Sib kontenut simili

📖LegalPwn: Exploiting AI Guardrails Through Legalese Researchers at security firm Pangea have revealed a new vulnerability in large language models (LLMs) called "LegalPwn". By embedding adversarial instructions in legal documents, attackers can bypass model safeguards and manipulate outputs. During testing, models initially flagged malicious code as dangerous but, after exposure to “legal” text containing hidden instructions, began classifying the same code as harmless — even recommending execution in some cases. Live tests showed "LegalPwn" could bypass AI-driven security tools like Google's gemini-cli, causing models to misclassify malicious scripts and, in one instance, suggest a reverse shell be run on the user’s system. While Anthropic’s Claude, Microsoft’s Phi, and Meta’s Llama Guard resisted the attack, OpenAI’s GPT-4o, Google’s Gemini 2.5, and xAI’s Grok were less successful. Pangea recommends countermeasures like adversarial training, enhanced input validation, and human-in-the-loop oversight to mitigate such risks. #AISecurity#AIEthics

📖AI Adoption and the Unseen Cost of Security Breaches A new Infosys survey reveals that 95% of executives worldwide have already faced security incidents linked to enterprise AI tools — with 77% of those incidents causing direct financial losses. These numbers highlight that security is not a theoretical risk but a measurable and recurring reality in the enterprise AI ecosystem. While many companies are moving forward with responsible AI initiatives, executives also voice growing concern about reputational damage tied to external use of these systems. #AISecurity#ResponsibleAI#AIGovernance

🇺🇸U.S. Targets Adversarial Distillation of AI Models The United States has issued a memo addressing risks of adversarial distillation of its AI models by foreign actors, with particular concern regarding activities linked to China. The document outlines federal measures aimed at countering unauthorized, industrial-scale extraction of model capabilities. Planned actions include sharing intelligence with U.S. AI companies on foreign distillation attempts, improving coordination within the private sector, and developing joint best practices to detect, mitigate, and respond to such activities. The government also plans to explore mechanisms to hold foreign actors accountable for large-scale distillation campaigns. The memo signals increased federal involvement in protecting AI systems from external exploitation and frames adversarial distillation as a growing issue in international AI competition. #AIRegulation#AISecurity#Geopolitics#AIGovernance#TechPolicy

🇫🇷🇩🇪Franco-German Guidance on Zero-Trust LLM Security France’s Agence nationale de la sécurité des systèmes d’information (ANSSI) and Germany’s Federal Office for Information Security (BSI) have jointly issued a paper on applying zero-trust principles to large language models. The document identifies common design vulnerabilities and operational risks in LLM deployment, stressing the need for a security architecture that assumes no implicit trust. The recommendations focus on three key safeguards: ✔️ restricting system access rights to the minimum necessary, ✔️ increasing transparency in algorithmic decision-making, and ✔️ ensuring continuous human oversight. This coordinated stance from two of Europe’s leading cybersecurity authorities signals a growing emphasis on proactive governance of AI systems at the infrastructure level. #AIsecurity#LLM#ZeroTrust#CyberRegulation

NIST Issues Urgent Report on Escalating Threat of AI Attacks Hello, dear subscribers! The National Institute of Standards and Technology (NIST) has released a critical report titled "Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations," sounding the alarm on the intensifying threat landscape targeting artificial intelligence systems. In the face of increasingly powerful yet vulnerable AI systems, the report outlines the technique of adversarial machine learning, wherein attackers manipulate AI systems through subtle tactics with potentially catastrophic consequences. The document categorizes these attacks based on attackers' goals, capabilities, and knowledge of the target AI system. Concerns include "data poisoning" and "backdoor attacks," exploiting vulnerabilities in AI system development and deployment. #NIST#AIAttacks#AISecurity#ThreatLandscape#MachineLearning**