
In the brief history of AI security, the prompt injection has quickly become the top threat. Large language models are inherently unable to distinguish between legitimate instructions provided by users and malicious ones sneaked into emails, source code, and other third-party content the models are processing. This makes it trivial to surreptitiously inject malicious commands that the LLM readily follows. With no way to enforce this crucial boundary between trusted and untrusted sources, AI engi
Large language models used in coding assistants have a fundamental flaw: they frequently hallucinate, or fabricate, the incorrect location of code repositories and resources when asked to retrieve them. Attackers can exploit this tendency by registering the fake names that LLMs are most likely to hallucinate and seeding them with malicious code that installs reverse shells on users' devices. This attack, called HalluSquatting, enables criminals to compromise large numbers of devices at scale without targeting each one individually, making it possible to assemble botnets, launch ransomware campaigns, and conduct distributed denial-of-service attacks. The vulnerability stems from LLMs' inability to distinguish between accurate information and fabricated responses, and researchers found the flaw is present across all major LLM models.

Verity Harding tells WIRED that the US government’s nationalistic attitude toward AI is evidence that a worst-case scenario is taking shape.

Joshua Achiam spent nearly nine years at OpenAI researching AI safety and made a memorable appearance in the Musk v. Altman trial.

The company confirmed that the issue had been affecting accounts since May, with an additional 200 users banned over the weekend before its team identified and fixed the problem.
Want to go deeper than the news? Explore live, cohort-based AI courses taught by practitioners.
Browse AI courses on Maven