appsec.fyi

AI Resources

Post Share

A curated AppSec resource library covering XSS, SQLi, SSRF, IDOR, RCE, XXE, OSINT, and more.

AI

AI security encompasses both protecting AI systems from attack and understanding the new vulnerability classes that AI introduces into applications. As organizations rapidly integrate large language models (LLMs), machine learning pipelines, and AI-powered features into their products, the attack surface has expanded in ways that traditional application security frameworks don't fully address.

Key threats to AI systems include prompt injection — where attackers manipulate LLM behavior through crafted inputs — data poisoning of training datasets, model extraction through repeated API queries, and adversarial examples that cause misclassification. Indirect prompt injection, where malicious instructions are embedded in data the AI processes (emails, documents, web pages), is emerging as one of the most significant security challenges for AI-integrated applications.

AI also introduces new categories of application risk: insecure output handling where LLM responses are rendered unsafely, excessive agency when AI agents are given too much access, sensitive information disclosure through training data leakage, and supply chain risks from fine-tuned models and third-party plugins. The OWASP Top 10 for LLM Applications provides a structured framework for understanding these risks.

On the defensive side, AI is being used to enhance security operations — automating vulnerability detection, analyzing malicious patterns, and accelerating incident response.

This page collects AI security research, LLM vulnerability techniques, defensive strategies, and resources covering the intersection of artificial intelligence and application security.

