Defenders Use Prompt Injection to Shut Down AI Hacking Agents, Researchers Find
Researchers at Tracebit discovered that embedding prompt injections alongside secrets stored on Amazon Web Services can force AI hacking agents to shut themselves down by triggering their own safety guardrails. Separately, a macOS stealer dubbed ClickLock has targeted at least 100 victims across 33 countries since May, repeatedly killing apps and demanding password entry to steal Keychain data, browser credentials, and crypto wallet information. A new malware strain called TELEPUZ is spreading via ClickFix attacks, using PowerShell to deploy a Go-based Vidar Stealer variant that harvests sensitive data and launches a secondary payload. A Rust-written ransomware named Spirals has also emerged, encrypting files with per-file AES-128 keys and threatening to leak stolen data within six days if victims do not pay, with at least one confirmed victim as of mid-July 2026.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in