{"data":{"id":"af8b470c-263c-4d25-9560-04d9c944e3ae","title":"v5.2.0","summary":"Version 5.2.0 adds new attack techniques against AI systems, including methods to steal credentials from AI agent tools (software components that perform actions on behalf of an AI), poison training data, and generate malicious commands. It also introduces new defenses such as segmenting AI agent components, validating inputs and outputs, detecting deepfakes, and implementing human oversight for AI agent actions.","solution":"The source lists mitigations rather than fixes for a specific vulnerability. Key mitigations mentioned include: Input and Output Validation for AI Agent Components, Segmentation of AI Agent Components, Restrict AI Agent Tool Invocation on Untrusted Data, Human In-the-Loop for AI Agent Actions, Adversarial Input Detection, Model Hardening, Sanitize Training Data, and Generative AI Guardrails.","labels":["security","research"],"sourceUrl":"https://github.com/mitre-atlas/atlas-data/releases/tag/v5.2.0","publishedAt":"2026-01-30T21:19:30.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"info","attackType":["prompt_injection","model_poisoning","jailbreak","data_extraction","supply_chain"],"issueType":"research","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["OpenAI Assistants API"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-01-30T21:19:30.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":"industry","atlasIds":null}}