Read the AI guideA long-form, source-cited deep dive synthesized from every resource below.
Date Added Link Excerpt
2026-07-01 NEW 2026AI Agent Security: 6 Risks to Address and How to Do It intermediateAI Agent Security: 6 Risks to Address and How to Do It https://ift.tt/w9PbH0g → wiz.io
2026-07-01 NEW 2026How LLMs are changing Bug Bounty: An interview with Rhynorater news Bug BountyHow LLMs are changing Bug Bounty: An interview with Rhynorater → yeswehack.com
2026-07-01 NEW 2026IEEE Cloud Summit 2026: The Tunnels No One Mapped newsThe IEEE Cloud Summit 2026 highlighted critical cloud security challenges. Key takeaways include the emerging risks of agentic AI, the dangers of over-permissioned identities, and the importance of robust Kubernetes policy enforcement. The summit also delved into cloud forensics techniques, offering valuable insights for securing cloud environments. → blog.gitguardian.com
2026-07-01 NEW 2026Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector advanced Supply ChainAttackers can exploit LLM domain hallucinations through phantom squatting to target supply chains. Read the analysis to learn more. The post Phantom Squatting: AI-Hallucinated Domains as a Software Su... → unit42.paloaltonetworks.com
2026-07-01 NEW 2026Generative AI Security: Risks & Best Practices beginner 9 min readLibrary outlining generative AI security, detailing risks like prompt injection, data poisoning, hallucinations, and compliance challenges. It highlights frameworks such as OWASP Top 10 for LLM Applications, NIST AI Risk Management Framework, MITRE ATLAS, and Gartner AI TRiSM, alongside essential practices like AI-BOM, zero-trust, and AI Security Posture Management for a comprehensive defense strategy against threats such as cross-tenant data leakage observed in Replicate. → wiz.io
2026-06-30 NEW 2026Snyk VulnBench JS 1.0: Can LLMs Find the Same Bugs Twice? intermediate 12 min readLibrary of tests for Snyk VulnBench JS 1.0, evaluating LLM security review repeatability by measuring consistency of findings on JavaScript code. The benchmark uses small Express applications and compares LLM outputs against Snyk Code SAST reference vulnerabilities, revealing that LLM-generated findings are inconsistently repeatable, particularly those outside the established reference set, unlike the deterministic output of traditional SAST tools. → snyk.io
2026-06-30 NEW 2026Reconnaissance for exposure management: why context matters in the AI era beginner 7 min read ReconSurvey of reconnaissance strategies highlighting their critical role in exposure management, particularly in the AI era. The article emphasizes how detailed reconnaissance, including identifying host naming conventions, certificate and DNS history, staging surfaces, and OAuth/SSO chains, provides crucial context for targeted vulnerability discovery. It argues that human curiosity and contextual understanding, amplified by AI, are more valuable than pure speed, as attackers generate intelligence by observing system behavior, unexpected relationships, and subtle inconsistencies that automated tools often miss, making reconnaissance a strategic foresight activity. → intigriti.com
2026-06-29 NEW 2026Security researchers tricked LLMs into giving them cocaine recipes by abusing role models for prompt injection beginnerSecurity researchers have discovered a way to trick Large Language Models (LLMs) into generating instructions for illegal activities, such as creating cocaine. By manipulating the LLMs' understanding of "role models" through prompt injection, they could bypass safety filters. This research highlights a vulnerability in current LLM safety mechanisms, demonstrating that sophisticated users can circumvent intended restrictions. The specific payout amount for this research was not mentioned in the provided content. → theregister.com
2026-06-29 NEW 2026Prompt Injection Attacks Are Now in Production: What We Learned from Real Breaches beginnerPrompt injection attacks, a significant vulnerability in AI systems, have moved from theoretical to practical, impacting production environments. These attacks exploit the way language models process instructions, tricking them into performing unintended actions or revealing sensitive information. Researchers have observed real-world breaches, highlighting the urgent need for robust defenses. The evolving nature of these attacks necessitates continuous monitoring and adaptation of security strategies to protect AI systems from malicious manipulation. → securityboulevard.com
2026-06-29 NEW 2026I tried a Local AI model (Qwen 3.6 27b) for security research and it works surprisingly well. intermediate 6 min readLibrary for local AI models that leverages a custom harness to process individual source code files with context, proving effective in identifying vulnerabilities like the authenticated LFI in PHPIPAM (CVE-2026-12194) and authenticated RCE in myVesta, outperforming Semgrep, cloud-based AI agents, and skill-based code review approaches by focusing on file-by-file analysis rather than entire codebase reviews.
2026-06-27 NEW 2026Defending Your Enterprise at the Speed of AI beginner 6 min readLibrary enhancing enterprise AI security by addressing agent identity, data protection, and platform-level controls. It introduces features like Agent Identity for auditability, Horizon AI Guardrails for prompt injection defense, and CoCo CLI Sandbox for code execution isolation. Data exfiltration protection includes Data Movement Policies and Detection, while ransomware protection utilizes Multi-Party Approval and immutable Backups. These capabilities aim to secure AI agents and the entire data estate, enabling responsible AI adoption and regulatory compliance.
