Microsoft launches lightweight scanner to detect backdoors in open-weight LLMs
Security Tool/Service
Summary
Hide ▲
Show ▼
Microsoft introduced a lightweight scanner that can detect backdoors in open-weight large language models and improve trust in AI deployments. The tool is designed to flag trigger-based poisoning with three observable signals and a low false positive rate. It matters because the scanner can be applied across common GPT-style models without additional training or prior knowledge of the hidden behavior.
Related Happenings
Lnk-it-up open-source suite for generating and detecting malicious Windows LNK shortcuts
Security Tool/Service
First: 12.02.2026 23:01
Last: 12.02.2026 23:01
Sources 1
About this happening:
**lnk-it-up** is a newly released open-source suite for **Windows LNK shortcuts** that helps testers generate deceptive files and helps defenders spot shortcuts where **Explorer**...
Lnk-it-up open-source suite for generating and detecting malicious Windows LNK shortcuts
Security Tool/ServiceAbout this happening: **lnk-it-up** is a newly released open-source suite for **Windows LNK shortcuts** that helps testers generate deceptive files and helps defenders spot shortcuts where **Explorer**...
DEAD#VAX campaign using IPFS-hosted VHD phishing to deploy AsyncRAT
Campaign
First: 04.02.2026 19:24
Last: 04.02.2026 19:24
Sources 1
About this happening:
The **DEAD#VAX** campaign is using **phishing-delivered IPFS-hosted VHD files** to deploy **AsyncRAT**, creating a stealthier path to **fileless endpoint compromise**. The chain r...
DEAD#VAX campaign using IPFS-hosted VHD phishing to deploy AsyncRAT
CampaignAbout this happening: The **DEAD#VAX** campaign is using **phishing-delivered IPFS-hosted VHD files** to deploy **AsyncRAT**, creating a stealthier path to **fileless endpoint compromise**. The chain r...
Shadow-Void-044 and Shadow-Earth-045 PeckBirdy cyber-espionage campaigns
Campaign
First: 28.01.2026 18:19
Last: 28.01.2026 18:19
Sources 1
About this happening:
Two **China-aligned** **PeckBirdy** espionage campaigns were identified, widening risk to **Chinese gambling websites**, **Asian government entities**, and a **Philippine educatio...
Shadow-Void-044 and Shadow-Earth-045 PeckBirdy cyber-espionage campaigns
CampaignAbout this happening: Two **China-aligned** **PeckBirdy** espionage campaigns were identified, widening risk to **Chinese gambling websites**, **Asian government entities**, and a **Philippine educatio...
Microsoft Office actively exploited security feature bypass (CVE-2026-21509)
Vulnerability
First: 27.01.2026 09:19
Last: 27.01.2026 09:19
Sources 1
About this happening:
**CVE-2026-21509** is a **7.8 CVSS** Microsoft Office **security feature bypass** that was **actively exploited** to bypass **OLE mitigations** and deliver malicious Office files....
Microsoft Office actively exploited security feature bypass (CVE-2026-21509)
VulnerabilityAbout this happening: **CVE-2026-21509** is a **7.8 CVSS** Microsoft Office **security feature bypass** that was **actively exploited** to bypass **OLE mitigations** and deliver malicious Office files....
ClickFix fake CAPTCHA campaign delivering Amatera
Campaign
First: 26.01.2026 23:42
Last: 26.01.2026 23:42
Sources 1
About this happening:
A **ClickFix** campaign now uses a **fake CAPTCHA** and a signed **Microsoft App-V** script to deliver **Amatera** to **Windows** victims, raising the risk of credential theft and...
ClickFix fake CAPTCHA campaign delivering Amatera
CampaignAbout this happening: A **ClickFix** campaign now uses a **fake CAPTCHA** and a signed **Microsoft App-V** script to deliver **Amatera** to **Windows** victims, raising the risk of credential theft and...
Timeline
-
04.02.2026 19:52 2 articles · 3mo ago
Microsoft releases lightweight scanner for open-weight LLM backdoors
Initial DisclosureMicrosoft's AI Security team introduced a lightweight scanner for open-weight large language models that looks for trigger-dependent attention and output signatures, as well as leaked memorized poisoning data, to flag embedded backdoors with a low false positive rate. The scanner requires no additional training or prior knowledge of the hidden behavior and can return ranked trigger candidates for common GPT-style models.
Show sources
- Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models — thehackernews.com — 04.02.2026 19:52
- Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models — thehackernews.com — 04.02.2026 19:52