@gurupanguji<p><strong>Prompt injections are still a problem – August 2025 edition</strong></p><blockquote><p>Independent AI researcher Johann Rehberger (previously) has had an absurdly busy August. Under the heading The Month of AI Bugs he has been publishing one report per day across an array of different tools, all of which are vulnerable to various classic prompt injection problems. This is a fantastic and horrifying demonstration of how widespread and dangerous these vulnerabilities still are, almost three years after we first started talking about them.</p><p>Johann’s published research in August so far covers ChatGPT, Codex, Anthropic MCPs, Cursor, Amp, Devin, OpenHands, Claude Code, GitHub Copilot and Google Jules. There’s still half the month left!</p><p><a href="https://simonwillison.net/2025/Aug/15/the-summer-of-johann/#atom-everything" rel="nofollow noopener" target="_blank">The Summer of Johann: prompt injections as far as the eye can see</a></p></blockquote><p>Previously:</p><p><a href="https://gurupanguji.com/2025/06/15/prompt-injection-continues-to-be-a-major-vector-of-attack-for-llms/?utm_source=rss&utm_medium=rss&utm_campaign=prompt-injection-continues-to-be-a-major-vector-of-attack-for-llms" rel="nofollow noopener" target="_blank">https://gurupanguji.com/2025/06/15/prompt-injection-continues-to-be-a-major-vector-of-attack-for-llms/?utm_source=rss&utm_medium=rss&utm_campaign=prompt-injection-continues-to-be-a-major-vector-of-attack-for-llms</a></p><p><a href="https://gurupanguji.com/2025/04/23/notes-on-llms/" rel="nofollow noopener" target="_blank">https://gurupanguji.com/2025/04/23/notes-on-llms/</a></p><p><a href="https://gurupanguji.com/2025/08/06/trust-in-the-world-of-ai/" rel="nofollow noopener" target="_blank">https://gurupanguji.com/2025/08/06/trust-in-the-world-of-ai/</a></p><p><a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://gurupanguji.com/tag/ai/" target="_blank">#ai</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://gurupanguji.com/tag/engineering/" target="_blank">#engineering</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://gurupanguji.com/tag/llms/" target="_blank">#llms</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://gurupanguji.com/tag/model/" target="_blank">#model</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://gurupanguji.com/tag/prompt-injection/" target="_blank">#promptInjection</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://gurupanguji.com/tag/security/" target="_blank">#security</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://gurupanguji.com/tag/security-engineering/" target="_blank">#securityEngineering</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://gurupanguji.com/tag/software/" target="_blank">#software</a></p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
201active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.5
#securityengineering
0 posts · 0 participants · 0 posts today
Tedi Heriyanto<p>Thoughts on the Impact of Generative AI on Security Engineering Careers: <a href="https://scottponte.substack.com/p/thoughts-on-the-impact-of-generative" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">scottponte.substack.com/p/thou</span><span class="invisible">ghts-on-the-impact-of-generative</span></a></p><p><a href="https://infosec.exchange/tags/generativeai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>generativeai</span></a> <a href="https://infosec.exchange/tags/securityengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityengineering</span></a></p>
Threat Insight<p>In a new blog, Proofpoint threat research engineers disclosed their discovery of Amatera Stealer, a newly rebranded and upgraded malware-as-a-service (MaaS) version of the ACR Stealer. <br> <br>Read the blog: <a href="https://brnw.ch/21wTvkx" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">brnw.ch/21wTvkx</span><span class="invisible"></span></a></p><p>While maintaining its roots in ACR Stealer, the latest variant, <a href="https://infosec.exchange/tags/Amatera" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Amatera</span></a>, introduces new features—including sophisticated delivery mechanisms, anti-analysis defenses, and a revamped control structure—making it stealthier and dangerous.</p><p>See the Threat Research Engineering blog for IOCs and Emerging Threat signatures.</p><p><a href="https://infosec.exchange/tags/securityengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityengineering</span></a> <a href="https://infosec.exchange/tags/detectionengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>detectionengineering</span></a> <a href="https://infosec.exchange/tags/securitycontrols" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securitycontrols</span></a></p>