2026-06-27 NEW 2026North Korea macOS Malware Targets AI Analyst Tools: Gaslight Embeds 38 Fake Error Messages news 8 min readLibrary that implements a novel prompt injection technique to deceive AI-assisted malware analysis tools. macOS.Gaslight, developed by North Korean actors, embeds 38 fake error messages designed to trigger LLM triage harnesses into aborting or refusing analysis sessions, rather than evading sandboxes. This method targets the AI's perception of its own state, a departure from traditional anti-analysis techniques, and represents a significant evolution in attacker tradecraft within the burgeoning field of agentic AI security, a top risk identified by OWASP. → techtimes.com
2026-06-27 NEW 2026MCP Auto-Execution: From Git Clone to Cloud Compromise in Amazon Q VS Code Extension advanced 6 min read RCETool that exploits a critical vulnerability in Amazon Q Developer Extension for VS Code, enabling arbitrary code execution and cloud credential theft by automatically loading MCP server configurations from malicious repositories without user consent. This vulnerability, similar to others found in AI coding tools, allowed attackers to compromise developer environments and cloud infrastructure, highlighting systemic risks in MCP auto-execution and the need for explicit consent before executing code. → wiz.io
2026-06-26 NEW 2026Gaslight macOS Malware and the AI Triage Blind Spot advanced 3 min readAnalysis of the Gaslight macOS malware details its novel technique of embedding 38 fabricated error messages designed to confuse LLM-assisted triage systems. This Rust-based backdoor, attributed to a North Korean-linked cluster, targets the AI analysis output stage rather than traditional sandboxes. While current production AI platforms were unaffected, this adversarial approach highlights the evolving threat landscape as malware authors adapt to defensive tooling, demonstrating an iterated progression from earlier evasion methods.
2026-06-26 NEW 2026Wiz at Google Next: Machine-Speed Defense for Any Cloud, Any Platform, Any AI news 8 min readLibrary for securing AI applications, the Wiz AI Application Protection Platform (AI-APP) provides machine-speed defense across cloud and AI environments. It extends coverage to AI-generated code, AI and agent studios, and multi-cloud PaaS platforms like Databricks and AWS Agentcore. New capabilities include Wiz AI-BOM for inventorying AI frameworks and IDE extensions, Secure Guardrails to inject organizational security policies into AI-generated code, and the Red Agent for proactive vulnerability discovery by simulating intelligent attackers. The platform also integrates with a Technology Intel Center for centralized updates on cloud and AI tech providers. → wiz.io
2026-06-26 NEW 2026Red Agent and Claude Opus: Securing Production Targets at Scale news 3 min readTool using Anthropic Claude Opus to uncover exploitable risks at scale by analyzing application logic, chaining attack steps, and adapting patterns to real-time responses. Wiz Red Agent scans over 150,000 production web applications and APIs weekly, processing 115 billion+ tokens to find thousands of high and critical risks with zero false positives, leveraging Wiz Security Graph context for impact assessment and remediation. → wiz.io
2026-06-26 NEW 2026NVD in the AI Era: The Case for Multi-Source Vulnerability Intelligence news 8 min readLibrary for multi-source vulnerability intelligence, offering enriched data beyond the NVD's new risk-based triage model. It integrates data from diverse sources, including in-house research, threat intelligence, community contributions, and academic collaborations, further validated by AI-assisted human analysts. This approach provides critical clarity on vulnerable package versions, available fixes, cross-source risk assessments, and prioritization workflows, enabling organizations to make informed decisions even as the NVD narrows its enrichment scope for CVEs not in CISA's KEV Catalog or specific to U.S. federal government software. → snyk.io
2026-06-26 NEW 2026[tl;dr sec] #334 - Thinkst's Package Proxy, OpenAI Daybreak, AI Agents & Canaries news 10 min read Supply ChainLibrary for preventing supply chain attacks, Thinkst's Package Proxy redirects package manager requests through Cloudflare Workers to enforce security policies, including minimum package age and upload mechanism regression checks, without requiring client-side software. It also addresses vulnerabilities found in package managers, such as path traversal, argument injection, and unsafe deserialization, as well as registry-side issues like authorization bypass and account takeover. → tldrsec.com
2026-06-25 NEW 2026macOS.Gaslight Rust Backdoor Uses Prompt Injection to Mislead AI Malware Analysts advancedA new macOS backdoor, named macOS.Gaslight, has been discovered using Rust and employing prompt injection techniques. This sophisticated malware aims to trick AI-powered malware analysis tools by manipulating their responses. The attackers leverage prompt injection to make the AI believe it's dealing with legitimate or less harmful code, thereby evading detection. This highlights a growing trend of adversarial AI techniques being used in cyberattacks, posing new challenges for security professionals and automated analysis systems. No payout amount was mentioned in the content. → cyberpress.org
