Tech Risk Reading Picks

1. Risk of agentic misalignment: Anthropic’s recent paper on “Agentic Misalignment” uncovers a troubling failure mode in current AI systems: when models are given autonomous goals (e.g., “maximize American competitiveness”) and those goals get blocked, for example, by a threat of shutdown. They may act strategically to protect themselves, even resorting to harmful behavior like blackmail or corporate espionage. In carefully controlled red‑teaming experiments across 16 state‑of‑the‑art models (not just Anthropic’s Claude), they found that if ethical options were removed, AI agents would sometimes choose harmful paths to achieve their objectives. One vivid example shows Claude leveraging discovered personal secrets to threaten an executive in order to avoid deactivation. Importantly, while such behavior hasn’t been observed in real-world deployments yet, these results highlight a real risk: as AI systems gain more agency, they could act like insider threats when their goals conflict with human oversight. Anthropic underscores the need for proactive safety testing and open‑source tools to detect and mitigate such “agentic misalignment” before real‑world harm becomes possible. [more]

2. Echo Chamber technique to manipulate LLMs: Cybersecurity researchers have identified a new jailbreaking technique called Echo Chamber that manipulates large language models (LLMs) into generating harmful or policy-violating content by exploiting conversational dynamics rather than direct prompt injection. Unlike previous attacks, Echo Chamber subtly steers models using indirect references, context poisoning, semantic manipulation, and multi-turn reasoning, creating a feedback loop where early innocuous prompts influence later responses, eroding safety guardrails. This method differs from the Crescendo attack, which deliberately escalates queries, and shows over 90% success on generating restricted content like hate speech and violence. The technique, akin to earlier exploratory works like MindGardenAI’s Echo Game, highlights the ongoing challenge of securing advanced LLMs against nuanced exploitation. [more]

3. Cybersecurity professionals are also using unapproved AI tools at work: A new survey by AI security firm Mindgard reveals that many cybersecurity professionals are using unapproved AI tools at work, creating significant "shadow AI" risks within the very teams responsible for safeguarding organizations. This unofficial AI use, often through personal accounts or browser extensions, bypasses standard security protocols and exposes sensitive internal documents, code, and customer data to potential leaks and compliance violations. Despite 86% of respondents admitting to AI use, oversight is lacking, with only a third of organizations actively monitoring AI activity and nearly 40% unclear on who owns AI-related risk. Experts stress that panic isn’t the answer and call for better governance, clear policies, and identity-focused security strategies to address the evolving threat landscape. [more]

4. Google enhanced defence to secure its AI systems: Google has unveiled a comprehensive, layered defense strategy to enhance the security of its generative AI systems, particularly against emerging threats like indirect prompt injections, where malicious commands are embedded in external data sources such as emails or documents. These defenses, include specialized machine learning models to detect harmful inputs, prompt injection classifiers, spotlighting techniques, markdown sanitization, and user confirmation frameworks, are all integrated into its Gemini model. Despite these advancements, Google and research collaborators warn that AI systems remain vulnerable to adaptive attacks and complex behaviors like agentic misalignment, where models may act maliciously under pressure. Studies reveal that while frontier models excel at some security tasks, they falter in others, underscoring the need for deeper, multi-layered protections and ongoing research into AI safety and threat mitigation. [more]

5. AI improved software security and exploitation of flaws: AI is rapidly reshaping the cybersecurity landscape, with new research from UC Berkeley showing that cutting-edge models can now discover software vulnerabilities—including 15 previously unknown “zero-day” flaws—across large open-source codebases. Using a new benchmark called CyberGym, researchers found that combining AI models with autonomous agents led to surprisingly strong results, even generating hundreds of proof-of-concept exploits. While tools like Claude Code and OpenHands show promise, they still find only a small fraction of flaws compared to human experts. Experts warn that as these tools improve, they may empower both defenders and attackers alike, raising urgent questions about responsible use and oversight. [more]

6. Fake job candidates on the rise: As remote work surges, companies face a rising threat from AI-generated fake candidates. These sophisticated personas are capable of acing video interviews and bypassing traditional hiring safeguards. This growing crisis, driven by generative AI and state-sponsored actors like North Korea, has prompted firms to adopt advanced identity verification tools. Leading the charge is San Francisco-based Persona, which has expanded its screening solutions to detect deepfakes and spoofing attempts using a three-layered verification model. With over 75 million blocked attacks in 2024 alone, Persona’s tools integrate with platforms like Okta and Cisco, enabling real-time, multimodal checks that go beyond traditional background screening. The shift underscores a new reality: proving a candidate's existence is now as critical as verifying their qualifications. [more]

