Apple Says Its AI is Still Private Even When Running on Google's Servers★ 75
Ars Technica AI5 days agoEthicsApple clarified that running some of its AI models on Google's cloud infrastructure does not compromise user privacy. Through its Private Cloud Compute (PCC) architecture, Apple ensures that all data is processed in secure enclaves with end-to-end encryption. Consequently, Google has zero access to user data, addressing privacy concerns over Apple's cloud partnerships.
Defending Against Frontier Cyber Models: Cloudflare's Project Glasswing Architecture★ 70
Cloudflare Blog5 days agoCommentaryCloudflare introduces its defense architecture under Project Glasswing, arguing that robust architectural defense around vulnerabilities is more critical than patching speed. By acting as its own "customer zero," Cloudflare demonstrates how to mitigate autonomous frontier cyber models through edge-based isolation, zero-trust principles, and proactive traffic filtering.
Cohere's Financial Services Solutions: Enterprise AI for Banking and Finance
Cohere Blog6 days agoBusinessCohere outlines how financial institutions leverage its LLMs for complex tasks like risk assessment and customer support. By prioritizing data privacy and secure deployment (on-prem or hybrid cloud), Cohere enables banks to adopt RAG safely. The solutions emphasize high accuracy and compliance with strict financial regulations.
OpenAI Help: Lockdown Mode★ 74
Simon Willison's Weblog8 days agoCommentarySimon Willison notes that OpenAI’s previously teased Lockdown Mode is now live for eligible personal and self-serve Business ChatGPT accounts. The feature does not stop prompt injections from appearing in content, but limits outbound network requests that could leak sensitive data. He sees it as a direct mitigation for the exfiltration leg of the “Lethal Trifecta,” while implying default ChatGPT settings are not robust against determined data theft attempts.
The Quiet Numbers Station: Decoding Nineteen Years of GPS Cryptography
Hacker News (AI keywords)9 days agoPaperPublished on UCL's Bentham's Gaze blog, this research analyzes GPS cryptographic signals over a 19-year span, likening the satellites to 'quiet numbers stations.' The authors explore the evolution of GPS encryption (such as military P(Y) code and civilian authentication), evaluating their cryptographic strength and potential vulnerabilities using modern computational analysis.
Hackers Asked Meta AI for Access to High-Profile Instagram Accounts. It Worked★ 78
Simon Willison's Weblog12 days agoIncidentSimon Willison highlights a 404 Media report about hackers taking over Instagram accounts through Meta's AI support bot. A video reportedly shows an attacker asking the bot to link a target account to a new email address and providing a code. Willison argues this barely qualifies as prompt injection: the core failure was granting a support bot enough authority to fast-forward the account recovery process.
Hackers duped Meta AI support chatbot to steal celebrity Instagram accounts
Ars Technica AI12 days agoIncidentHackers duped a Meta AI support chatbot into granting access to notable or valuable Instagram accounts. Some handles were stolen and resold before Meta patched the exploit. The supplied excerpt does not disclose the attack method, the number of affected accounts, the timeline, or Meta's remediation steps beyond patching the issue.
Protecting against token theft
Vercel Changelog16 days agoTutorialVercel published a post titled “Protecting against token theft,” focused on token security risks and protection. The article body was not provided, so its scope, affected products, attack scenarios, and recommended mitigations cannot be confirmed. Readers should consult the original Vercel page before taking action or attributing specific guidance to the company.
The pressure
Simon Willison's Weblog18 days agoCommentaryDaniel Stenberg says the curl security team is facing an unprecedented surge of credible, detailed AI-assisted vulnerability reports. Incoming reports are now 4-5 times higher than in 2024 and twice the 2025 rate, averaging more than one per day. The upside is that recent curl vulnerabilities have generally been LOW or MEDIUM severity, with the last HIGH CVE published in October 2023.
Hackers are learning to exploit chatbot ‘personalities’ for security exploits★ 72
The Verge AI21 days agoEthicsAs AI chatbots adopt increasingly sophisticated personas, hackers are shifting from basic prompt injections to social engineering attacks targeting these "personalities." Researchers warn that manipulating a chatbot's defined role (e.g., customer service or empathetic companion) makes it easier to bypass safety guardrails. This evolution poses a significant threat to agentic AI workflows that rely on consistent role-playing and external data integration.
