Lucene search
K

18 matches found

Snyk
Snyk
added 2026/06/18 2:26 p.m.4 views

Incorrect Authorization

Overview praisonai is a PraisonAI TypeScript AI Agents Framework - Node.js, npm, and Javascript AI Agents Framework Affected versions of this package are vulnerable to Incorrect Authorization due to the approval callback onToolCall being invoked only after the execution of tools in the AgentLoop...

8.8CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50534

Name of the Vulnerable Software and Affected Versions Network-AI versions prior to 5.7.2 Description The MCP SSE server allows unauthenticated cross-origin MCP tool invocation because the server defaults to an empty secret and the isAuthorized function returns true when the secret is empty. While...

9.1CVSS5.2AI score0.00297EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2026/05/15 12:0 a.m.13 views

From AI-Generated Content to Agentic Action: Security and Safety Threats in Generative AI

Generative AI systems are increasingly used not only to produce content but also to retrieve data, invoke tools, and execute actions. This work examines the security and safety implications of that shift across content-level, model-level, and agentic threats. We analyze how attacker access...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/10 12:0 a.m.12 views

Oracle Poisoning: Corrupting Knowledge Graphs to Weaponise AI Agent Reasoning

We define Oracle Poisoning, an attack class in which an adversary corrupts a structured knowledge graph that AI agents query at runtime via tool-use protocols, causing incorrect conclusions through correct reasoning. Unlike prompt injection, Oracle Poisoning manipulates the data agents reason ove...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/04 11:58 a.m.15 views

2026: The Year of AI-Assisted Attacks

On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan's largest internet cafe chain. When asked, the young man shared his...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.5 views

Your LLM Agent Can Leak Your Data: Data Exfiltration Via Backdoored Tool Use

Tool-use large language model LLM agents are increasingly deployed to support sensitive workflows, relying on tool calls for retrieval, external API access, and session memory management. While prior research has examined various threats, the risk of systematic data exfiltration by backdoored...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/02 12:0 a.m.2 views

AgentWatcher: A Rule-Based Prompt Injection Monitor

Large language models LLMs and their applications, such as agents, are highly vulnerable to prompt injection attacks. State-of-the-art prompt injection detection methods have the following limitations: 1 their effectiveness degrades significantly as context length increases, and 2 they lack...

5.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/30 4:0 p.m.7 views

Addressing the OWASP Top 10 Risks in Agentic AI with Microsoft Copilot Studio

Agentic AI is moving fast from pilots to production. That shift changes the security conversation. These systems do not just generate content. They can retrieve sensitive data, invoke tools, and take action using real identities and permissions. When something goes wrong, the failure is not limit...

6.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.5 views

CVE-2026-30856

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

5.9CVSS5.9AI score0.00255EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/02/26 12:0 a.m.13 views

Reverse CAPTCHA: Evaluating LLM Susceptibility to Invisible Unicode Instruction Injection

We introduce Reverse CAPTCHA, an evaluation framework that tests whether large language models follow invisible Unicode-encoded instructions embedded in otherwise normal-looking text. Unlike traditional CAPTCHAs that distinguish humans from machines, our benchmark exploits a capability gap: model...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/15 12:0 a.m.4 views

AJAR: Adaptive Jailbreak Architecture for Red-Teaming

As Large Language Models LLMs evolve from static chatbots into autonomous agents capable of tool execution, the landscape of AI safety is shifting from content moderation to action security. However, existing red-teaming frameworks remain bifurcated: they either focus on rigid, script-based text...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/07 12:0 a.m.12 views

The Evolution of Agentic AI in Cybersecurity: From Single LLM Reasoners to Multi-Agent Systems and Autonomous Pipelines

Cybersecurity has become one of the earliest adopters of agentic AI, as security operations centers increasingly rely on multi-step reasoning, tool-driven analysis, and rapid decision-making under pressure. While individual large language models can summarize alerts or interpret unstructured...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/02 12:0 a.m.7 views

SoK: Measuring What Matters for Closed-Loop Security Agents

Cybersecurity is a relentless arms race, with AI driven offensive systems evolving faster than traditional defenses can adapt. Research and tooling remain fragmented across isolated defensive functions, creating blind spots that adversaries exploit. Autonomous agents capable of integrating, explo...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/29 12:0 a.m.4 views

STAC: When Innocent Tools Form Dangerous Chains to Jailbreak LLM Agents

As LLMs advance into autonomous agents with tool-use capabilities, they introduce security challenges that extend beyond traditional content-based LLM safety concerns. This paper introduces Sequential Tool Attack Chaining STAC, a novel multi-turn attack framework that exploits agent tool use. STA...

7.4AI score
Exploits0
Snyk
Snyk
added 2025/09/11 11:26 p.m.5 views

Origin Validation Error

Overview mcp-neo4j-cypher is an A simple Neo4j MCP server Affected versions of this package are vulnerable to Origin Validation Error via the lack of proper origin validation in the server's request handling. An attacker can execute unauthorized tool invocations against locally running instances ...

7.4CVSS6.8AI score0.00206EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.6 views

PentestJudge: Judging Agent Behavior against Operational Requirements

We introduce PentestJudge, a system for evaluating the operations of penetration testing agents. PentestJudge is a large language model LLM-as-judge with access to tools that allow it to consume arbitrary trajectories of agent states and tool call history to determine whether a security agent's...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.8 views

Lessons from Defending Gemini against Indirect Prompt Injections

Gemini is increasingly used to perform tasks on behalf of users, where function-calling and tool-use capabilities enable the model to access user data. Some tools, however, require access to untrusted data introducing risk. Adversaries can embed malicious instructions in untrusted data which caus...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/01/09 11:55 a.m.8 views

Product Walkthrough: How Reco Discovers Shadow AI in SaaS

As SaaS providers race to integrate AI into their product offerings to stay competitive and relevant, a new challenge has emerged in the world of AI: shadow AI. Shadow AI refers to the unauthorized use of AI tools and copilots at organizations. For example, a developer using ChatGPT to assist wit...

6.8AI score
Exploits0
Rows per page
Query Builder