Schneier on Security RSS<p>Applying Security Engineering to Prompt Injection Security</p><p>This seems like an important advance in LLM security against prompt injection:<br>G... <a href="https://www.schneier.com/blog/archives/2025/04/applying-security-engineering-to-prompt-injection-security.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">schneier.com/blog/archives/202</span><span class="invisible">5/04/applying-security-engineering-to-prompt-injection-security.html</span></a></p><p> <a href="https://burn.capital/tags/securityengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityengineering</span></a> <a href="https://burn.capital/tags/academicpapers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>academicpapers</span></a> <a href="https://burn.capital/tags/Uncategorized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Uncategorized</span></a> <a href="https://burn.capital/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Google</span></a> <a href="https://burn.capital/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLM</span></a> <a href="https://burn.capital/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a></p>
Alec Muffett<p>3rd edition of Ross Anderson’s Security Engineering now freely available for download | Light Blue Touchpaper<br><a href="https://alecmuffett.com/article/110651" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">alecmuffett.com/article/110651</span><span class="invisible"></span></a><br><a href="https://mastodon.social/tags/RossAnderson" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RossAnderson</span></a> <a href="https://mastodon.social/tags/SecurityEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityEngineering</span></a></p>
Ecologia Digital<p>"One reason <a href="https://mato.social/tags/RossAnderson" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RossAnderson</span></a> was so effective in the area of <a href="https://mato.social/tags/digitalrights" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>digitalrights</span></a> is that he had the ability to look forward and see the next challenge while it was still forming. Even more important, he had an extraordinary ability to explain complex concepts in an understandable manner. You can check on the YouTube channel a series of lectures on <a href="https://mato.social/tags/securityengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityengineering</span></a> or read the massive list of papers at his home page."</p><p><a href="https://netwars.pelicancrossing.net/2024/03/31/rip-ross-j-anderson/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">netwars.pelicancrossing.net/20</span><span class="invisible">24/03/31/rip-ross-j-anderson/</span></a></p>
Schneier on Security RSS<p>Ross Anderson</p><p>Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge.<br>I can’t remembe... <a href="https://www.schneier.com/blog/archives/2024/03/ross-anderson.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">schneier.com/blog/archives/202</span><span class="invisible">4/03/ross-anderson.html</span></a></p><p> <a href="https://burn.capital/tags/economicsofsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>economicsofsecurity</span></a> <a href="https://burn.capital/tags/securityconferences" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityconferences</span></a> <a href="https://burn.capital/tags/securityengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityengineering</span></a> <a href="https://burn.capital/tags/Uncategorized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Uncategorized</span></a> <a href="https://burn.capital/tags/cryptanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptanalysis</span></a> <a href="https://burn.capital/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://burn.capital/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a></p>
G :donor: :Tick:<p>Introduction</p><p>Redoing my <a href="https://infosec.exchange/tags/introduction" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>introduction</span></a> as it was a bit of a sparse one when I joined.</p><p>I am a lifelong <a href="https://infosec.exchange/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technology</span></a> enthusiast, having worked in Financial Services IT for more than 25 years, across multiple disciplines including:<br>* <a href="https://infosec.exchange/tags/Unisys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Unisys</span></a> <a href="https://infosec.exchange/tags/MCP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MCP</span></a>-based <a href="https://infosec.exchange/tags/mainframe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mainframe</span></a> platforms (A17/A19/HMP NX 6800/Libra 180/Libra 6xx/Libra 890)<br>* <a href="https://infosec.exchange/tags/EMC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EMC</span></a> <a href="https://infosec.exchange/tags/Symmetrix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Symmetrix</span></a> storage arrays (DMX 3/4 and most recently VMAX) including experience of <a href="https://infosec.exchange/tags/SRDF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SRDF</span></a>(S), SRDF(A), BCV<br>* <a href="https://infosec.exchange/tags/WindowsServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WindowsServer</span></a> (2000 through 2019) including <a href="https://infosec.exchange/tags/ActiveDirectory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ActiveDirectory</span></a><br>* Various <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a>/ <a href="https://infosec.exchange/tags/Unix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Unix</span></a> OSes (<a href="https://infosec.exchange/tags/HPUX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HPUX</span></a>/ <a href="https://infosec.exchange/tags/RHEL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RHEL</span></a>/ <a