Category
OpenAI shipped Lockdown Mode to ChatGPT this month. It doesn't stop prompt injection. It cuts the exfiltration path the injection needs to pay off, and that trust-boundary move is more honest than any detector.
Claude Code v2.1.160 added a prompt before writing to shell startup files that could otherwise lead to unintended command execution. The fix is correct. The two-year gap before it shipped is the real story.
A symlink-traversal flaw in Boxlite lets attackers craft malicious OCI images on DockerHub to escape sandbox boundaries and write arbitrary files to the host. Image trust is not transitive.
The critical SQL injection vulnerability in Strapi's content-type builder is not just a code flaw but a symptom of systemic weaknesses in AI agent security architectures.
Two critical CVEs expose fundamental flaws in AI agent security models, forcing a rethink of isolation strategies.
The discovery of OpenClaude's sandbox bypass vulnerability signals that traditional sandboxing approaches may no longer be sufficient for securing AI agents in production environments.
Claude’s recent codebase updates, marked only as 'internal fixes,' suggest a strategic shift toward silent hardening of the core runtime — a move that may reshape how AI frameworks approach security.
Claude's latest Code release introduces sweeping hardening measures, revealing a paradoxical strategy where security through complexity may be alienating the developers it aims to protect.
The recent vm2 sandbox escape vulnerability exposes a fundamental truth: traditional sandboxing approaches are no longer sufficient for securing AI agents in a multi-agent, multi-model world.
The vm2 sandbox escape vulnerability isn't just a Node.js bug — it's the latest signal that AI agents operating at scale will require entirely new security models, not incremental improvements on old ones.
Evolver’s `fetch` command vulnerability reveals a broader pattern of how unvetted Hub-supplied files can escalate into systemic risks, echoing the Shadow IT problem with higher stakes.
Four critical vulnerabilities in the VM2 sandbox library allow attackers to escape the sandbox and execute arbitrary code on host systems running Node.js 24 and 25.
