 a.m.6 views

QASecClaw: A Multi-Agent LLM Approach for False Positive Reduction in Static Application Security Testing

Static Application Security Testing tools help developers find security vulnerabilities before release, but they often produce many false positives. This increases manual review effort, reduces developer trust, and may cause real vulnerabilities to be ignored among noisy reports. We present...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/03 12:0 a.m.14 views

CyberAId: AI-Driven Cybersecurity for Financial Service Providers

European financial institutions face mounting regulatory pressure while their security operations centres remain constrained not by data or staffing but by reasoning capacity: enterprise SIEMs cover only a fraction of MITRE ATT&CK techniques, two thirds of SOC teams cannot keep pace with alert...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/28 12:0 a.m.4 views

MARD: A Multi-Agent Framework for Robust Android Malware Detection

With the rapid evolution of Android applications, traditional machine learning-based detection models suffer from concept drift. Additionally, they are constrained by shallow features, lacking deep semantic understanding and interpretability of decisions. Although Large Language Models LLMs...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/27 12:0 a.m.6 views

MAS-SZZ: Multi-Agentic SZZ Algorithm for Vulnerability-Inducing Commit Identification

Accurate vulnerability-inducing commit identification serves as a foundation for a series of software security tasks, such as vulnerability detection and affected version analysis. A straightforward solution is the SZZ algorithm, which traces back through the code history to identify the earliest...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/26 12:0 a.m.7 views

Constraint-Guided Multi-Agent Decompilation for Executable Binary Recovery

Decompilation -- recovering source code from compiled binaries -- is essential for security analysis, malware reverse engineering, and legacy software maintenance. However, existing decompilers produce code that often fails to compile or execute correctly, limiting their practical utility. We...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/25 12:0 a.m.6 views

Architecture Matters for Multi-Agent Security

Multi-agent systems MAS, composed of networks of two or more autonomous AI agents, have become increasingly popular in production deployments, yet introduce security risks that do not arise in single-agent settings. Even if individual agents exhibit robust security, architectural decisions...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/24 12:0 a.m.8 views

Automation-Exploit: A Multi-Agent LLM Framework for Adaptive Offensive Security with Digital Twin-Based Risk-Mitigated Exploitation

The offensive security landscape is highly fragmented: enterprise platforms avoid memory-corruption vulnerabilities due to Denial of Service DoS risks, Automatic Exploit Generation AEG systems suffer from semantic blindness, and Large Language Model LLM agents face safety alignment filters and...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/22 12:0 a.m.9 views

Synthesizing Multi-Agent Harnesses for Vulnerability Discovery

LLM agents have begun to find real security vulnerabilities that human auditors and automated fuzzers missed for decades, in source-available targets where the analyst can build and instrument the code. In practice the work is split among several agents, wired together by a harness: the program...

8.8CVSS5.8AI score0.00395EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/04/21 9:14 a.m.94 views

PatchChain-Multi-Agent-Agentic-Pipeline-for-Autonomous-Code-Vulnerability-Analysis

No d...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/20 12:0 a.m.16 views

Security Is Relative: Training-Free Vulnerability Detection Via Multi-Agent Behavioral Contract Synthesis

Deep learning for vulnerability detection has shown promising results on early benchmarks, but recent evaluations reveal catastrophic degradation: models achieving F1 0.68 on legacy datasets collapse to 0.031 under strict deduplication. We identify the root cause as the semantic ambiguity problem...

5.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.16 views

PT-2026-37121

Name of the Vulnerable Software and Affected Versions praisonai versions prior to 4.6.9 praisonaiagents versions prior to 1.6.9 Description Multiple backends in the multi-agent teams system fail to validate input, leading to arbitrary SQL execution. Specifically, nine backends—MySQL, PostgreSQL,...

8.1CVSS6AI score0.00347EPSS
Exploits1References9
Spring Security Advisories
Spring Security Advisories
added 2026/04/15 12:0 a.m.6 views

Spring AI Agentic Patterns (Part 7): Session API — Event-Sourced Short-Term Memory with Context Compaction

A New Session API for Spring AI — Structured, Compactable, Multi-Agent-Ready Part 7 of theSpring AI Agentic Patterns series completes the memory picture. After covering Agent Skills, AskUserQuestionTool, TodoWriteTool, Subagent Orchestration, A2A Integration, and AutoMemoryTools for long-term...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/14 12:53 a.m.143 views

vulnswarm

VulnSwarm AI-powered vulnerability discovery using multi-agen...

8.8CVSS6AI score0.01915EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/04/13 11:53 a.m.120 views

Decepticon

⚡ Decepticon — Autonomous Multi-Agent Offensive Security !L...

5.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/04/10 4:18 p.m.8 views

The Increasing Role of AI in Vulnerability Research

At Wordfence, we run a bug bounty program that pays out mid-six figures per year to researchers in bug bounties for WordPress related vulnerabilities. Funding this research helps us improve security for the WordPress community overall, and helps us secure our customers by rolling out protection f...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.9 views

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained security vulnerabilities. These vulnerabilities stemmed from the MCP integration, which inherited complete environment variables when executing commands provid...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained a security vulnerability. This vulnerability stemmed from the automatic loading and execution of the tools.py file located in the working directory, which coul...

7.8CVSS6.2AI score0.00209EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/10 12:0 a.m.3 views

Event-Driven Temporal Graph Networks for Asynchronous Multi-Agent Cyber Defense in NetForge_RL

The transition of Multi-Agent Reinforcement Learning MARL policies from simulated cyber wargames to operational Security Operations Centers SOCs is fundamentally bottlenecked by the Sim2Real gap. Legacy simulators abstract away network protocol physics, rely on synchronous ticks, and provide clea...

5.8AI score
Exploits0
NVD
NVD
added 2026/04/09 10:16 p.m.10 views

CVE-2026-40149

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no authtoken is configured the default. By adding dangerous tool names e.g., shellexec, filewrite to the allowlist, a...

7.9CVSS0.00227EPSS
Exploits1References1
Rows per page
Query Builder