June 2025

Microsoft has open-sourced an AI red teaming lab course on GitHub. The labs are designed to teach security professionals how to evaluate AI systems through hands-on adversarial and Responsible AI challenges, making it an excellent resource for those looking to enhance their skills in AI security, particularly in attack scenarios. Google has published a comprehensive…

Aim Labs discovered a vulnerability in Microsoft 365 Copilot named “EchoLeak,” which enables unauthorized data extraction through zero-click AI exploitation. This attack leverages the victim’s copilot to create URLs using sensitive data as query parameters, and utilizes markdown image auto-rendering for data extraction without user involvement. A very smart and dangerous tactic. Anthropic shared insights…

OpenAI has released a report detailing efforts to combat malicious AI activities through case studies, emphasizing the urgency of protective measures and global collaboration to prevent AI abuse. Fascinating examples and narratives are included (Combating AI Misuse: A Global Effort). Yoshua Bengio, a leading figure in AI and machine learning research, appears to be shifting…

MCP represents a cutting-edge architecture for AI agents but also introduces new vulnerabilities. Invariant Labs has identified a method that could allow access to a user’s private repository via the GitHub MCP server, constituting a variation of a prompt injection attack. It’s crucial to recognize that anything an AI model is exposed to can be…