Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal — and don't — about agent runtime protection.
SiliconANGLE

Synopsys researchers uncover prompt injection vulnerability in EmailGPT

The emergence of generative artificial intelligence services has produced a steady increase in what is typically referred to as “prompt injection” hacks, manipulating large language models through ...
VentureBeat

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway

Microsoft assigned CVE-2026-21520, a CVSS 7.5 indirect prompt injection vulnerability, to Copilot Studio. Capsule Security discovered the flaw, coordinated disclosure with Microsoft, and the patch was ...
SecurityWeek

Anthropic Silently Patches Claude Code Sandbox Bypass

Anthropic has silently patched a vulnerability that would have allowed an attacker to bypass the Claude Code network sandbox.
Hosted on MSN

Are AI Browser Extensions Putting You at Risk? Prompt Injection Attacks Explained

Be careful around AI-powered browsers: Hackers could take advantage of generative AI that's been integrated into web surfing. Anthropic warned about the threat on Tuesday. It's been testing a Claude ...
TechRepublic

GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’

A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and inject malicious HTML. GitLab has since patched the issue. A newly disclosed vulnerability in GitLab Duo ...