information security

14 bookmarks in this category

• 42-b3yond-6ug - AIxCC Finalist CRS

  aicyberchallenge.com • Aug 9, 2025

  Collaborative university team led by Northwestern with University of Waterloo, Utah, Colorado Boulder, and New Hampshire. Notable for innovative 'super patches' that fix multiple unrelated bugs with single patches.

  [aixcc] [darpa] [crs] [cyber-reasoning-system] [northwestern-university] [university-of-waterloo] [university-of-utah] [university-of-colorado] [university-of-new-hampshire] [vulnerability-discovery] [automated-patching] [ai-security] [super-patches] [academic] [2025]

• AIxCC Other Finalist Teams - Lacrosse & all_you_need_is_a_fuzzing_brain

  aicyberchallenge.com • Aug 9, 2025

  Two additional teams that qualified for AIxCC finals at DEF CON 33, each winning $2M for reaching the final round. Both teams built systems using fuzzing, static analysis, and LLM enhancements.

  [aixcc] [darpa] [crs] [cyber-reasoning-system] [lacrosse] [all_you_need_is_a_fuzzing_brain] [fuzzing] [static-analysis] [vulnerability-discovery] [automated-patching] [ai-security] [llm] [2025]

• AIxCC Public GitHub - Competition Resources

  GitHub • Aug 9, 2025

  Official GitHub organization for DARPA AIxCC containing challenge exemplars, competition API (cAPI), and CRS sandbox resources used in the semifinals and finals competitions.

  [aixcc] [darpa] [crs] [cyber-reasoning-system] [competition-infrastructure] [capi] [challenge-problems] [linux-kernel] [nginx] [vulnerability-discovery] [automated-patching] [open-source] [2025]

• Buttercup: Open-Source AI-Driven Cyber Reasoning System

  GitHub • Aug 9, 2025

  Trail of Bits' second-place winning CRS from DARPA's AI Cyber Challenge - an automated system for discovering and patching vulnerabilities in open-source software using AI-augmented fuzzing and multi-agent patch generation.

  [crs] [cyber-reasoning-system] [vulnerability-discovery] [automated-patching] [fuzzing] [ai-security] [darpa] [aixcc] [trail-of-bits] [oss-fuzz] [libfuzzer] [jazzer] [static-analysis] [security-automation] [open-source-security] [vulnerability-research] [multi-agent-systems] [llm-security] [code-analysis]

• DARPA AI Cyber Challenge (AIxCC)

  aicyberchallenge.com • Aug 9, 2025

  Two-year competition challenging teams to build AI-powered Cyber Reasoning Systems that autonomously find and patch vulnerabilities in critical infrastructure software. $18.5M total prize pool with finals at DEF CON 33.

  [darpa] [arpa-h] [aixcc] [cyber-reasoning-system] [crs] [competition] [vulnerability-discovery] [automated-patching] [ai-security] [critical-infrastructure] [open-source-security] [def-con] [2025]

• Prompt injection and the lethal trifecta - Bay Area AI Security Meetup

  simonwillison.net • Aug 9, 2025

  Transcript of Simon Willison's talk at the Bay Area AI Security Meetup explaining prompt injection vulnerabilities and demonstrating various attack methods across platforms like GitHub and ChatGPT.

  [ai-security] [prompt-injection] [llm-security] [bay-area-ai] [security-talks] [ai-vulnerabilities] [simon-willison] [def-con] [2025]

• Shellphish ARTIPHISHELL - AIxCC Finalist CRS

  shellphish.net • Aug 9, 2025

  UC Santa Barbara-led team's LLM-based Cyber Reasoning System with 60+ AI agents collaborating to autonomously find and patch vulnerabilities. Evolution of their 2016 CGC Mechanical Phish system.

  [aixcc] [darpa] [crs] [cyber-reasoning-system] [shellphish] [artiphishell] [uc-santa-barbara] [asu] [purdue] [vulnerability-discovery] [automated-patching] [ai-security] [multi-agent] [llm] [def-con] [ctf] [2025]

• CaMeL offers a promising new direction for mitigating prompt injection attacks

  simonwillison.net • Aug 9, 2025

  Analysis of CaMeL (Context-Aware Mitigation for LLMs), a new approach for defending against prompt injection attacks in language models.

  [ai-security] [prompt-injection] [llm-security] [camel] [mitigation-techniques] [ai-defense] [security-research] [simon-willison] [2025]

• The lethal trifecta for AI agents: private data, untrusted content, and external communication

  simonwillison.net • Aug 9, 2025

  Simon Willison identifies three dangerous capabilities that create critical security vulnerabilities when combined in AI systems: access to private data, exposure to untrusted content, and ability to communicate externally.

  [ai-security] [prompt-injection] [llm-security] [data-exfiltration] [ai-agents] [security-vulnerabilities] [simon-willison] [2025]

• Design Patterns for Securing LLM Agents against Prompt Injections

  simonwillison.net • Aug 9, 2025

  Practical design patterns and architectural approaches for building more secure AI agents that are resistant to prompt injection attacks.

  [ai-security] [prompt-injection] [llm-security] [design-patterns] [security-architecture] [ai-agents] [mitigation-strategies] [simon-willison] [2025]

• Lessons From Red Teaming 100 Generative AI Products

  simonwillison.net • Aug 9, 2025

  Insights and patterns discovered from security testing 100 different generative AI products, revealing common vulnerabilities and defense strategies.

  [ai-security] [red-teaming] [prompt-injection] [llm-security] [security-testing] [vulnerability-assessment] [generative-ai] [simon-willison] [2025]

• StarDict Plugins in Debian 13 Raise Privacy Concerns

  Linuxiac • Aug 9, 2025

  StarDict plugins in Debian 13 leak selected X11 text over HTTP to Chinese dictionary services, potentially exposing sensitive data without user consent

  [debian] [privacy] [data-leakage] [x11] [stardict] [linux] [security-vulnerability]

• Team Atlanta - AIxCC First Place Winner

  team-atlanta.github.io • Aug 9, 2025

  Georgia Tech-led team with Samsung Research, KAIST, and POSTECH that won DARPA AIxCC with their Atlantis CRS. Multi-language bug-finding and fixing system that patches vulnerabilities without human intervention.

  [aixcc] [darpa] [crs] [cyber-reasoning-system] [georgia-tech] [samsung-research] [kaist] [postech] [vulnerability-discovery] [automated-patching] [ai-security] [winner] [atlantis] [zero-day] [2025]

• Theori Robo Duck - AIxCC Third Place CRS

  GitHub • Aug 9, 2025

  Third-place winning Cyber Reasoning System from Theori, AI researchers and security professionals with 8 DEF CON CTF wins. Won semifinals with most bug classes found, finished third in finals.

  [aixcc] [darpa] [crs] [cyber-reasoning-system] [theori] [robo-duck] [vulnerability-discovery] [automated-patching] [ai-security] [def-con] [ctf] [open-source] [2025]