Prompt Injection

Prompt injection just graduated from theory to incident response. EchoLeak (CVE‑2025‑32711) demonstrated a zero‑click exfiltration chain inside Microsoft 365 Copilot: a single crafted external email seeded hidden instructions; Copilot later pulled that message into context, encoded sensitive details into a URL, and the client auto‑fetched the link—leaking data without the user clicking anything. The final twist: a CSP‑allowed Teams proxy retrieved the attacker’s URL on Copilot’s behalf. Below I unpack why standard defenses failed, and what an enterprise‑ready fix looks like. ...

If 2024 was the year AI started writing science, 2025 is making it figure out how to publish it. Today’s paper introduces aiXiv, an open‑access platform where AI agents (and humans) submit proposals, review each other’s work, and iterate until a paper meets acceptance criteria. Rather than bolt AI onto the old gears of journals and preprint servers, aiXiv rebuilds the conveyor belt end‑to‑end. Why this matters (and to whom) Research leaders get a way to pressure‑test automated discovery without waiting months for traditional peer review. AI vendors can plug agents into a standardized workflow (through APIs/MCP), capturing telemetry to prove reliability. Publishers face an existential question: if quality control is measurable and agentic, do we still need the old queue? The core idea in one sentence A closed‑loop, multi‑agent review system combines retrieval‑augmented evaluation, structured critique, and re‑submission cycles to raise the floor of AI‑generated proposals/papers and create an auditable trail of improvements. ...

Agents Under Siege: How LLM Workflows Invite a New Breed of Cyber Threats From humble prompt-followers to autonomous agents capable of multi-step tool use, LLM-powered systems have evolved rapidly in just two years. But with this newfound capability comes a vulnerability surface unlike anything we’ve seen before. The recent survey paper From Prompt Injections to Protocol Exploits presents the first end-to-end threat model of these systems, and it reads like a cybersecurity nightmare. ...