All news with #ai data leakage tag

🔒 Smashing Security episode 463 examines two incidents that expose operational and AI security weaknesses: a claimed intrusion into Venice’s flood‑defence pump controls and an accidental full‑source disclosure by Anthropic. Hosts Graham Cluley and Tanya Janca discuss the physical risks of compromised legacy OT systems, how packaging/CI misconfigurations can leak high‑value IP and attack surface, and the governance challenges of powerful internal tools like Mythos. They recommend stronger CI/CD defaults, strict access controls for model assets, and reliable out‑of‑band incident communications.

🛡️ Security researchers have warned of malicious Chrome extensions that silently monitor and exfiltrate users' AI chat content. According to Expel, extensions watch open tabs and capture prompts and responses via API interception or DOM scraping before sending the data to external servers. Attackers either impersonate popular tools or convert legitimate extensions into malicious ones after building a user base. Organisations are urged to block unvetted AI extensions and centrally manage and audit extension use.

🔒 AI agents are transforming workflows but can act as an unmonitored access layer—an 'invisible employee' with broad privileges. In an upcoming webinar, Rahul Parwani, Head of Product for AI Security at Airia, will explain how attackers are manipulating agents to exfiltrate sensitive information and how to stop them. Attendees will learn the Dark Matter of identity, common manipulation techniques, and a practical safety blueprint to limit privileges, detect misuse, and prevent leaks. Reserve your spot to learn actionable defenses.

🔒 Socket's Threat Research Team discovered a supply chain worm, tracked as SANDWORM_MODE, spreading via typosquatted npm packages and compromised GitHub accounts while also manipulating local AI coding assistants. The malware harvested developer and CI credentials, injected rogue MCP servers into tools like Claude Desktop and VS Code Continue, and exfiltrated API keys for multiple large language model providers. Affected packages were removed and infrastructure disabled; developers should rotate credentials and audit CI workflows and local AI configurations.

🔐 Socket warns of an active supply-chain worm, codenamed SANDWORM_MODE, that abused at least 19 malicious npm packages to harvest developer credentials and cryptocurrency keys. The packages — many typosquatting legitimate modules and published by aliases official334 and javaorg — contain code to steal tokens, environment secrets and LLM API keys. The campaign also includes a weaponized GitHub Action, an optional home-directory wiper, and an McpInject component that targets AI coding assistants. Users should remove affected packages, rotate tokens, and audit repositories and CI workflows.

🔒 Most security leaders assume they know where sensitive data resides, but rapid AI adoption has created a new exposure surface in AI inference traffic. Prompts often contain source code, contracts, PII and proprietary workflows that flow through application layers, logs and third‑party services without classification or adequate controls. Traditional protections — transport encryption, legacy DLP and standard logging practices — frequently fail to prevent prompt leakage, producing an often invisible and growing enterprise risk.

⚠️A new report alleges two popular AI coding assistants, together used by roughly 1.5 million developers, are quietly copying everything they ingest to servers in China. Security researchers say the extensions capture editor content, code snippets, and related telemetry without clear user disclosure. The behavior appears systematic and persistent rather than incidental. Until vendors provide transparent remediation, developers and organizations should avoid unvetted extensions and perform immediate audits and containment.

🛡️ The acting director of the U.S. Cybersecurity and Infrastructure Security Agency uploaded multiple for official use only (FOUO) contracting documents to the public version of ChatGPT between mid‑July and early August 2025, triggering automated DHS security alerts. Sensors detected the activity in early August, generating several alerts in the first week and prompting an internal review. The uploads—containing contracting information not intended for public release—underscore gaps in AI governance and exception handling for senior officials at CISA.

🤝 Cloudflare has acquired Human Native, a UK AI data marketplace that converts multimedia into licensed, structured datasets for AI developers. The team will help Cloudflare expand tools like AI Crawl Control, Pay Per Crawl and the AI Index, enabling publishers to expose structured updates and control access. It emphasizes licensed, high-quality data, creator compensation and greater control over how content is used by AI systems.