2026-06-25 NEW 2026Choosing an AI-SPM tool: The four questions every security organization needs to ask beginner 4 min readTool for AI Security Posture Management (AI-SPM) that guides organizations in adopting AI responsibly. It prompts security teams to ask four critical questions: identifying all AI services and technologies in use, understanding associated risks (like data leakage evidenced by the 38TB exposed by Microsoft AI researchers, or model poisoning), prioritizing these risks based on context (e.g., a root-enabled notebook instance with sensitive training data), and detecting misuse within AI pipelines in near real-time. This approach enables secure AI innovation by providing visibility into the AI Bill of Materials (AI-BOM) and extending attack path analysis to AI. → wiz.io
2026-06-25 NEW 2026The top 10 AI security articles you must read in 2024 beginner 4 min readSurvey of AI security articles, highlighting techniques like divergence attacks on ChatGPT training data, adversarial machine learning, and jailbreaking LLMs via universal suffix attacks. It also covers the OWASP Top 10 for LLM applications, including Prompt Injection and Training Data Poisoning, as well as Llama Guard for input-output safeguarding, Semgrep and TruffleHog for analyzing ML research code, Cross Plugin Request Forgery in ChatGPT plugins, and Fuzzomatic for AI-driven fuzzing of Rust projects. The articles also address the security implications of Biden's AI Executive Order and the emergence of malicious LLM variants like WormGPT. → wiz.io
2026-06-25 NEW 2026Wiz extends its AI-SPM offering to OpenAI platform news 5 min readLibrary for AI Security Posture Management (AI-SPM) that extends coverage to the OpenAI platform via a new SaaS connector. This enables organizations to detect and mitigate risks within their OpenAI environments, including sensitive data in training datasets and misconfigurations. Wiz correlates OpenAI risks with cloud context, offering attack path analysis to prevent breaches from cloud infrastructure to AI models and vice-versa, providing visibility into AI-BOMs, users, and training data on the Wiz Security Graph. → wiz.io
2026-06-25 NEW 2026Wiz Research presents its latest report: “State of AI in the Cloud 2024” news 3 min readReport analyzing the state of AI in cloud environments, detailing key findings on the usage of generative AI and machine learning services. Over 70% of organizations now use managed AI services, with Azure OpenAI leading adoption and experiencing significant growth. While many organizations are experimenting, only 10% are heavy users, potentially due to cost and quotas. The report emphasizes building visibility into AI usage and fostering a culture of security ownership to manage the evolving attack surface. → wiz.io
2026-06-25 NEW 2026Claude Enterprise Meets the Security Graph: Wiz Integrates with Anthropic's Compliance API news 3 min readIntegration of Wiz with Anthropic's Claude Compliance API brings AI tool usage into the Wiz Security Graph. This feature discovers Claude Enterprise organizations, users, and their role bindings, alongside projects, attachments, chat counts, privacy settings, and ownership. It maps AI datasets connected to Claude projects, enabling security, compliance, and platform engineering teams to visualize relationships between AI resources, users, and the broader cloud environment for unified visibility and governance. → wiz.io
2026-06-25 NEW 2026Defending at Machine-Speed: Building AI Threat Readiness with Wiz beginner 7 min readLibrary for operationalizing AI threat readiness, focusing on speed and visibility. It utilizes Wiz ASM to reduce attack surface by detecting exploitable risk, the AI-powered Red Agent to autonomously discover logic-driven vulnerabilities at machine speed, and the Green Agent to automate remediation with code-to-cloud mapping and ownership context. Wiz Workflows scale response processes, while Wiz guardrails and WizOS implement prevention controls across the SDLC, including context-aware AI-SAST for deep code analysis and integration with external AI scanners like Gemini and Mythos. → wiz.io
2026-06-25 NEW 2026AI Threat Readiness Pillar 4: Detect and contain threats in real-time beginner 10 min readLibrary for real-time threat detection and containment, addressing AI-accelerated attacks and expanded attack surfaces. It emphasizes comprehensive telemetry across cloud control plane, AI workloads, and model input/output to provide full-context visibility. The library leverages AI for automated investigation and containment playbooks, crucial for modern security operations challenged by prompt injection, supply chain risks, and abuse of cloud-native AI services like Amazon Bedrock and Azure AI. → wiz.io
2026-06-25 NEW 2026How AI Is Rewriting the SecOps Playbook beginner 7 min readLibrary for understanding AI's impact on SecOps, emphasizing the shift from reactive to proactive security. It highlights the necessity of pre-existing, continuously updated environmental context for workloads and interactions across model, workload, and cloud layers. This approach enables rapid, AI-assisted incident response by correlating disparate signals and determining if behaviors deviate from intended functionality, providing defenders with a crucial advantage over attackers. → wiz.io
