Marcin Ludwiszewski

Agents of Chaos - arxiv.org/pdf/2602.20021 We report an exploratory red-teaming study of autonomous language-model-powered agents deployed in a live laboratory environment with persistent memory, email accounts, Discord access, file systems, and shell execution. Over a two-week period, twenty AI researchers interacted with the agents under benign and adversarial conditions. Focusing on failures emerging from the integration of language models with autonomy, tool use, and multi-party communication, we document eleven representative case studies. Observed behaviors include unauthorized compliance with non-owners, disclosure of sensitive information, execution of destructive system-level actions, denial-of-service conditions, uncontrolled resource consumption, identity spoofing vulnerabilities, cross-agent propagation of unsafe practices, and partial system takeover. In several cases, agents reported task completion while the underlying system state contradicted those reports. We also report on some of the failed attempts. Our findings establish the existence of security-, privacy-, and governance-relevant vulnerabilities in realistic deployment settings. These behaviors raise unresolved questions regarding accountability, delegated authority, and responsibility for downstream harms, and warrant urgent attention from legal scholars, policymakers, and researchers across disciplines. This report serves as an initial empirical contribution to that broader conversation. @NatalieShapira, @wendlerch, Avery Yen, @gsarti_, @kpal_koyena, Olivia Floody, Adam Belfki, Alex Loftus, Aditya Ratan Jannali, @nikhil07prakash, Jasmine Cui, Giordano Rogers, Jannik Brinkmann, @can_rager, @AmirZur2000, Michael Ripa, Aruna Sankaranarayanan, @diatkinson, @rohitgandikota, Jaden Fiotto-Kaufman, @eunjeong_hwang, Hadas Orgad, P Sam Sahil, Negev Taglicht, Tomer Shabtay, Atai Ambus, @nitalon, Shiri Oron, Ayelet Gordon-Tapiero, @KaplanYotam, @VeredShwartz, Tamar Rott Shaham, @criedl, @r_mirsky, @MaartenSap, @davidmanheim, @TomerUllman, @davidbau - @Northeastern, @Stanford, @UBC, @Harvard, @HebrewU, @MPICybernetics, @MIT, @TuftsUniversity, @CarnegieMellon, @Alter_org_il, @TechnionLive, @VectorInst #AIAgents #AISafety #AgentSecurity #LLMSecurity #AIGovernance #RedTeaming #Cybersecurity #PromptInjection #AIAlignment #MechanisticInterpretability #AIEvaluation #AIResearch

APT36 has pivoted from off-the-shelf malware to "vibeware", an AI-driven development model that produces a high-volume, mediocre mass of implants. Using niche languages like Nim, Zig, and Crystal, the actor seeks to evade standard detection engines while leveraging trusted cloud services, including Slack, Discord, Supabase, and Google Sheets, for command and control. #AISecurity bitdefender.com/en-us/blog/bus…

A hacker jailbroke Claude, ran it against Mexican government agencies for a month, and walked away with 150GB of data. It's the second Claude-enabled cyberattack in a year — and the breach exposes four domains your security stack can't see. venturebeat.com/ai/claude-mexi…

‼️At the end of last year, there was a series of coordinated attacks in Polish cyberspace. 📌Today, our team is publishing a report describing the technical analysis of these events. We show the scheme of operation and the tools used by the attackers. ➡️cert.pl/uploads/docs/C…

Hackers behind cyberattack against Poland electric grid in Dec disabled communication devices for at least 30 sites across a number of energy facilities in country. They rendered the devices not only inoperable but also unrecoverable zetter-zeroday.com/attack-against…

New Blog! And the first of a new ‘adversary infrastructure profile’ blog series I am starting with @teamcymru 😁 I’ve shared an explanation of the types of infra routinely used by threat groups, as well as Team Cymru Scout queries for investigations: team-cymru.com/post/scattered…

We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69. Please refer to the official Chrome Webstore link here: chrome.google.com/webstore/detai… Please note: Mobile-only users and all other browser extension versions are not impacted. We understand how concerning this is and our team is actively working on the issue. We’ll keep sharing updates as soon as possible.

GAME OVER – największa operacja CBZC przeciwko przestępstwom o charakterze pedofilskim. W efekcie prowadzonych w drugiej połowie listopada działań, zatrzymano na terenie całego kraju 1⃣0⃣0⃣ osób, którym przedstawiono zarzuty o charakterze pedofilskim m. in. posiadania i rozpowszechniania treści CSAM. Wśród zatrzymanych jest także 5 podejrzanych o produkowanie treści przedstawiających seksualne wykorzystanie osób małoletnich. To już kolejna, 7 operacja CBZC przeciwko przestępczości o charakterze pedofilskim w Polsce! cbzc.policja.gov.pl/bzc/aktualnosc…

najbardziej prawdopodobne ścieżki: - przejęcie klucza prywatnego (lub kopii klucza) - malware, insider - kompromitacja wewnętrznej infry do podpisywania wypłat - inne błędy procedurze wypłat, która mogła np. pominąć multisig, 2fa, cokolwiek

Nie ma obecnie publicznego oświadczenia, które wskazywałoby, jak dokładnie (technicznie) klucz prywatny został skompromitowany

Południowokoreańska giełda #crypto - #Upbit została zhakowana. Atakujący uzyskał dostęp do klucza prywatnego hot walleta Upbit w sieci Solana. Z portfela wypłacono różne tokeny – m.in. SOL, USDC, BONK.. Straty szacowane są na ok. $35M. #hacked

Name that was provided to us on the API account Email address associated with the API account Approximate coarse location based on API user browser (city, state, country) OS and browser used to access the API account Referring websites Organization or User IDs linked to the API

#OpenAI potwierdziło #leak poprzez zewnętrznego dostawcę analityki — Mixpanel. Możliwe, że ujawniono fragmenty metadanych użytkowników #API: adresy e-mail, user ID, lokalizację i inne dane telemetryczne.

CrowdStrike has fired a 'suspicious insider' who allegedly shared information with hackers, denying any breach despite claims from a hacker group leaking internal screenshots. #Cybersecurity #CrowdStrike techcrunch.com/2025/11/21/cro…

Ciekawe podsumowanie lekcji o cyberbezpieczeństwie na przykładzie UK-owej firmy Capita i ataku ransomware. Warto rzucić okiem, zanim wejdziemy na poziom NIS2. doublepulsar.com/what-organisat…

We believe this is the first documented case of a large-scale AI cyberattack executed without substantial human intervention. It has significant implications for cybersecurity in the age of AI agents. Read more: anthropic.com/news/disruptin…

Another confirmed case of smart contracts being used as persistent infrastructure for malicious code #smartcontractmalware #EtherHiding #DPRK #blockchainloader #bulletproofmalwarehosting cloud.google.com/blog/topics/th…

Ugh, F5 miało długoterminowych gości w swojej sieci. Niefajne wieści dla użytkowników ich produktów. Źródło: sec.gov/Archives/edgar…

The @MDSecLabs red team is hiring! If you're an experienced red team operator interested in conducting multi-month operations within a small and technically gifted team reach out to us! ✊

🇳🇱🇨🇳 Netherland took control of a Chinese company, to ensure supply to Europe. Global trade is just getting more hostile by the day. That’s pretty carzy.