Noisy
← all items
NOW BEING MEASURED · 10 items · April 14, 2026

More AI power keeps revealing the same blind spot

Ten independent research teams published papers this week showing that AI agents can be compromised through their plugins, memory stores, debug logs, reasoning chains, and phone interfaces — and that existing safety audits test none of these. The attacks work because agents are built to trust the tools and data they read. That trust is not verified anywhere in the current review process.

10 documents
arXiv AI agents can now be poisoned through their tool suppliers — and we can finally measure it
arXiv Ten minutes with AI makes people give up faster when the AI is gone
arXiv The most widely deployed personal AI agent fails basic security tests — poisoning one part of its memory triples attack success
arXiv AI agents running on your computer can be tricked into stealing credentials — and existing safety tests miss it entirely
arXiv LLM agent skills leak credentials through debug logs — and stay leaked even after fixes
arXiv LLM coding agents can be hijacked through poisoned skill documentation — and defenses miss 2.5% of attacks
arXiv LLM agent plugins have no security review — and the framework itself makes them impossible to sandbox
arXiv Web agents can be poisoned through a single contaminated page, then weaponized on unrelated sites weeks later
arXiv LLM safety instructions leak through the back door when you ask for them sideways
arXiv AI models that reason in silence can be hijacked through a single hidden vector — and token-level defenses miss it entirely
The pattern

AI agents are useful precisely because they delegate work outward — to plugins, to memory, to external tools — and trust what comes back. Every paper here found an attack that enters through one of those delegation points. The safety testing that approved these systems evaluated the model in isolation, in a chat window, with no external inputs. The architecture changed. The audit did not. What's missing is not a patch — it's an entire category of security review that does not yet exist as standard practice for agentic systems.

Whether any major AI company revises its pre-deployment security checklist to include supply chain and memory-layer testing before the next major agent release.