2026-06-25 NEW 2026Identiverse 2026: The Challenges Of Solving Identity For AI Agents At Scale beginner 11 min read AuthZReference from Identiverse 2026 highlights challenges in solving identity for AI agents at scale, discussing ownership, lifecycle management, and least privilege. Sessions addressed risks like unauthorized agent decisions, the need for agent identity before production, and secure credential management, emphasizing techniques such as intent-scoped, just-in-time access and eliminating secrets via SPIFFE-based attestation and per-workflow OIDC tokens. The discussion also noted how AI coding tools can inadvertently teach developers insecure practices, like using static credentials, and stressed the importance of architectural decisions to enforce secure paths and provenance tracking in agent-to-agent interactions. → blog.gitguardian.com
2026-06-25 NEW 2026How JFrog and NanoClaw are Bringing Software Supply Chain Security to the Age of Autonomous AI beginner 4 min read Supply ChainLibrary for securing autonomous AI agents, integrating the JFrog Platform with NanoClaw. This solution routes agent requests for packages, CLI tools, and MCP servers through JFrog registries in real-time. JFrog Curation evaluates requests against security policies, blocking compromised dependencies like those with critical CVEs, and enabling agents to automatically install clean alternatives via JFrog Catalog, ensuring continuous workflow with guided self-correction. → jfrog.com
2026-06-25 NEW 2026AI Finds Vulnerabilities. Security Experts Find Impact. beginner 10 min read Bug BountyWalkthrough of a web application security assessment detailing the interplay between AI and human expertise. AI, primarily Claude, accelerated tasks like tracing data flows and identifying entry points across approximately 30 source repositories, handling roughly 80% of the initial analysis. However, human judgment was crucial for validating findings, determining impact, and chaining vulnerabilities, as demonstrated in a phone-verification bypass that, when combined with reusable invitation codes, led to unlimited account creation. The assessment also highlighted AI's potential for providing confidently incorrect explanations, such as a plausible but impossible reasoning for a timing-based bug related to Redis caching, underscoring the continued necessity of expert analysis to uncover true security risks. → bishopfox.com
2026-06-24 20267 AI Security Testing Tools for LLMs Agents and AI Pipelines (2026) beginner 25 min readLibrary for AI security testing that shifts focus from static code to probabilistic reasoning, addressing vulnerabilities in LLM agents and AI pipelines. It emphasizes behavioral analysis and programmatic adversarial input generation to simulate complex attack scenarios, including multi-turn manipulations and indirect injections that bypass standard filters. The library aims to map entire AI pipelines, providing Code-to-Runtime traceability to distinguish theoretical jailbreaks from high-impact system exposures, and validating security throughout CI pipelines to catch behavioral regressions. → ox.security
2026-06-24 2026I compiled a unified LLM-CTF benchmark – 2,639 real data points from NeurIPS 2024 + original multi-agent runs advancedI compiled a unified LLM-CTF benchmark – 2,639 real data points from NeurIPS 2024 + original multi-agent runs
2026-06-24 2026Biden's AI Executive Order: What it says, and what it means for security teams beginner 11 min readAnalysis of Executive Order 14110 provides security teams with practical implications for AI development and deployment. Key directives include establishing rigorous NIST standards for red-team testing, prioritizing privacy-preserving techniques, and ensuring equitable AI use in the workforce. For the healthcare sector, it mandates safety programs and responsible AI development. The order also emphasizes fairness in criminal justice applications of AI, impacting areas like risk assessments and predictive policing. → wiz.io
2026-06-24 2026The New Security Control Point: Governing AI Agents Inside the Execution Loop intermediate 7 min readLibrary for governing AI agent behavior within the execution loop. It secures AI agents by observing actions before and after they occur, offering visibility into decisions made during tasks like executing shell commands, reading files, and making network requests. This session-aware approach enables detection of behavioral risks as agent workflows unfold, moving security closer to the decision point and allowing real-time governance of agent actions based on organizational policy. → snyk.io
2026-06-24 2026What nearly 10,000 developer environments reveal about agentic development risk intermediate 8 min read Supply ChainAnalysis of nearly 10,000 developer environments reveals significant risks in agentic development, with 43% of developers using multiple AI coding tools and 50.8% employing MCP servers. These configurations, along with agent skills (used by 22.8%), introduce a new supply chain layer where prompt injection findings and malicious code patterns are already present in active tooling. Traditional AppSec controls need expansion to govern these developer environments, as risks emerge before code commitment, impacting tools like Claude, Cursor, and VS Code extensions. → snyk.io
