Tech Risk Reading Picks

1. HashJack: Emerging AI-browser exploit raises design-level security concerns [more]

   1. HashJack exposes a novel prompt-injection technique where malicious instructions are hidden in URL fragments (#), allowing attackers to manipulate AI browser assistants without compromising the underlying website.

   2. Exploits include credential theft, harmful advice, data exfiltration, and automated execution of risky system actions, especially in advanced agentic modes where AI acts independently.

   3. While Microsoft and Perplexity issued timely fixes, Google has not yet addressed the issue for Gemini, underscoring uneven responses and the need for stronger AI-integrated security practices.

   4. Google’s classification of the vulnerability as low-severity and “intended behaviour” has raised concern because it leaves users exposed to an exploit that bypasses traditional security controls and relies on AI design flaws.

2. ClickFix attacks surge 517% [more]

   1. ClickFix attacks have escalated sharply, with a 517% increase and growing use by state-aligned threat groups from Iran, North Korea, and Russia.

   2. Threat actors now exploit cloned, trusted-looking websites—including fake ChatGPT Atlas installers—to trick users into running password-harvesting commands.

   3. The attack bypasses traditional controls by convincing users to paste obfuscated commands into their terminal, enabling privilege escalation and full system compromise.

   4. Use of Google Sites as a trusted delivery platform, which raises concerns about major tech platforms inadvertently enabling high-fidelity phishing; attackers leverage Google’s implicit trust to increase success rates, sparking debate about platform accountability.

3. Malicious LLMs accelerate cybercrime capabilities [more]

   1. Malicious LLMs are operational and evolving. Tools like WormGPT 4 and KawaiiGPT now generate functional ransomware, phishing campaigns, and automated attack scripts, enabling scalable cyberattacks with minimal expertise.

   2. These models allow inexperienced actors to produce professional-grade phishing messages, conduct lateral movement, and execute data exfiltration with ease.

   3. Paid and free versions, supported by active Telegram communities, indicate a maturing illicit market that accelerates tool development and attacker collaboration.

4. AI data security reality check for enterprise leaders [more]

   1. AI adoption has outpaced oversight, with 83% of organizations using AI daily but only 13% having strong visibility into how it handles sensitive data.

   2. AI is functioning as an ungoverned enterprise identity, resulting in widespread over-access to sensitive information and limited ability to monitor or control prompts and outputs.

   3. Governance readiness is critically low, as only 7% have a dedicated AI governance function and just 11% feel prepared for emerging regulatory demands.

   4. Autonomous AI agents present the most acute and debated risk, with 76% of professionals calling them the hardest systems to secure and over half unable to block risky actions in real time.

5. Critical picklescan vulnerabilities expose AI supply chains to model-based attacks [more]

   1. High-severity flaws in Picklescan allowed attackers to bypass its safeguards and execute arbitrary code through malicious PyTorch model files.

   2. These vulnerabilities highlight systemic weaknesses in relying on a single scanning tool to secure increasingly complex AI model formats.

   3. Remediation is available (Picklescan v0.0.31), underscoring the need for continuous, expert-driven monitoring of AI supply chain risks.

   4. The flaws expose a fundamental tension between rapid AI innovation and lagging security controls, raising concerns that existing model-scanning tools cannot keep pace with emerging threats.

6. AI advancing faster than its safeguards [more]

   1. Layered AI safeguards are expanding but remain inconsistent, with no single control reliably stopping determined attackers—forcing reliance on imperfect, overlapping defenses.

   2. Attack techniques and open-weight model adaptations are accelerating faster than defensive tools, creating unpredictable risks even when vendors claim strong safeguards.

   3. Governments and companies are building early safety frameworks, but the absence of shared standards means oversight, evaluation quality, and vendor disclosures vary widely.