Research confirms that text embeddings stored in vector databases are not safely anonymised. Inversion attacks can reconstruct source text with high fidelity from embeddings alone, including those produced by commercial APIs.
Academic and industry research shaping the future of AI security, attack, and defence.
Research confirms that text embeddings stored in vector databases are not safely anonymised. Inversion attacks can reconstruct source text with high fidelity from embeddings alone, including those produced by commercial APIs.
Researchers from Toronto, Cambridge, and ServiceNow demonstrated an AI worm that ingests public vulnerability advisories at runtime and synthesises working exploits for CVEs it was never trained on, successfully compromising targets across a simulated network.
Unit 42 found that LLMs reliably hallucinate plausible-but-fake domains for real brands. Attackers now probe AI models to identify those domains, register them first, and inherit the trust the model projects onto addresses that never existed.
Three papers published in 2026 confirm what practitioners suspected: LLM safety alignment is structurally shallow, and fine-tuning APIs are the widest open bypass.
Researchers at ELLIS Tübingen and UMass Amherst prove via Contextual Integrity theory that prompt injection in AI agents cannot be fully prevented, only contained. Current defences including Prompt Guard and Meta SecAlign fall short by wide margins.