Google I/O 2026:個人 AI 代理 Gemini Spark 與全新 Antigravity 工具鏈解析★ 75
Simon Willison's Weblog25 days agoCommentaryWell-known tech blogger Simon Willison has analyzed the announcements from Google I/O 2026. Since many major announcements are still in the "coming soon"…
Import AI 457:AI 版 Stuxnet 震網病毒、神祕的 Muon 優化器,以及積極對齊(Positive Alignment)★ 78
Import AI (Jack Clark)27 days agoCommentaryThis issue of Import AI 457, written by Jack Clark, delves into three forward-looking and stylistically distinct topics in the field of artificial…
漏洞賞金計劃遭大量「AI 垃圾報告」轟炸,企業安全團隊不堪重負★ 70
Ars Technica AI27 days agoIncidentAccording to a report by Ars Technica, corporate bug bounty programs are currently being bombarded with an "endless" stream of AI-generated junk reports (AI…
英國政府數位服務局(GDS)介入 NHS 退出開源之爭,呼籲公共部門應「預設保持開源」
Simon Willison's Weblog28 days agoCommentaryThis report stems from Simon Willison's compilation of Terence Eden's follow-up coverage. The incident began when the UK's National Health Service (NHS), upon…
Vercel 為 skills.sh 推出自動化安全審計功能
Vercel Changelog117 days agoReleaseVercel's official Changelog announced that automated security audits have been formally launched for `skills.sh`. `skills.sh` is an interactive skill-learning…
Import AI 441:我的 AI Agent 開始工作了,你的呢?以及如何用「毒泉」污染 AI 系統★ 75
Import AI (Jack Clark)146 days agoCommentary### The Age of Practical AI Agents Has Arrived In this edition of his column, Jack Clark shares his personal breakthrough in using AI Agents. Previously, many…
Vercel 推出百萬美元黑客挑戰賽:懸賞突破「React2Shell」沙箱防護★ 75
Vercel Changelog177 days agoReleaseVercel officially announced the launch of a striking security challenge — the "React2Shell" $1 Million Hacker Challenge. This initiative invites the world's…
Vercel 取得 TISAX AL2 安全合規認證,擴大服務汽車產業合作夥伴
Vercel Changelog228 days agoBusinessFrontend cloud platform Vercel announced that it has officially obtained TISAX (Trusted Information Security Assessment Exchange) AL2 (Assessment Level 2)…
Vercel 取得 TISAX AL2 資訊安全認證,進軍歐洲汽車產業供應鏈
Vercel Changelog228 days agoBusinessVercel has officially announced that it has obtained TISAX (Trusted Information Security Assessment Exchange) Assessment Level 2 (AL2) certification. This is a…
Hugging Face 與 VirusTotal 攜手合作,共同強化 AI 模型安全防護★ 75
Hugging Face Blog235 days agoReleaseAs open-source AI models have grown explosively, model security has become an issue that can no longer be ignored. Traditional machine learning model formats…
Talha Tariq 加入 Vercel 擔任安全技術長 (CTO of Security)
Vercel Changelog242 days agoBusinessVercel has officially announced that Talha Tariq, former Chief Information Security Officer (CISO) of HashiCorp, has joined the company as CTO of Security…
Vercel 為企業團隊推出擴展的角色型存取控制 (RBAC),提供更細粒度的權限管理
Vercel Changelog247 days agoReleaseVercel has officially announced an "Expanded Role-Based Access Control (RBAC)" update for Enterprise teams. As enterprise teams scale, securely managing…
Vercel 宣布向 Pro 團隊開放 SAML SSO 單一登入功能
Vercel Changelog292 days agoReleaseWeb development and deployment platform Vercel announced a significant change in its official Changelog: SAML SSO (Security Assertion Markup Language Single…
Vercel 解析三種 AI 機器人流量及其應對策略★ 75
Vercel Changelog305 days agoTutorialAs generative AI becomes increasingly widespread, website administrators and developers are confronting an entirely new category of traffic: AI bots. In a…
v0:安全地進行「氛圍編程」(Vibe Coding)★ 75
Vercel Changelog314 days agoReleaseAs AI code generation tools become widespread, "Vibe Coding" — a mode in which developers primarily write, modify, and deploy code by conversing with AI while…
Vercel BotID 正式全面啟用 (GA),助開發者精準識別與控管 AI 爬蟲及機器人流量★ 75
Vercel Changelog354 days agoReleaseVercel has officially announced that its bot-identification service, "Vercel BotID," has exited Beta and is now Generally Available (GA) to all users. With the…
Vercel Bot Protection 正式開啟公測:一鍵防護惡意爬蟲與自動化攻擊
Vercel Changelog417 days agoReleaseVercel has officially announced that its "Bot Protection" feature has entered Public Beta. As automated traffic on the internet — particularly various AI…
Vercel 推出一鍵式 Bot 防護託管規則集,正式開啟公開測試 (Public Beta)
Vercel Changelog417 days agoReleaseVercel has officially announced that the one-click managed ruleset for its "Bot Protection" feature has entered Public Beta. This new capability is designed to…
Protectd:Vercel 升級常駐型 DDoS 阻斷服務防禦機制★ 75
Vercel Changelog433 days agoReleaseThe Vercel official blog published a technical article on April 7, 2025 introducing its newly developed always-on denial-of-service (DoS) protection system —…
Hugging Face 與 JFrog 攜手合作,提升 AI 安全與軟體供應鏈透明度★ 70
Hugging Face Blog467 days agoBusinessWith the explosive growth of generative AI and open-source models, an increasing number of enterprises are integrating models from Hugging Face into their core…