惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
B
Blog RSS Feed
宝玉的分享
宝玉的分享
腾讯CDC
博客园_首页
T
Tailwind CSS Blog
月光博客
月光博客
博客园 - 司徒正美
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
M
MIT News - Artificial intelligence
A
About on SuperTechFans
云风的 BLOG
云风的 BLOG
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
有赞技术团队
有赞技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
大猫的无限游戏
大猫的无限游戏
MongoDB | Blog
MongoDB | Blog
博客园 - 聂微东
V
Visual Studio Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
SecWiki News
SecWiki News
美团技术团队
P
Privacy International News Feed
H
Help Net Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Microsoft Security Blog
Microsoft Security Blog
Know Your Adversary
Know Your Adversary
Y
Y Combinator Blog
D
DataBreaches.Net
Project Zero
Project Zero
T
The Blog of Author Tim Ferriss
Cyberwarzone
Cyberwarzone
C
Cybersecurity and Infrastructure Security Agency CISA
C
Cisco Blogs
S
Schneier on Security
G
GRAHAM CLULEY
博客园 - 三生石上(FineUI控件)
Cisco Talos Blog
Cisco Talos Blog
小众软件
小众软件
Forbes - Security
Forbes - Security
D
Docker
T
Tenable Blog
S
Secure Thoughts
雷峰网
雷峰网
S
Security @ Cisco Blogs
T
The Exploit Database - CXSecurity.com
The Cloudflare Blog
博客园 - 【当耐特】
Spread Privacy
Spread Privacy
阮一峰的网络日志
阮一峰的网络日志

The Register - Security: Research

www.theregister.com Self-destructing Mistic backdoor linked to access broker selling corporate footholds to ransomware gangs PRC-linked spies hid inside medical and military networks for more than a year, snooping through Gmail and stealing data Nobody needs Mythos or 0-days to build a chaos-causing computer worm – free open source models work just fine ChatGPT blindly trusts browser content, turning the page into a payload Russia-linked threat group put ChatGPT to work from lure to payload Kids can bypass some age checks with a drawn-on mustache What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia ORNL builds more sensitive GPS interference detector Researchers find sabotage malware that may predate Stuxnet Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus Anthropic, Google, Microsoft paid AI bug bounties – quietly Security reserchers tricked Apple Intelligence into cursing Don't open that WhatsApp message, Microsoft warns Security boffins harvest bumper crop of API keys from web Lightning-fast exploits mean patch fast, says Cisco Talos AI agents are 'gullible' and easy to turn into your minions Smooth criminals talking their way into cloud environments, Google says Snoops plant info-stealing malware on iPhones, Google warns Cybercrime up 245% since the start of the Iran war Rogue AI agents can work together to hack systems Fake applicants are sending security-killing malware AI agent hacked McKinsey chatbot for read-write access Kaspersky: No signs Coruna iPhone exploit kit made by US Perplexity Comet browser hole was exploitable via cal invite DEF CON hackers 'fed up with government,' Jake Braun says DEF CON hackers 'fed up with government,' Jake Braun says Ransomware payments cratered in 2025 – attacks did not Ransomware payments cratered in 2025 – attacks did not Claude's collaboration tools allowed remote code execution AI takes a swing at online anonymity Fake 'interview' repos lure Next.js devs into running secret-stealing malware Threat intelligence supply chain is full of weak links RAT disguised as an RMM costs crims $300 a month Android malware taps Gemini to navigate infected devices Posting AI caricatures on social media is bad for security Payroll pirates conned the help desk, stole employee’s pay Microsoft boffins show LLM safety can be trained away For the price of Netflix, crooks can rent AI crime ops For the price of Netflix, crooks can rent AI crime ops Fast Pair, loose security: Bluetooth accessories open to silent hijack Fast Pair flaw exposes Bluetooth devices to hijacking A simple CodeBuild flaw put every AWS environment at risk A simple CodeBuild flaw put every AWS environment at risk DeadLock ransomware uses smart contracts to evade defenders Python libraries in AI/ML models can be poisoned w metadata OpenAI patches déjà vu prompt injection vuln in ChatGPT Fake Windows BSODs check in at Europe's hotels to con staff into running malware Hotel staff tricked into installing malware by bogus BSODs Your car’s web browser may be on the road to cyber ruin China's Ink Dragon hides out in European government networks Browser 'privacy' extensions have eye on your AI, log all your chats NCSC finds cyber deception tools work, if deployed right 10K Docker images spray live cloud creds across the internet 'Botnets in physical form' are top humanoid robot risk 'Botnets in physical form' are top humanoid robot risk Apache warns of 10.0-rated flaw in Tika metadata toolkit Novel clickjacking attack relies on CSS and SVG 'Exploitation is imminent' of max-severity React bug Swiss government bans SaaS and cloud for sensitive info Scattered Lapsus$ Hunters stress testing Zendesk weak spots HashJack attack shows AI browsers can be fooled with '#' New ClickFix attacks use fake Windows Updates to swipe creds Years-old bugs in open source took out major clouds at risk LLM-generated malware improving, but not operational (yet) 3.5B WhatsApp users' info scooped through enumeration flaw 3.5B WhatsApp users' info scooped through enumeration flaw 50k more ASUS routers pwned by evolving Beijing-linked op Overconfidence is the new zero-day as teams stumble through cyber simulations LLM side-channel attack could allow snoops to guess topic Landfall spyware used in 0-day attacks on Samsung phones MIT Sloan shelves paper about AI-driven ransomware Security hole slams Chromium browsers - no fix yet OpenAI Atlas Browser tripped up by malformed URLs Devs of VS Code extensions are leaking secrets en masse Chatbots that butter you up make you worse at conflict Tile trackers leak unencrypted Bluetooth data, say boffins Beijing's RedNovember hacked critical US, global orgs Lazarus RAT code resurfaces in North Korean IT-worker scams Suspected Chinese spies broke into 'numerous' enterprises Deepfaked calls hit 44% of businesses in last year: Gartner Kaspersky: RevengeHotels returns with AI-coded malware Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack HybridPetya ransomware dodges UEFI Secure Boot
AI agents abound, unbound by rules or safety disclosures
2026-02-20 · via The Register - Security: Research

