Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal — and don't — about agent runtime protection.
VentureBeat

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway

Microsoft assigned CVE-2026-21520, a CVSS 7.5 indirect prompt injection vulnerability, to Copilot Studio. Capsule Security discovered the flaw, coordinated disclosure with Microsoft, and the patch was ...
TechRepublic

Splunk Urges Australian Organisations to Secure LLMs

Prompt injection and data leakage are among the top threats posed by LLMs, but they can be mitigated using existing security logging technologies. Splunk’s SURGe team has assured Australian ...
Computerworld

Gemini for Chrome gets a second AI agent to watch over it

Google is deploying a second AI model to monitor its Gemini-powered Chrome browsing agent after acknowledging the agent could be tricked into taking unauthorized actions through prompt injection ...
Devdiscourse

Agentic AI red teaming could become essential for securing future AI systems: Here's why

Read more about Agentic AI red teaming could become essential for securing future AI systems: Here's why on Devdiscourse ...
CSO Online

Pen tests show AI security flaws far more severe than legacy software bugs

Penetration tests of AI systems expose significantly higher severe-flaw density when compared to legacy apps. New attack ...
Diginomica

Why we need to treat AI like a toddler - OWASP lists LLM vulnerabilities

You don't let kids just play with knives without teaching them how to use them...AI needs a similar approach. The Open Worldwide Application Security Project (OWASP) has started a new list detailing ...