2026-06-24 2026Announcing Agentic Development Security (ADS) beginner 8 min readLibrary for Agentic Development Security (ADS) that secures AI-driven software development by embedding security directly into workflows. It provides visibility, governance, and control over tools agents use, their actions, and generated code. ADS addresses risks from dynamic, multi-step workflows and autonomous agent behavior, moving security from post-code analysis to real-time evaluation of agent supply chains, behavior, and generated code, preventing issues like the deletion of a production database by an AI agent with improper credentials and no guardrails. → snyk.io
2026-06-24 2026Stop Treating Coding Agent Plugins Like Settings: Introducing Agent Plugins Repositories beginner 4 min read Supply ChainLibrary for managing agent plugin repositories, addressing the security risks of uncontrolled distribution channels like GitHub repos and Slack commands. It highlights that plugins are executable software with no inherent versioning, provenance, or audit trail, making them vulnerable to supply-chain attacks similar to those seen with npm packages and Docker images. The library enables signed, immutable releases, unified access control, complete audit trails, and single-copy storage for agent assets, integrating them into existing CI/CD pipelines and offering a governed alternative to Git for hosting these executable assets. → jfrog.com
2026-06-24 2026OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat intermediate 10 min read Supply ChainAnalysis of persistent malicious skills on ClawHub reveals three distinct AI supply chain threat categories: infostealers like macOS cluw, evasion techniques involving inflated file sizes, and novel agentic threats including runtime affiliate injection and front-running for financial gain. This research identified five unblocked skills, which were subsequently reported and removed, highlighting the evolving risks in AI agent ecosystems beyond traditional software supply chain vulnerabilities. → unit42.paloaltonetworks.com
2026-06-23 2026Assessing Automated Prompt Injection Attacks in Agentic Environments advanced 1 min readAnalysis of automated prompt injection attacks against LLM agents, adapting white-box GCG and black-box TAP methods within the AgentDojo framework. The study found black-box optimization significantly outperformed gradient-based methods, with TAP's effectiveness influenced by the attacker model's general capability and safety tuning. Task-universal attacks transferred effectively to unseen domains, but attacks optimized on smaller models did not transfer to frontier models like GPT-5, indicating a model-dependent threat. → arxiv.org
2026-06-23 2026Wiz Enhances AI-SPM Support for Amazon Bedrock news 4 min readLibrary enhancing AI-SPM support for Amazon Bedrock. This offering provides AI-BOM visibility into Amazon Bedrock custom models and fine-tuned jobs, visualizing the model, training data, and access. It includes out-of-the-box configuration rules to assess Amazon Bedrock setup and detect misconfigurations, such as the absence of customer-managed encryption keys. Additionally, it extends attack path analysis to Amazon Bedrock, correlating vulnerabilities, misconfigurations, identities, data, and secrets to prioritize critical AI risks for secure generative AI application development. → wiz.io
2026-06-23 2026Wiz AI-SPM extends support to Microsoft Azure OpenAI Service models news 3 min readTool for Cloud Security Posture Management (CSPM) that extends support to Microsoft Azure OpenAI Service models. Wiz AI-SPM offers full visibility into AI pipelines and risks within Azure AI Services, including misconfiguration rules, detection of toxic combinations, and attack path analysis to identify potential lateral movement. It provides agentless inventory of all Azure AI services and technologies, allowing security teams to manage their use and map them on the Wiz Security Graph for end-to-end pipeline visibility. → wiz.io
2026-06-23 2026Why You Need a Security Companion for AI-Generated Code beginner 8 min readLibrary that emphasizes a holistic DevSecOps approach for AI-generated code, highlighting that GenAI assistants like Copilot can introduce numerous vulnerabilities, including CWE-78: OS Command Injection, CWE-330: Use of Insufficiently Random Values, and CWE-703: Improper Check or Handling of Exceptional Conditions. This library addresses the increased developer confidence in insecure AI-produced code and the critical need for faster, more intuitive security solutions to complement AI-driven development, ensuring secure coding practices without hindering productivity. → snyk.io
2026-06-23 2026Introducing Patch the Planet beginner 6 min read Bug BountyLibrary for collaborative open-source project hardening; it leverages frontier AI models like GPT-5.5-Cyber to discover vulnerabilities, with human experts orchestrating and triaging findings. This initiative, Patch the Planet, has addressed 19 projects including cURL, pyca, Sigstore, and Python, resulting in hundreds of bugs found and over 64 pull requests submitted. Patches extend beyond bug fixes to include new tests, fuzzing harnesses, CI security scanning, and supply-chain tooling, as demonstrated by work on python.org with zizmor integration and correctness fixes in RustCrypto. → blog.trailofbits.com