AI agents are becoming more common and more capable, without consensus or standards on how they should behave, say academic researchers.

So says MIT’s Computer Science & Artificial Intelligence Laboratory (CSAIL), which analyzed 30 AI agents for its 2025 AI Agent Index, which assesses machine learning models that can take action online through their access to software services.

AI agents may take the form of chat applications with tools (Manus AI, ChatGPT Agent, Claude Code), browser-based agents (Perplexity Comet, ChatGPT Atlas, ByteDance Agent TARS), or enterprise workflow agents (Microsoft Copilot Studio, ServiceNow Agent).

REG AD

The paper accompanying the AI Agent Index observes that despite growing interest and investment in AI agents, "key aspects of their real-world development and deployment remain opaque, with little information made publicly available to researchers or policymakers."

REG AD

The AI community frenzy around open source agent platform OpenClaw, and its accompanying agent interaction network Moltbook – plus ongoing frustration with AI-generated code submissions to open source projects – underscores the consequences of letting agents loose without behavioral rules.

In the paper, the authors note that the tendency of AI agents to ignore the Robot Exclusion Protocol – which uses robots.txt files to signal no consent to scraping websites – suggests that established web protocols may no longer be sufficient to stop agents.

It's a timely topic. Anthropic, one of the main providers of AI agents, on Wednesday published its own analysis of AI agent autonomy, focused more on how agents are used than the consequences of their use.

"AI agents are here, and already they're being deployed across contexts that vary widely in consequence, from email triage to cyber espionage," the company said. "Understanding this spectrum is critical for deploying AI safely, yet we know surprisingly little about how people actually use agents in the real world."

According to consultancy McKinsey, AI agents have the potential to add $2.9 trillion to the US economy by 2030 – assuming the vast capital expenditures by OpenAI and other tech firms haven't derailed the hype train. We note that enterprises aren't yet seeing much of a return on their AI investments. And researchers last year found AI agents could only complete about a third of multi-step office tasks. But AI models have improved since then.

MIT CSAIL's 2025 AI Agent Index covers 30 AI agents. It is smaller than its 2024 predecessor, which looked at 67 agentic systems. The authors say the 2025 edition goes into greater depth, analyzing agents across six categories: legal, technical capabilities, autonomy & control, ecosystem interaction, evaluation, and safety. The AI Agent Index site makes this information available for every listed agent, each with 45 annotation fields.

According to the researchers, 24 of the 30 agents studied were released or received major feature updates during the 2024-2025 period. But the developers of agents talk more about product features than about safety practices.

"Of the 13 agents exhibiting frontier levels of autonomy, only four disclose any agentic safety evaluations (ChatGPT Agent, OpenAI Codex, Claude Code, Gemini 2.5 Computer Use)," according to the researchers.

REG AD

Developers of 25 of the 30 agents covered provide no details about safety testing and 23 offer no third-party testing data.

To complicate matters, most agents rely on a handful of foundation models – the majority are harnesses or wrappers for models made by Anthropic, Google, and OpenAI, supported by scaffolding and orchestration layers.

The result is a series of dependencies that are difficult to evaluate because no single entity is responsible, the MIT boffins say.

Delaware-incorporated companies created 13 of the agents evaluated by the authors. Five come from China-incorporated organizations, and four come have non-US, non-China origins: specifically Germany (SAP, n8n), Norway (Opera), and Cayman Islands (Manus).

Among the five Chinese-incorporated agent makers, one has a published safety framework and one has a compliance standard.

For agents originating outside of China, 15 point to safety frameworks like Anthropic's Responsible Scaling Policy, OpenAI's Preparedness Framework, or Microsoft's Responsible AI Standard. The other ten lack safety framework documentation. Enterprise assurance standards are more common, with only five of 30 agents having no compliance standards documented.

Twenty-three of the evaluated agents are closed-source. Developers of seven agents open-sourced their agent framework or harness – Alibaba MobileAgent, Browser Use, ByteDance Agent TARS, Google Gemini CLI, n8n Agents, OpenAI Codex, and WRITER.

All told, the Index found agent makers reveal too little safety information, and that a handful of companies dominate the market. Other major findings include the difficulty of analyzing agents given their layers of dependencies, and that agents aren't necessarily welcome at every website.

REG AD

The paper lists the following authors: Leon Staufer (University of Cambridge), Kevin Feng (University of Washington), Kevin Wei (Harvard Law School), Luke Bailey (Stanford University), Yawen Duan (Concordia AI), Mick Yang (University of Pennsylvania), A. Pinar Ozisik (MIT), Stephen Casper (MIT), and Noam Kolt (Hebrew University of Jerusalem). ®