href="https://infosec.exchange/tags/Centos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Centos</span></a>/ <a href="https://infosec.exchange/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ubuntu</span></a>/ <a href="https://infosec.exchange/tags/Raspbian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Raspbian</span></a>) including experience of <a href="https://infosec.exchange/tags/GFS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GFS</span></a>/#GFS2 SAN storage clustering<br>* Virtual Tape Server technology (B&L/Crossroads/ETI Net SPHiNX, <a href="https://infosec.exchange/tags/TSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TSM</span></a>)<br>* Automation/Scripting (<a href="https://infosec.exchange/tags/PowerShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PowerShell</span></a>, <a href="https://infosec.exchange/tags/NT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NT</span></a> <a href="https://infosec.exchange/tags/Batch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Batch</span></a>, <a href="https://infosec.exchange/tags/DOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DOS</span></a>, <a href="https://infosec.exchange/tags/Bash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bash</span></a>, <a href="https://infosec.exchange/tags/OPAL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OPAL</span></a>)<br>* <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> (<a href="https://infosec.exchange/tags/PrivilegedAccessManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivilegedAccessManagement</span></a>, <a href="https://infosec.exchange/tags/LeastPrivilege" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LeastPrivilege</span></a>, <a href="https://infosec.exchange/tags/IAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IAM</span></a>, <a href="https://infosec.exchange/tags/Firewalls" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firewalls</span></a>, <a href="https://infosec.exchange/tags/EDR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EDR</span></a>)<br>* <a href="https://infosec.exchange/tags/BusinessContinuity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BusinessContinuity</span></a>/#DisasterRecovery (Design/Implementation/Operations)</p><p>I’m focused on learning and getting hands-on with <a href="https://infosec.exchange/tags/RaspberryPi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RaspberryPi</span></a> at home and <a href="https://infosec.exchange/tags/cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloud</span></a> computing solutions both at work and at home.</p><p>I moved into a <a href="https://infosec.exchange/tags/SecurityEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityEngineering</span></a> role in 2020, so a lot of my focus is now more security focussed across all tech stacks.</p><p>My main focus at present when it comes to cloud is predominately <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://infosec.exchange/tags/Azure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Azure</span></a>, with Google and AWS of interest also, as well as other cloud infrastructure services such as those provided by CloudFlare, though I’m planning a move away from them due to their moral/ethical choices.</p><p>Away from work and tech, I love to <a href="https://infosec.exchange/tags/travel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>travel</span></a> the world with my wife and enjoy very amateur <a href="https://infosec.exchange/tags/photography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>photography</span></a> to record our adventures.</p><p>I also love most genres of <a href="https://infosec.exchange/tags/music" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>music</span></a>, live in concert when I can, with a particular love of <a href="https://infosec.exchange/tags/Rock" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rock</span></a>/ <a href="https://infosec.exchange/tags/Metal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Metal</span></a> and also <a href="https://infosec.exchange/tags/Trance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trance</span></a> (coincidentally, given the profession of a somewhat more well known namesake of mine!).</p>
aidan<p><a href="https://bladerunner.social/tags/introduction" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>introduction</span></a></p><p>I do <a href="https://bladerunner.social/tags/infoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infoSec</span></a> stuff for a job and am usually open to work offers, ideally on a contracting basis.</p><p>I have some hobbies like <a href="https://bladerunner.social/tags/martialArts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>martialArts</span></a>, <a href="https://bladerunner.social/tags/securityEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityEngineering</span></a>, <a href="https://bladerunner.social/tags/TTRPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TTRPG</span></a>, and <a href="https://bladerunner.social/tags/economics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>economics</span></a>.</p><p>FRs are welcome but please have an pinned intro, public posts of your own, and ideally a bio and avatar.</p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload