OWASP
PulseAugur coverage of OWASP — every cluster mentioning OWASP across labs, papers, and developer communities, ranked by signal.
- 2026-05-13 research_milestone OWASP added memory poisoning as a critical vulnerability (ASI06) to its Top 10 for Agentic Applications. source
19 day(s) with sentiment data
-
AI Agents Vulnerable to SSRF Attacks via IP Address Evasion
A security vulnerability exists in AI agents that rely on simple string matching to block access to internal cloud metadata endpoints like http://169.254.169.254/. Attackers can bypass these guards by using alternative …
-
AI agents vulnerable to credential leaks via vector database context poisoning
A security vulnerability known as Memory & Context Poisoning can occur in AI agents that store conversation histories in vector databases. If an agent encounters an error that includes sensitive information like API key…
-
Prompt injection: OWASP's top LLM risk and defense strategies
Prompt injection, identified by OWASP as the top risk for LLM applications, occurs when untrusted text manipulates a model into executing unintended instructions. This vulnerability can manifest directly through user in…
-
Hivebook launches public agent knowledge cache to solve AI bugs
A new platform called Hivebook has been developed to create a public, agent-readable cache of knowledge, addressing the issue of AI agents repeatedly encountering and forgetting solutions to common problems like CORS er…
-
LangChain apps vulnerable to prompt injection attacks
Prompt injection is a significant vulnerability in applications built with frameworks like LangChain, where user input can be manipulated to override system instructions. This occurs because LLMs process all input, incl…
-
Securing LLM Agents: Defending Against OWASP Top 10 with AWS Bedrock
This article discusses practical security measures for LLM agent flows, focusing on defending against the OWASP Top 10 vulnerabilities. The author details their implementation of security controls for agents built on AW…
-
AI branding weaponized for social engineering attacks, exploiting user trust
Threat actors are increasingly leveraging the hype and excitement around Artificial Intelligence to craft highly effective social engineering attacks. By impersonating AI tools like "copilots" or "assistants," attackers…
-
New MCP security tool finds trust boundaries, not prompt injection, are the real attack surface
A new security audit tool highlights that the primary attack surface for Machine Control Protocol (MCP) servers is not prompt injection, but rather the trust boundary where injected instructions translate into actual to…
-
LLM vulnerabilities explained by input stream and tool access
The article explains that most Large Language Model (LLM) vulnerabilities stem from two core issues: the model's inability to reliably distinguish between system prompts and user input, and the expanded attack surface c…
-
LLM prompt injection vulnerability rates vary widely across models
A security researcher tested five large language models (LLMs) for prompt injection vulnerabilities, finding that leak rates varied significantly from 0% to 90% depending on the model used. The tests revealed that disgu…
-
New layered security framework tackles prompt injection in RAG chatbots
Researchers have developed a novel three-layer security framework to combat prompt injection attacks in retrieval-augmented generation (RAG) chatbots. This framework addresses vulnerabilities at multiple stages of the i…
-
Developer integrates OWASP security audits into Claude Code workflow
A developer has created a custom command for Claude Code to perform automated security audits on files before deployment. This command prompts Claude to identify specific vulnerabilities such as SQL injection, cross-sit…
-
New tool prevents AI model rug-pulls by hashing tool definitions
A new method called mcp_pin.py has been developed to prevent "MCP tool drift," a security vulnerability where a server modifies a tool's description or inputSchema after a user has approved it. This technique, identifie…
-
Prompt injection remains top LLM vulnerability, new research shows
A new paper from arXiv details prompt injection attacks against open-source LLMs, finding that models like Stablelm2, Mistral, and Vicuña are highly vulnerable. The research proposes an Attack Success Probability (ASP) …
-
OWASP: Indirect Prompt Injection is Top LLM Risk for 2025
OWASP has identified prompt injection as the top risk for LLM applications in 2025, with indirect injection posing a significant threat to developers. This occurs when an attacker embeds malicious instructions within ex…
-
LLM Prompt Injection Defense Uses Delimiters
Prompt injection, a significant security risk for LLMs, occurs when untrusted user input is combined with system instructions in a single text block. To mitigate this, developers can use delimiters, such as XML-style ta…
-
OWASP releases new versions of AI-powered Docker security scanner
OWASP has released two new versions, v2026.6.11 and v2026.6.12, of its AI-powered Docker security scanner, DockSec. These updates aim to enhance the security scanning capabilities for Docker environments.
-
LLMs move beyond chat to spatial and embedded interfaces
Large language models are evolving beyond simple chat interfaces, with new developments focusing on canvas-style and branching UIs that treat conversations as navigable maps rather than linear transcripts. These interfa…
-
OWASP releases security risks for AI agents
OWASP has released its "Top 10 for Agentic Applications 2026," a new security taxonomy specifically for AI agents. This initiative aims to address the unique security challenges posed by AI agents, such as the potential…
-
LLM firms pivot to enterprise-grade systems with governance and security
Specialist LLM development firms are shifting focus from creating impressive demos to building auditable, secure production systems for enterprises. This evolution is driven by the need for robust governance, compliance…