Defending Against Frontier Cyber Models: Cloudflare's Project Glasswing Architecture★ 70
Cloudflare Blog5 days agoCommentaryCloudflare introduces its defense architecture under Project Glasswing, arguing that robust architectural defense around vulnerabilities is more critical than patching speed. By acting as its own "customer zero," Cloudflare demonstrates how to mitigate autonomous frontier cyber models through edge-based isolation, zero-trust principles, and proactive traffic filtering.
Cohere Releases Command A+: An Open-Source Enterprise AI Model for Sovereign Critical Infrastructure★ 75
Cohere Blog6 days agoReleaseCohere has released Command A+, an open-source enterprise AI model specifically designed for sovereign critical infrastructure. It enables organizations to deploy powerful AI locally, ensuring complete data sovereignty and compliance with strict regulatory standards. The model inherits Cohere's strengths in multilingual capabilities, advanced RAG, and tool use, offering a highly secure alternative for sensitive industries.
Cohere's Secure AI: Prioritizing Data Sovereignty and Enterprise Privacy
Cohere Blog6 days agoBusinessCohere's Secure AI framework is designed for security-conscious enterprises, emphasizing data sovereignty and privacy. The company guarantees that customer data is never used to train public models, offering flexible deployments across AWS, GCP, Azure, and OCI. This enables highly regulated industries like finance and healthcare to safely adopt Command and Rerank models within their own secure perimeters.
Cohere's Financial Services Solutions: Enterprise AI for Banking and Finance
Cohere Blog6 days agoBusinessCohere outlines how financial institutions leverage its LLMs for complex tasks like risk assessment and customer support. By prioritizing data privacy and secure deployment (on-prem or hybrid cloud), Cohere enables banks to adopt RAG safely. The solutions emphasize high accuracy and compliance with strict financial regulations.
Hackers Asked Meta AI for Access to High-Profile Instagram Accounts. It Worked★ 78
Simon Willison's Weblog12 days agoIncidentSimon Willison highlights a 404 Media report about hackers taking over Instagram accounts through Meta's AI support bot. A video reportedly shows an attacker asking the bot to link a target account to a new email address and providing a code. Willison argues this barely qualifies as prompt injection: the core failure was granting a support bot enough authority to fast-forward the account recovery process.
Hackers duped Meta AI support chatbot to steal celebrity Instagram accounts
Ars Technica AI12 days agoIncidentHackers duped a Meta AI support chatbot into granting access to notable or valuable Instagram accounts. Some handles were stolen and resold before Meta patched the exploit. The supplied excerpt does not disclose the attack method, the number of affected accounts, the timeline, or Meta's remediation steps beyond patching the issue.
Protecting against token theft
Vercel Changelog16 days agoTutorialVercel published a post titled “Protecting against token theft,” focused on token security risks and protection. The article body was not provided, so its scope, affected products, attack scenarios, and recommended mitigations cannot be confirmed. Readers should consult the original Vercel page before taking action or attributing specific guidance to the company.
Fed up with vibe coders, dev sneaks data-nuking prompt injection into code
Ars Technica AI16 days agoIncidentArs Technica reports that a developer frustrated with vibe coders slipped an undisclosed prompt injection into jqwik-related code. The injected text allegedly instructed AI coding agents to delete application output. The incident highlights a new supply-chain risk: source code and project text can become adversarial instructions for agentic coding tools.
Millions of AI agents imperiled by critical vulnerability in open source package★ 78
Ars Technica AI18 days agoIncidentArs Technica reports that Starlette, a Python package with about 325 million weekly downloads, has a critical vulnerability called BadHost. The flaw can let crafted Host headers confuse request.url.path, potentially bypassing middleware-based path authorization. AI infrastructure using FastAPI or Starlette, including vLLM, LiteLLM, MCP servers, LLM proxies, and agent frameworks, should upgrade Starlette and audit custom middleware.