🧟 Researchers disclosed 'ZombieAgent' techniques that turned ChatGPT Connectors into covert data-exfiltration and persistent backdoor vectors. By embedding hidden prompts in emails, documents and cloud files, attackers could cause the model to retrieve and transmit sensitive content without users’ awareness. The team demonstrated URL-dictionary and Markdown-based exfiltration and showed how Memory modifications could create long-lived backdoors; OpenAI patched the issues in December.

🔒 A recent analysis by koi.ai, highlighted by Bruce Schneier and Boing Boing, reports that the Urban VPN Proxy browser extension is surreptitiously intercepting conversations across multiple AI services. The extension embeds dedicated executor scripts for ten AI platforms and captures every prompt, every response, conversation identifiers, timestamps, session metadata, and the specific model or platform used. Harvesting is enabled by default via hardcoded flags and runs continuously in the background regardless of whether the VPN is active; there is no user-facing toggle and the only effective remediation is to uninstall the extension.

🚨 A Google Chrome extension carrying a "Featured" badge, Urban VPN Proxy, has been found silently harvesting prompts and responses from major AI chat services and sending them to remote analytics servers. The extension — installed by roughly six million Chrome users and about 1.3 million Edge users — was updated on July 9, 2025 (v5.5.0) with AI capture enabled by default. Injected scripts override browser networking APIs to intercept chat data and exfiltrate conversation text, IDs, timestamps, session metadata, and model/platform information. The publisher's updated privacy policy admits collecting AI prompts and outputs for "Safe Browsing" and marketing while disclaiming a full guarantee of de-identification.

🔐 This article explains how sensitive data commonly leaks from AI systems — from RAG retrievals and agentic tool chains to user-initiated oversharing — and why LLMs cannot enforce document-level permissions. It recommends a layered, defense-in-depth approach: automatic identification and classification, data minimization at ingress, sanitization, redaction, and strict access controls that follow data through the pipeline. The authors also stress threat modeling and vendor due diligence to limit regulatory, competitive, and reputational harm.

🤖 The 2025 State of AI Data Security Report shows AI is widespread in business operations while oversight remains limited. Produced by Cybersecurity Insiders with Cyera Research Labs, the survey of 921 security and IT professionals finds 83% use AI daily yet only 13% have strong visibility into how systems handle sensitive data. The report warns AI often behaves as an ungoverned non‑human identity, with frequent over‑access and limited controls for prompts and outputs.

⚠️Researchers at Radware disclosed a vulnerability called ShadowLeak in the Deep Research module of ChatGPT that lets hidden, attacker-crafted instructions embedded in emails coerce an AI agent to exfiltrate sensitive data. The indirect prompt-injection technique hides commands using tiny fonts, white-on-white text or metadata and instructs the agent to encode and transmit results (for example, Base64-encoded lists of names and credit cards) to an attacker-controlled URL. Radware says the key risk is that exfiltration can occur from the model’s cloud backend, making detection by the affected organization very difficult; OpenAI was notified and implemented a fix, and Radware found the patch effective in subsequent tests.

🔒 CrowdStrike announces four new innovations in Falcon Data Protection to help organizations prevent GenAI-driven data leaks across endpoints, cloud, SaaS and AI tools. The updates include real-time GenAI protections that span browsers, local apps and shadow AI services, unified out-of-the-box detections, AI-powered classifications, and a consolidated Insider Risk dashboard. Beta and general availability windows span late 2025 through mid-2026, with cloud features prioritized earlier.

🔒The rapid adoption of generative AI is prompting significant privacy and security concerns as vendors revise terms to use user data for model training. High-profile pushback — exemplified by WeTransfer’s reversal — revealed how unclear terms and live experimentation can expose corporate and personal information. Employees using consumer tools like ChatGPT for work tasks risk leaking secrets, and platforms such as Slack are explicitly reserving rights to leverage customer data. CISOs must balance strategic AI adoption with heightened compliance, governance and operational risk.