A security hole within AI dev tools has allowed attackers to escape sandboxes by misleading the humans in the loop who were supposed to knowingly approve the tool’s actions, according to cybersecurity research firm Wiz.
“We discovered GhostApproval, a systematic vulnerability pattern affecting six of the top AI coding assistants: Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf [now known as Devin Desktop],” the Wiz report said. “In each case, a malicious repository can trick the agent into accessing arbitrary files outside the workspace sandbox, potentially achieving remote code execution on the developer’s machine.”
The first report of the hole came earlier this month from Cato Networks, but was limited to one platform, Cursor, whereas Wiz found that its impact was far wider.
The underlying security problem, symbolic links (symlinks), is well known and has been leveraged for decades. But GhostApproval, Wiz noted, goes well beyond their his
AI hallucinations could lead to scalable botnets, posing significant cybersecurity risks as AI systems gain more autonomous capabilities.
The post Researchers warn AI agents could become botnets through hallucinations appeared first on Crypto Briefing.
The post AI Agents Could Be Turned Into Botnets Through Hallucinations, Researchers Warn appeared on BitcoinEthereumNews.com.
In brief Researchers introduced “Adversarial HalluSquatting,” an attack that exploits AI-generated hallucinations. The technique tricks AI agents into trusting fake repositories or tools that contain malicious instructions. Tests against popular AI coding assistants showed the method could lead to remote code execution in controlled experiments. AI hallucinations may be more than incorrect answers—they could become a way for hackers to compromise computers, according to new research from Tel Aviv University, Technion, and Intuit. In the paper, “Beware of Agentic Botnets: Scalable Untargeted Promptware Attacks via Universal and Transferable Adversarial HalluSquatting,” researchers demonstrated a technique that exploits AI models when they generate fake links to software repositories and other online resources. “The growing adoption of agentic LLM applications h
Researchers warn AI agents could be tricked into downloading malicious code by exploiting the same hallucinations that cause chatbots to make mistakes.
Cursor's strategic pivot to general-purpose AI agents could reshape productivity tools, intensifying competition and innovation in the AI market.
The post Cursor builds general-purpose AI agent SAND to take on Anthropic’s Claude Cowork appeared first on Crypto Briefing.
Staggered release of ChatGPT 5.6 follows similar restrictions on rival firm Anthropic’s latest AI models
OpenAI released its latest advanced AI model, called ChatGPT 5.6, on Thursday after earlier delaying the public rollout over US government concerns about cybersecurity. The Trump administration had requested last month that OpenAI limit the release to a small group of government-approved users.
OpenAI complied with the White House’s request last month. The company stated in a blogpost that it had briefed government officials on ChatGPT 5.6’s capabilities and restricted the model to trusted partners at their behest. The product’s wider release came after additional testing by the government’s Center for AI Standards and Innovation agency, according to Axios.
Continue reading...
July 9, 2026 — The European Commission has presented an Action Plan for a structured response to address the risks and harness the opportunities of advanced artificial intelligence (AI) models for […]
The post European Commission Presents EU Action Plan on Cybersecurity and Artificial Intelligence appeared first on AIwire.
The post Lithuania Solar Cybersecurity Rules Expose Europe’s Renewable Remote Access Risks appeared on BitcoinEthereumNews.com.
Grid operators in Lithuania can now disconnect solar plants above 100 kilowatts that lack required cybersecurity measures. 2. A solar installation in Lithuania. New rules test whether Europe can impose security boundaries on distributed renewable assets after they are already deployed and remotely connected. (Photo by Christopher Furlong/Getty Images) Getty Images Lithuania’s grid operators can now disconnect solar plants above 100 kilowatts that fail new cybersecurity rules. That sounds like narrow local regulation. It isn’t. It is one of the clearest signs yet that Europe’s renewable build-out has become a critical-infrastructure problem as much as a climate one. For utilities, storage developers, infrastructure investors and regulators, the question is no longer just how fast to add solar and batteries. It is who still holds remote access once those assets