Second-order prompt injection exploits ServiceNow agent discovery, enabling unauthorized actions unless configurations and monitoring are tightened.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

Security researchers discovered that ServiceNow's Now Assist AI platform is vulnerable to second-order prompt injection attacks through its agent-to-agent discovery feature. Attackers can exploit default configurations to make benign AI agents recruit more privileged agents, enabling unauthorized data exfiltration, record modification, and privilege escalation. The vulnerability stems from intended behavior rather than a bug, with agents automatically grouped into teams and marked as discoverable by default. Organizations can mitigate risks by configuring supervised execution mode, disabling autonomous overrides, segmenting agent duties, and monitoring for suspicious behavior.

ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts