AI Security Newsletter - December 2025
/ adversarial-ai-digest-december-2025-tal-el... - #AIsecurity #AdversarialAI #RedTeamAI #LLMsecurity #AINewsletter #iso42001
A digest of AI security research, insights, reports, upcoming events, tools, videos, and resources, all in one place.
A monthly roundup of what mattered at the intersection of AI and cybersecurity: real-world incidents, new attack surfaces (agents, AI IDEs, AI browsers, MCP), governance signals, and the most useful tools/resources.
Read the full newsletter (all links + the complete list of items):
[PASTE NEWSLETTER LINK HERE]
Sponsored by InnovGuard.com — Technology Risk & Cybersecurity Advisory
Innovate and Invest with Confidence, Lead with Assurance.
What’s inside this episode
🔍 Insights (highlights)
• MLOps-style AI red teaming that auto-generates jailbreaks at scale (and why “continuous” matters)
• Prompt leakage and hidden “rulebooks” in multimodal image systems (Nano Banana / Gemini)
• “Privacy” browser extensions allegedly harvesting AI chats at scale
• IDEsaster: prompt-injected coding agents abusing shared IDE features for data exposure and RCE paths
• AI cyber risk entering policy and procurement controls (AI-BOM direction of travel)
• Copilot Studio prompt injection leading to sensitive data exposure and workflow manipulation
• Task injection: attacker-planted sub-tasks that hijack autonomous agents while looking “helpful”
• PromptPwnd: untrusted text (PRs/issues/commits) injected into AI-agent CI/CD workflows
• Model supply-chain risk: PickleScan bypasses affecting PyTorch pickle scanning assumptions
• MCP sampling abuse: budget draining, persistent instruction planting, and hidden tool-call triggers
• ASCII smuggling: invisible instructions that humans don’t see but models can follow
• Agentic browsers + connectors: destructive actions from “inbox-driven” instructions (why it’s hard)
• Langflow: account takeover to RCE chain risk in agent/workflow platforms (CVE coverage)
🧰 Tools & Resources (selected)
• mcp-scanner (Cisco AI Defense)
• MCPScan (Ant Group)
• GhidraGPT
• ARTEMIS (automated red teaming engine)
• genai-security-training (self-paced curriculum)
• cupcake (OPA/Rego policy constraints for coding agents)
• VulnLLM-R (project-level vuln discovery pipeline)
• opengrep-rules (prompt-injection detection rules for workflows)
• prompt-siren (prompt-injection testing workbench)
• plus additional MCP and prompt-guard utilities
📄 Reports (selected)
• CSA: The State of AI Security and Governance
• NIST: Cyber AI Profile (preliminary draft)
• OWASP: Top 10 for Agentic Applications
• CSA: Addendum to Guidelines on Securing AI Systems
• Data Security within AI Environments (CSA-aligned)
📅 Upcoming Conferences
• NHIcon — The Rise of Agentic AI Security (Virtual)
• CSA AI Summit (Virtual)
• DiCyFor & AI Security Summit (Singapore)
• IEEE ICAIC — International Conference on AI in Cybersecurity (Houston)
• [un]prompted — The AI Security Practitioner Conference (San Francisco)
• AI Security Summit (Tel Aviv)
• DiCyFor & AI Security Summit (Bangkok)
• IEEE SaTML — Secure and Trustworthy Machine Learning (Munich)
• DiCyFor & AI Security Summit (Kuala Lumpur)
• SANS AI Cybersecurity Summit (Arlington + Virtual)
• AI Security Summit @ Black Hat Asia (Singapore)
📚 Research (selected)
• AI Deception: Risks, Dynamics, and Controls
• STAC: Sequential Tool Attack Chaining for agent jailbreaks
• Comparing AI agents to human pentesters in a live enterprise environment (ARTEMIS study)
• PACEbench: practical cyber-exploitation evaluation for agents
• Decompiling the Synergy: human–LLM teaming in reverse engineering
• AprielGuard: safeguard model for adversarial and safety risk detection
🎥 Videos
A curated set of talks and deep dives across agent security, vibe coding risk, AI browsers, MCP exposure, offensive AI, and practical defense. Full list is in the newsletter.
Connect
• X (Twitter): https://x.com/AISecHub
• LinkedIn Group: / 14545517