FILTERING BY: CLEAR FILTER

Sandbox Escape Vulnerability in Anthropic's Claude Cowork for Windows

Security researcher Armadin has identified a multi-step attack chain capable of executing a sandbox escape within Anthropic's Claude Cowork for Windows. The vulnerability exploits two distinct weaknesses to bypass the application's Windows-specific isolation layer, enabling an AI agent or malicious input to interact directly with the host operating system. This exploit includes a network sandbox bypass, facilitating unauthorized external communication and the silent exfiltration of sensitive host data, including API keys and filesystem contents. While Anthropic disputes the practical risk and severity, the findings highlight critical boundary failures in AI agent architectures, where functional deployment speed may compromise essential host-level security controls.

GuardFall: Critical Shell Injection Vulnerabilities in Open-Source AI Coding Agents

GuardFall is a systemic architectural flaw affecting 91% of tested open-source AI coding agents, including Aider, Open Interpreter, and OpenHands. The vulnerability arises from the agents' reliance on superficial safety filters to block "dangerous" shell commands. Attackers can bypass these filters using classical shell injection metacharacters via prompt injection, leading to arbitrary command execution. Because these agents typically operate with the full privileges of the host user, exploitation enables the theft of environment secrets, API keys, and the full compromise of CI/CD pipelines and host systems.

OWASP ASI03: Identity and Privilege Abuse in Agentic AI

OWASP ASI03 identifies a critical structural failure in traditional Identity and Access Management (IAM) when applied to AI agents. Legacy session-based authentication validates principals only at initiation, allowing attackers to hijack agent identities via legacy infrastructure and execute unauthorized actions at machine speed. By exploiting the lack of granular, action-level validation, adversaries significantly expand the blast radius of a compromise. Remediation requires transitioning from static sessions to a "Continuous Identity" model utilizing task-scoped, time-bound, and action-specific authorization to prevent unauthorized agentic autonomy and privilege escalation.

Sovereign Execution Broker SEB and Sovereign Assurance Boundary SAB

This research addresses the security gap in agentic control planes where non-deterministic autonomous agent reasoning interacts with deterministic infrastructure mutations. Traditional IAM fails to validate real-time intent, creating a risk of unauthorized infrastructure changes if an agent's reasoning drifts or is compromised. The proposed architecture implements a Sovereign Assurance Boundary (SAB) to certify intent via cryptographic execution contracts and a Sovereign Execution Broker (SEB) to enforce these contracts. By decoupling identity from capability and utilizing short-lived, scoped execution identities and live-state drift detection, the framework prevents unauthorized mutations regardless of the agent's internal state.

U.S. Administration: Voluntary AI Model Cybersecurity Testing Framework

The Trump administration is implementing a "defensive acceleration" framework requiring frontier AI developers to voluntarily provide 30-day pre-release access to new models for classified benchmarking. Managed by a multi-agency coalition including CISA, the NSA, and the Treasury, the initiative establishes an AI Cybersecurity Clearinghouse to scan for vulnerabilities and coordinate remediation. The strategy aims to mitigate AI-driven offensive cyber capabilities and harden critical infrastructure—specifically healthcare, finance, and utilities—via Binding Operational Directives (BODs) and automated, agentic defensive tooling, focusing on the critical 1.6% of exploitable vulnerabilities.


LINK COPIED TO CLIPBOARD