Pushing browsers to the limit
Abusing Modern Browser Features for Phishing
Alexander Hurbean
[Blog post] [Video]
Committing CSS Crimes for fun and profit
Lyra Rebane
[Slides] [Blog post] [Video]
Improving the Trustworthiness of Javascript on the Web
Ezzudin Alkotob, Giulio Berra, Benjamin Beurdouche, Richard Hansen, Daniel Huigens, Dennis Jackson, Cory Francis Myers, and Michael Rosenberg
[Slides] [Blog post]
LLMs standing tall
Black-hat LLMs
Nicholas Carlini
[Video] [Slides]
On the Coming Industrialisation of Exploit Generation with LLMs
Sean Heelan
[Blog post] [Code]
AI Security with Guarantees
Ilia Shumailov
[Slides] [Paper] [Video]
200 Bugs/Week/Engineer: How We Rebuilt Trail of Bits Around AI
Dan Guido
[Slides] [Blog post] [Video]
Systematic debugging for AI agents: Introducing the AgentRx framework
Shraddha Barke, Arnav Goyal, Alind Khare, and Chetan Bansal
[Blog post] [Paper] [Code]
LLMs taking a fall
Trust Me, I Know This Function: Hijacking LLM Static Analysis using Bias
Shir Bernstein, David Beste, Daniel Ayzenshteyn, Lea Schönherr, and Yisroel Mirsky
[Slides] [Paper] [Code]
AI Agent Traps
Matija Franklin, Nenad Tomašev, Julian Jacobs, Joel Z. Leibo, and Simon Osindero
[Paper]
Leaking secrets from the claud
Niels Hofmans
[Blog post] [Code]
Scary Agent Skills: Hidden Unicode Instructions in Skills ...And How To Catch Them
wunderwuzzi
[Blog post] [Code] [Video]
Nifty sundries
Data Honeytokens for the Cloud Era
Petrus Vasenius
[Blog post] [Video]
The Offense Death Cycle: Proactive Environmental Control as a Method of Persistent Cyber Defense
Volodymyr Styran
[Paper]
The AWS Console and Terraform Security Gap
Laurence Tennant
[Blog post]
The Limit Is the Sky… (Or Not)?
Antonio Nappa
[Slides] [Code] [Video]
Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
Google Threat Intelligence Group
[Blog post]