Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in Capsule Security's testing, data exfiltrated anyway. Here's what security ...

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal — and don't — about agent runtime protection.
TechRepublic

GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’

A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and inject malicious HTML. GitLab has since patched the issue. A newly disclosed vulnerability in GitLab Duo ...
SiliconANGLE

Synopsys researchers uncover prompt injection vulnerability in EmailGPT

The emergence of generative artificial intelligence services has produced a steady increase in what is typically referred to as “prompt injection” hacks, manipulating large language models through ...

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

How indirect prompt injection attacks on AI work - and 6 ways to shut them down ...
SecurityWeek

Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover

ClaudeBleed, a vulnerability in Claude in Chrome, allows malicious extensions to hijack the AI agent for nefarious purposes.
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...
Bleeping Computer

Latest Prompt Injection news

Using only natural language instructions, researchers were able to bypass Google Gemini's defenses against malicious prompt injection and create misleading events to leak private Calendar data. With ...
Infosecurity-magazine.com

Gemini Trifecta Highlights Dangers of Indirect Prompt Injection

Network defenders must start treating AI integrations as active threat surfaces, experts have warned after revealing three new vulnerabilities in Google Gemini. Tenable dubbed its latest discovery the ...

There’s no rogue McDonald’s AI bot, but ‘prompt injection’ is still a risk for companies

People hacking branded AI bots can result in significant reputational, financial, and legal consequences. There appears to be a recent epidemic of users hijacking companies’ AI-powered customer ...
Infosecurity-magazine.com

EmailGPT Exposed to Prompt Injection Attacks

A new vulnerability has been found in the EmailGPT service, a Google Chrome extension and API service that utilizes OpenAI’s GPT models to assist users writing emails within Gmail. The flaw discovered ...
TechSpot

ChatGPT vulnerability allows hackers to record your sessions indefinitely

Facepalm: "The code is TrustNoAI." This is a phrase that a white hat hacker recently used while demonstrating how he could exploit ChatGPT to steal anyone's data. So, it might be a code we should all ...