Daily Archives: September 18, 2025

Unknown's avatar Rick's Cafe AI 11:30 am on September 18, 2025
Tags:   

Mind the Gap: Time-of-Check to Time-of-Use Vulnerabilities in LLM-Enabled Agents

Large Language Model (LLM)-enabled agents are rapidly emerging across a wide range of applications, but their deployment introduces vulnerabilities with security implications. While prior work has examined prompt-based attacks (e.g., prompt injection) and data-oriented threats (e.g., data exfiltration), time-of-check to time-of-use (TOCTOU) remain largely unexplored in this context. TOCTOU arises when an agent validates external state (e.g., a file or API response) that is later modified before use, enabling practical attacks such as malicious configuration swaps or payload injection. In this work, we present the first study of TOCTOU vulnerabilities in LLM-enabled agents. We introduce TOCTOU-Bench, a benchmark with 66 realistic user tasks designed to evaluate this class of vulnerabilities. As countermeasures, we adapt detection and mitigation techniques from systems security to this setting and propose prompt rewriting, state integrity monitoring, and tool-fusing. Our study highlights challenges unique to agentic workflows, where we achieve up to 25% detection accuracy using automated detection methods, a 3% decrease in vulnerable plan generation, and a 95% reduction in the attack window. When combining all three approaches, we reduce the TOCTOU vulnerabilities from an executed trajectory from 12% to 8%. Our findings open a new research direction at the intersection of AI safety and systems security. — Read More

#cyber

Unknown's avatar Rick's Cafe AI 11:10 am on September 18, 2025
Tags:   

Jack Ma Returns With a Vengeance to ‘Make Alibaba Great Again’

During China’s yearslong crackdown on the tech sector, Alibaba Group Holding Ltd.’s internal messaging boards lit up with dreams to “MAGA” – Make Alibaba Great Again. Now, the company is deploying one of its most potent weapons to accomplish that mission: Jack Ma.

After vanishing from the public eye at the outset of an antitrust investigation in late 2020, China’s most recognizable entrepreneur is back on Alibaba’s campuses – and he’s more directly involved than he’s been in half a decade, according to people familiar with the company. Signs of his unseen hand are coming into sharper focus, perhaps no more so than in the company’s pivot to artificial intelligence and its declaration of war on e-commerce foes JD.com Inc. and Meituan. Ma was instrumental in Alibaba’s decision to spend as much as 50 billion yuan ($7 billion) on subsidies to beat back JD’s surprise entry to the market, said one of the people, requesting not to be named because the matter is private. — Read More

#big7