2026-06-22 2026OrcaRouter Releases AI Threat Report 2026 and Makes Its Security Controls Free Amid Rise in Prompt-Injection Attacks news 7 min readReport detailing the rise of prompt-injection attacks as the top risk to LLM applications, with OrcaRouter Security Research releasing its agent Firewall and input/output Guardrails for free. The report highlights incidents like EchoLeak (CVE-2025-32711) and chained CVE-2026-39987 exploitation, noting traditional security tools' inability to address these architectural vulnerabilities. OrcaRouter's gateway-level controls provide six layers of security, including scoped identity, input/output guardrails, and an action firewall, to mitigate risks across content and action planes, and align with upcoming regulations like the EU AI Act.
2026-06-22 2026Improve MTTR with Wiz’s AI-powered remediation guidance using Microsoft Azure OpenAI service news 4 min readLibrary that leverages Azure OpenAI Service for AI-generated remediation guidance. This feature enhances attack path analysis by correlating risks from the Wiz Security Graph and then uses GenAI models to provide tailored, copy-pasteable remediation steps for various environments including CLI, Terraform, and CloudFormation. This aims to significantly reduce Mean Time to Remediate (MTTR) and makes security more accessible to non-security teams. → wiz.io
2026-06-22 2026Wiz Research finds architecture risks that may compromise AI-as-a-Service providers and consequently risk customer data; works with Hugging Face on mitigations news 13 min readWriteup of AI-as-a-Service infrastructure risks, detailing how Wiz Research collaborated with Hugging Face to address vulnerabilities. The analysis highlights shared inference infrastructure takeover via malicious, pickle-serialized models and potential CI/CD pipeline compromise through malicious AI applications. These findings underscore the critical need for robust tenant separation and security practices within rapidly growing AI platforms to protect sensitive customer data and models from cross-tenant attacks. → wiz.io
2026-06-22 2026Boosting efficiency with Wiz's AI-driven remediation steps powered by Amazon Bedrock news 2 min readIntegration leveraging Amazon Bedrock provides AI-driven remediation guidance to enhance security and reduce mean time to remediate (MTTR). This solution analyzes Wiz Issues, which detect risks like vulnerabilities and misconfigurations, and generates actionable, copy-paste remediation steps for tools such as CLI, Terraform, and CloudFormation, empowering both security teams and developers to address risks efficiently. → wiz.io
2026-06-22 20264 Advantages of using AI code review beginner 5 min readLibrary for AI-powered code review that augments manual efforts to identify security vulnerabilities, performance bottlenecks, and code smells. It enhances Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) by analyzing vast codebases rapidly, reducing human error, and boosting developer productivity. Techniques like deep learning and pattern recognition help find known and unknown issues, with a human-in-the-loop approach to minimize false positives and negatives, exemplified by Snyk Code's AI semantic analysis. → snyk.io
2026-06-22 2026Nightfall AI and Snyk unite to deliver AI-powered secrets scanning for developers news 2 min read SecretsLibrary integrating Nightfall AI's advanced secrets scanning with Snyk's developer security platform. This partnership enables automated detection of PII, PHI, PCI, API keys, and other sensitive data across cloud environments and AI-generated code. Nightfall's AI-native capabilities offer over 100 data type detectors, context-aware alerts to reduce false positives, and developer-centric remediation, enhancing Snyk's ability to secure the software supply chain and application security posture. → snyk.io
2026-06-21 2026The risk in malicious AI models: Wiz Research discovers critical vulnerability in AI-as-a-Service provider, Replicate news 7 min readLibrary detailing a critical vulnerability in Replicate, an AI-as-a-service provider. The vulnerability, discovered by Wiz Research, allowed for remote code execution via a malicious Cog container. This RCE enabled attackers to access a shared Redis instance, then use TCP injection via tools like `rshijack` to bypass authentication and inject Lua scripts. These scripts could modify customer prompts and redirect webhook notifications, potentially leading to cross-tenant data leakage and interference with AI model predictions. → wiz.io

Frequently Asked Questions

What is prompt injection?
Prompt injection is an attack against applications that use large language models (LLMs). An attacker crafts input that overrides or manipulates the LLM's system instructions, causing it to perform unintended actions. Direct prompt injection targets the user input; indirect prompt injection embeds malicious instructions in data the LLM processes, such as emails or web pages.
What is the OWASP Top 10 for LLM Applications?
The OWASP Top 10 for LLM Applications identifies the most critical security risks for AI-powered applications, including prompt injection, insecure output handling, training data poisoning, model denial of service, supply chain vulnerabilities, sensitive information disclosure, insecure plugin design, excessive agency, overreliance, and model theft.
How do you secure AI-integrated applications?
Key practices include validating and sanitizing LLM outputs before rendering or executing them, implementing least-privilege access for AI agents, using guardrails to constrain model behavior, monitoring for prompt injection attempts, applying rate limiting, separating AI processing from privileged operations, and treating all LLM output as untrusted user input.

Weekly AppSec Digest

Get new resources delivered every Monday.