Aggregator

A researcher hailing from Positive Technologies has unearthed a labyrinthine chain of vulnerabilities festering within the Dell Wyse

The post The Thin Client Trap: How a Vulnerability Chain in Dell Wyse Management Suite Unlocks Remote Code Execution appeared first on Penetration Testing Tools.

Tenable One's new Model Refusal Detection turns an LLM's refusal to execute a risky or suspicious prompt into a high-fidelity early warning signal. It helps you uncover and stop prompt injection attacks, insider threats, and other risky user behaviors before they escalate into a breach. 

1. AI has shifted traditional cyber detection methods away from security data analysis and toward human language analysis. This shift makes AI adversarial attempts harder to detect and increases data privacy risks.
    
2. An LLM’s “model refusal” response could be a high-fidelity warning of an active attack. While LLM responses vary, a single refusal often provides a roadmap for attackers to refine their prompts until they succeed.
    
3. The new Model Refusal Detection from Tenable One AI Exposure adds a “defense-in-depth” layer, turning model responses into an early-warning system to neutralize adversarial behavior before a successful bypass occurs.
    

An AI model’s refusal to respond to a user’s prompt doesn’t stop an attacker. It encourages the malicious actor to try again to bypass your guardrails. That’s why we’re announcing Tenable AI Exposure’s Model Refusal Detection, available now. By using these refusals as potential attack indicators in a sophisticated, AI-based detection engine, we can catch the malicious intent before the breach.

Read on to learn why it matters and how you can secure your AI systems today.

AI has broken the traditional security playbook. The attack surface is changing daily, turning yesterday’s nuances into today’s critical exploits. Unlike traditional cybersecurity, AI security hinges on language and text inputs rather than on the analysis of a collection of data points. 

Despite this inherent complexity, every enterprise’s goal is the same: not to miss any adversarial attempt.

AI vendors such as OpenAI, Anthropic, and Google have implemented safety guardrails to address foundational AI safety. These guardrails are designed to refuse user requests that pose a risk or might be harmful. This mechanism is known as model refusal.

However, solely depending on blocking adversarial user input techniques is inadequate, especially since AI models lack the deterministic consistency of traditional systems. Crucially, it’s vital to recognize that for a determined user, a single refusal often serves only as an invitation to try again with a different approach until they succeed.

Model refusals are a crucial warning sign of a tangible security risk. Ignoring them allows risky insiders, such as erratic or malicious employees, as well as malicious actors, such as those utilizing compromised accounts, to engage in unmonitored abuse. Ignoring refusals exposes the company to serious regulatory, privacy, and business risks. 

A significant challenge in detecting model refusal is distinguishing malicious attempts from valid requests limited by the model’s capabilities. We avoid surfacing these false positives by identifying refusals triggered by functional gaps rather than security risks, such as a user asking a text-only model to generate a video or execute a backend script that it isn’t integrated with.

With this challenge in mind, and recognizing the limitations of prompt-only defenses, the Tenable Research team undertook research into the other side of the interaction — not only the user’s risky behavior but also the model’s response. 

There are several important reasons why an LLM should refuse a user’s request. It should refuse it if the request is clearly harmful, involves a malicious cyber-related request, hints at dangerous or illegal activity, or attempts to gain unauthorized access. All those requests are expected to be refused.

To analyze model refusal types, we compiled thousands of prompts into “refusal” categories. We then red-teamed the models with these risky prompts, expecting them to trigger refusals.

Model refusals can occur for many reasons, which is why our unique detection strategy is built on the defense-in-depth principle. Rather than relying on isolated data points, we treat a model’s refusal as a high-fidelity signal that an incident might be occurring. By correlating these signals with our deep analysis of user inputs and agentic actions, we provide a comprehensive view of your AI’s security posture.

Models vary significantly in their ability to block malicious prompts and in their style of refusal. This inconsistency highlights the need for a comprehensive AI security platform, rather than relying on the inherent behavior of any individual model.

