Researchers hid a prompt injection inside a PNG, and AI fell for it — from digitaltrends.com by Shimul Sood
A team of security researchers (professor Sudipta Chattopadhyay and researcher Murali Ediga) has demonstrated an unusual attack that doesn’t target the AI model directly. Instead, it targets what the AI doesn’t pay enough attention to during code reviews. Rather than hiding malicious instructions in lines of code, the researchers tucked them inside an image file. Since many AI review tools treat images as decorative assets rather than as something worth inspecting, the pull request can appear perfectly harmless and sail through the review.
They argue that AI review tools need to become “multimodal” in the truest sense — treating images, documentation, configuration files, and other non-code assets with the same level of scrutiny as source code. If an AI can read a picture, it also needs to understand that the picture could be trying to manipulate it. For developers, this is another reminder that AI coding tools still need supervision. They can dramatically speed up software development, but they also open entirely new attack surfaces that didn’t exist before. The next security risk might not be hidden in thousands of lines of code — it could be sitting inside an image that nobody thought was worth opening.
AI has already fallen into the wrong hands and they’re using it to make bombs — from digitaltrends.com by Shimul Sood
Artificial intelligence has quickly become the go-to tool for everything from writing emails and summarizing meetings to helping students study or developers debug code. But the same technology that saves people time can also be misused, and a new report suggests that terrorist organizations are finding ways to do exactly that.
According to a research paper shared with The New York Times ahead of its publication, researchers found evidence that members of Boko Haram have been using popular AI chatbots to support both day-to-day activities and combat-related tasks. Interviews with 27 former members conducted in Nigeria over the past two years suggest that tools such as ChatGPT, Gemini, Claude, Grok, Meta AI, and DeepSeek were used to gather technical information, troubleshoot weapons, and even assist with planning attacks.
This wasn’t just a few bad actors messing around
What makes the findings especially concerning is that this wasn’t described as the work of a few individuals experimenting with AI. The report claims the group’s use of AI had become organized, with dedicated teams, internal training, and knowledge shared between members. Researchers also say some users managed to bypass built-in safety protections designed to prevent AI from responding to requests related to violence.





