AI/MLBrowser extensions could be used to exploit AI tools, researchers sayLaura FrenchAugust 1, 2025Extensions with no special permissions could potentially inject prompts and extract data.
Application securityExcessive agency in AI: Why LLMs still need a human teammateOWASP GenAI Security Project Team July 31, 2025Excessive AI autonomy poses security risks — experts say human-AI teamwork is the safer path.
AI/MLLLMs make insecure coding choices for 45% of tasks, study findsLaura FrenchJuly 30, 2025Model size and release date were not found to significantly improve security performance.
AI/MLGoogle fixes Gemini CLI flaws that risked silent data exfiltrationLaura FrenchJuly 28, 2025Shell commands could have been executed without user permission or knowledge.
Application securityLLM plugin vulnerabilities highlight growing threat to AI ecosystemsOWASP GenAI Security Project Team July 25, 2025Insecure LLM plugin design opens doors to data leaks and remote code execution.
Application securityOWASP’s cure for a sick AI supply chainOWASP GenAI Security Project Team July 17, 2025OWASP doesn’t just name supply chain attacks a top AI threat, it shows exactly how to stop them. This is the fix, straight from the source.
Application securityInside an AI supply chain meltdownOWASP GenAI Security Project Team July 17, 2025OWASP ranks supply chain attacks among the top AI security threats. Here’s what’s going wrong and why no one’s catching it in time.