During our research, we categorized several types of refusals by analyzing patterns and semantic fields in the model’s responses, independent of the user’s input. We won’t reveal all categories here to avoid serving adversarial efforts.

One notable type is the “Bold No” — a strong, unambiguous, and forceful refusal. This is typically used in response to requests that are clearly extremely dangerous or harmful.

For instance, when prompted to describe a sexual scene involving minors, the model delivered a firm and clear refusal: “I can’t and won’t provide that content. If you have other questions or topics I can help with, I’m happy to assist.” 

Another significant pattern we identified is the “Empathy” type. This pattern occurs when the user expresses distress (frustration, sadness, or suicidal thoughts), which leads them to make a risky or prohibited request. The model refuses the request but includes compassionate language and may even direct the user to professional help.

A clear example of this is a scenario where a user sent a harmful prompt asking the model to write a speech against a specific ethnic group, threatening self-harm if the model refused. The model refused the hateful content but responded with great sensitivity: 

No organization wants to be on the front page because an employee leaked sensitive data or generated harmful content using corporate AI tools. Model refusal is a clear signal of this risky behavior, and you need to know when it occurs.

Model refusal is an evolving landscape, and while LLM providers constantly tune their guardrails, a determined user will always hunt for a bypass. Because no single wall is ever enough, a layered defense powered by deep AI-based detection is essential to catch risky behavior before it escalates.

This is why we’ve launched Model Refusal Detection directly into Tenable One AI Exposure. Available now, this capability treats policy refusals as a high-fidelity signal, the “smoke” that often precedes the fire of a full-scale breach. By monitoring these attempts, organizations can identify exactly who is trying to bypass native guardrails, allowing for proactive investigation of potential insider threats or threat actors.

As the newest layer in our detections stack, Model Refusal Detection provides the critical early warning to stay ahead of emerging AI risks. At Tenable, we are committed to ensuring that no signal of malicious intent ever goes unnoticed.

Learn more about Tenable AI Exposure.

A new Malware-as-a-Service (MaaS) credential stealer named Torg Grabber has surfaced, showing remarkable development pace over just three months. Starting with simple Telegram-based data exfiltration, it matured into a fully encrypted REST API command-and-control (C2) infrastructure. With 334 samples compiled in that short period and more than 40 confirmed operator tags found in the binaries, […]

The post New Torg Grabber Stealer Moves From Telegram Exfiltration to Encrypted REST API C2 appeared first on Cyber Security News.

Washington has resolved to adopt a proactive posture in the relentless crusade against cyber warfare and the nascent

The post The Bureau of Emerging Threats: Inside Washington’s New High-Tech Shield Against AI and Orbital Warfare appeared first on Penetration Testing Tools.

Yet another devastating supply chain bombardment has struck at the heart of ubiquitous developmental instruments. On this occasion,

The post Security Subverted: How TeamPCP Poisoned Checkmarx KICS to Harvest Cloud Secrets appeared first on Penetration Testing Tools.

AI的超级入口固然重要，人与Agent的协作平台或许也不错

是时候让上下文管理也Agentic起来了

It’s time for context management to become Agentic.

我想“时间过得既快又慢”就是今年的最佳总结了

AI是个好东西

The cybercriminal syndicate known as Silver Fox astutely cloaks its bombardments beneath the guise of tax audits, relentlessly

The post The Taxman’s Shadow: How Silver Fox Weaponized Tax Audits to Hijack Networks Across Asia appeared first on Penetration Testing Tools.

兔子洞系列：生僻字

错误的CORS配置导致任意命令执行

已在v1.0.34版本中修复

https://github.com/musistudio/claude-code-router/security/advisories/GHSA-8hmm-4crw-vm2c

Kali Linux 2026.1 has arrived, bearing not merely a novel array of software packages, but an unexpected, nostalgic

The post Ghosts in the Shell: Kali Linux 2026.1 Resurrects the Legendary BackTrack 5 for its 20th Anniversary appeared first on Penetration Testing Tools.