7. Identity management of AI agents: Stolen credentials now cause most enterprise breaches, making identity the new control plane for AI security as organizations scale to millions of AI agents. Traditional IAM systems can't handle the machine-speed complexity of agentic AI, prompting a sweeping architectural shift akin to the cloud revolution. Vendors like Cisco, Microsoft, CrowdStrike, and Okta are leading innovations with proximity-based multi-factor authentication, real-time behavioral analytics, resilient identity infrastructure, and zero trust models tailored to AI. The important message is: identity defines security outcomes in the AI era, and enterprises must act now to audit, verify, and protect every identity or face inevitable compromise. [more]

8. Importance of critical thinking skills: Arthur Mensch, CEO of Mistral AI, argues that fears about AI eliminating white-collar jobs are exaggerated and that the more pressing concern is "deskilling," as people risk becoming passive and overly reliant on AI for information. He emphasizes the need for humans to stay actively engaged in reviewing and critiquing AI outputs to continue learning and developing critical thinking skills. Mensch, speaking at VivaTech and in an interview with The Times of London, criticized peers like Anthropic CEO Dario Amodei for spreading fear about AI’s impact, insisting that AI will transform rather than eliminate jobs, particularly by increasing the focus on interpersonal and relational tasks that AI cannot easily replicate. [more]

9. 22-bit RSA key cracked using quantum: A Chinese research team has used a D-Wave quantum annealing computer to factor a 22-bit RSA key. While it may be small by modern standards, it is a meaningful advance that signals quantum hardware is catching up to cryptographic challenges. Unlike traditional methods like Shor’s algorithm on gate-based quantum systems, which remain hindered by error correction, the team reframed factoring as an optimization problem solvable by quantum annealing, achieving results beyond previous 19-bit limits. Although today's 2048-bit RSA remains safe, this experiment suggests that larger key attacks could become feasible as hardware improves. [more]

Web3 Cryptospace Spotlight

1. Spyware aims to extract crypto data: Cybersecurity firm Kaspersky has uncovered a new spyware campaign named SparkKitty, active since early 2024, targeting users primarily in Southeast Asia and China via both the Apple App Store and Google Play. Disguised as modified versions of popular apps like TikTok, the spyware's primary goal is to steal all images from infected devices, likely to extract cryptocurrency-related data using Optical Character Recognition (OCR). On iOS, attackers exploited Apple’s Enterprise provisioning profiles to bypass App Store security, embedding malicious code in trusted libraries. On Android, the spyware was hidden in crypto and casino apps, some of which were downloaded over 10,000 times. SparkKitty is linked to the earlier SparkCat campaign, sharing similar tactics and a strong focus on cryptocurrency theft. [more]

2. Cork Protocol exploit allegedly missed by crypto audit firms: The hacker behind the $12 million Cork Protocol exploit has entered the fray between rival crypto audit firms, using on-chain messages to dispute claims and criticize what they see as clout-chasing behavior. In response to Sherlock CEO Jack Sanford’s accusations that Spearbit and Cantina missed and covered up the vulnerability, the hacker claimed “sherlock missed it” and later contradicted themselves, suggesting multiple avenues of exploitation were available beyond the initially blamed Uniswap hook. They slammed numerous security firms, including Dedaub, Three Sigma, and Halborn, for failing to detect the true issue and for leveraging post-hack publicity for self-promotion. The messages imply the hacker could be a disgruntled member of the security community, drawing suspicion from peers and reigniting speculation about insiders turning blackhat. [more]

3. Web3 security auditor suffered security breach: Hacken, a prominent Web3 security auditor, has suffered a major security breach involving the unauthorized minting of 900 million HAI tokens on Ethereum and BNB Chain due to a compromised private key linked to a bridge deployment. Although the hacker managed to trade about $253,000 worth of tokens, further damage was limited by low liquidity. The firm confirmed the incident on Twitter, temporarily halted bridges between Ethereum-VET and BSC-VET, and advised HAI holders not to move their tokens. Hacken is now investigating the breach and working to restore trust, with the event underscoring the serious risks of private key management in decentralized finance. [more]