153 matches found
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from a permission escalation vulnerability in the chat.send endpoint, allowing gatekeepers with write...
Human Trust of AI Agents
Interesting research: "Humans expect rationality and cooperation from LLM opponents in strategic games." Abstract: As Large Language Models LLMs integrate into our social and economic interactions, we need to deepen our understanding of how humans respond to LLMs opponents in strategic settings. ...
GHSA-F292-66H9-FPMF PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U Server
The A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. This is a separate component from the gateway server fixed in CVE-2026-34952. The createa2uroutes function registers the following endpoints with NO authentication checks: - GET /a2u/info —...
Stop Fixating on Prompts: Reasoning Hijacking and Constraint Tightening for Red-Teaming LLM Agents
With the widespread application of LLM-based agents across various domains, their complexity has introduced new security threats. Existing red-team methods mostly rely on modifying user prompts, which lack adaptability to new data and may impact the agent's performance. To address the challenge,...
From Incomplete Architecture to Quantified Risk: Multimodal LLM-Driven Security Assessment for Cyber-Physical Systems
Cyber-physical systems often contend with incomplete architectural documentation or outdated information resulting from legacy technologies, knowledge management gaps, and the complexity of integrating diverse subsystems over extended operational lifecycles. This architectural incompleteness...
VulnHive-AI
Pentest Agent AI-powered penetration testing agent using Clau...
pentest-agent
Pentest Agent AI-powered penetration testing agent using Clau...
Towards Unveiling Vulnerabilities of Large Reasoning Models in Machine Unlearning
Large language models LLMs possess strong semantic understanding, driving significant progress in data mining applications. This is further enhanced by large reasoning models LRMs, which provide explicit multi-step reasoning traces. On the other hand, the growing need for the right to be forgotte...
SecPI: Secure Code Generation with Reasoning Models Via Security Reasoning Internalization
Reasoning language models RLMs are increasingly used in programming. Yet, even state-of-the-art RLMs frequently introduce critical security vulnerabilities in generated code. Prior training-based approaches for secure code generation face a critical limitation that prevents their direct applicati...
Automating Cloud Security and Forensics through a Secure-By-Design Generative AI Framework
As cloud environments become increasingly complex, cybersecurity and forensic investigations must evolve to meet emerging threats. Large Language Models LLMs have shown promise in automating log analysis and reasoning tasks, yet they remain vulnerable to prompt injection attacks and lack forensic...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the chat.send process. An attacker can persist verbose output for future sessions and expose additional internal reasoning or tool output by leveraging...
Red-MIRROR: Agentic LLM-Based Autonomous Penetration Testing with Reflective Verification and Knowledge-Augmented Interaction
Web applications remain the dominant attack surface in cybersecurity, where vulnerabilities such as SQL injection, XSS, and business logic flaws continue to cause significant data breaches. While penetration testing is effective for identifying these weaknesses, traditional manual approaches are...
Finding Memory Leaks in C/C++ Programs Via Neuro-Symbolic Augmented Static Analysis
Memory leaks remain prevalent in real-world C/C++ software. Static analyzers such as CodeQL provide scalable program analysis but frequently miss such bugs because they cannot recognize project-specific custom memory-management functions and lack path-sensitive control-flow modeling. We present...
Beyond Content Safety: Real-Time Monitoring for Reasoning Vulnerabilities in Large Language Models
Large language models LLMs increasingly rely on explicit chain-of-thought CoT reasoning to solve complex tasks, yet the safety of the reasoning process itself remains largely unaddressed. Existing work on LLM safety focuses on content safety--detecting harmful, biased, or factually incorrect...
STRIATUM-CTF: A Protocol-Driven Agentic Framework for General-Purpose CTF Solving
Large Language Models LLMs have demonstrated potential in code generation, yet they struggle with the multi-step, stateful reasoning required for offensive cybersecurity operations. Existing research often relies on static benchmarks that fail to capture the dynamic nature of real-world...
The New Era of Application Security: Reasoning-Based Agents, Runtime Reality, and Risk Intelligence
Key Takeaways AI reasoning systems improve vulnerability detection in source code, but do not address the full spectrum of application security risk. Modern application security must account for APIs, runtime environments, and externally exposed assets beyond the source repository. Continuous...
Uncovering Security Threats and Architecting Defenses in Autonomous Agents: A Case Study of OpenClaw
The rapid evolution of Large Language Models LLMs into autonomous, tool-calling agents has fundamentally altered the cybersecurity landscape. Frameworks like OpenClaw grant AI systems operating-system-level permissions and the autonomy to execute complex workflows. This level of access creates...
pentesting-writeups
🔐 Pentesting Writeups Personal penetration testing document...
OSS-CRS: Liberating AIxCC Cyber Reasoning Systems for Real-World Open-Source Security
DARPA's AI Cyber Challenge AIxCC showed that cyber reasoning systems CRSs can go beyond vulnerability discovery to autonomously confirm and patch bugs: seven teams built such systems and open-sourced them after the competition. Yet all seven open-sourced CRSs remain largely unusable outside their...
BDO-Ontology
🧠 OntologyLab !Python 3.11+https://img.shields.io/badge/P...