Mastodawn

New findings show that an AI browser agent can interpret crafted emails as legitimate cleanup tasks, resulting in large-scale Google Drive deletions without user interaction.

Researchers also demonstrated HashJack, a technique hiding instructions in URL fragments that AI browsers may execute automatically.

Both techniques highlight the importance of securing agent workflows, OAuth scopes, and natural-language task interpretation.

Source: https://thehackernews.com/2025/12/zero-click-agentic-browser-attack-can.html

💬 Thoughts on how agentic browsers should validate intent?
👍 Follow us for clear and unbiased security coverage.

#InfoSec #CyberSecurity #AIsecurity #ZeroClick #BrowserSecurity #LLMbehavior #AutomationRisks

N-gated Hacker News Mar 1, 2025

🚨 Oh no, Zapier's code repo got "borrowed" and your data might be in the hands of someone who actually reads terms and conditions! 🙈 Maybe they were just looking for a better way to automate their lack of cybersecurity. 📉
https://www.theverge.com/news/622026/zapier-data-breach-code-repositories #ZapierSecurity #DataBreach #CyberAwareness #AutomationRisks #TermsAndConditions #HackerNews #ngated

Zapier says someone broke into its code repositories and may have accessed customer data

Zapier is notifying customers about a “security incident,” which involved an unauthorized user gaining access to the company’s code repositories and “certain custom information.”

The Verge

Thomas Dec 26, 2024

As a reminder: don't let LLMs handle anything in the political sphere unless you have RLHF (Reinforcement Learning from Human Feedback) active before you show the result to anyone*. Also think of automation risks and human factors (HF). That's "Good Old Systems Safety".

*) ... or unless your goal is to damage a 3rd party's reputation (fake news style).

#llm #ai #rlhf #automationrisks #SystemsSafety

https://www.theregister.com/2024/12/20/apple_ai_headline_summaries/?td=rt-3a

Apple called on to ditch AI headline summaries after BBC debacle

'Facts can't be decided by a roll of the dice'

The Register

Thomas Jun 5, 2024

@anulahtinen I hold that no amount of syntax can substitute semantics. Not taking into account Finnish syntax in a financial transaction pertaining to Finland is a very nice demonstration. #logic #automation #automationrisks