{"data":{"id":"5eb6fbf3-cfab-4d83-b7f6-39eebe5b4ce8","title":"The Month of AI Bugs 2025","summary":"The Month of AI Bugs 2025 is an initiative to expose security vulnerabilities in agentic AI systems (AI that can take actions on its own), particularly coding agents, through responsible disclosure and public education. The campaign will publish over 20 blog posts demonstrating exploits, including prompt injection (tricking an AI by hiding malicious instructions in its input) attacks that can allow attackers to compromise a developer's computer without permission. While some vendors have fixed reported vulnerabilities quickly, others have ignored reports for months or stopped responding, and many appear uncertain how to address novel AI security threats.","solution":"N/A -- no mitigation discussed in source.","labels":["security","research"],"sourceUrl":"https://embracethered.com/blog/posts/2025/announcement-the-month-of-ai-bugs/","publishedAt":"2025-07-28T17:20:58.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"info","attackType":["prompt_injection","model_poisoning"],"issueType":"news","affectedPackages":null,"affectedVendors":["OpenAI","Anthropic","Google","Amazon","Microsoft"],"affectedVendorsRaw":["OpenAI","ChatGPT","ChatGPT Codex","Anthropic Claude","Claude Code","Google Jules","Amazon Q Developer","GitHub Copilot","AmpCode","Manus","OpenHands","Devin","Windsurf","Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}