LIVE THREAT FEED

AI Security News. Framework Analysis.
Structural Insight.

Every article scored, classified, and mapped to MITRE ATLAS and OWASP LLM Top 10 — so you always know what matters and why.

9 feed sources

6.0+ relevance score

daily update cadence

2 frameworks mapped

127 articles published

May 25, 2026

AI Bills of Materials Emerge as Critical Tool for ML Supply Chain Risk

ATLAS OWASP MEDIUM ▲ 6.2 Dark Reading May 25, 2026

As AI systems proliferate across enterprise environments, the lack of standardised AI Bills of Materials (AI BOMs) leaves organisations blind to the components, training data, and dependencies embedded in deployed models. The article examines whether 2026 marks a turning point for AI BOM adoption as a risk management practice. Without visibility into AI supply chains, organisations remain exposed to hidden vulnerabilities including poisoned models, compromised dependencies, and undisclosed third-party components.

AML.T0010 - ML Supply Chain Compromise AML.T0020 - Poison Training Data AML.T0031 - Erode ML Model Integrity AML.T0047 - ML-Enabled Product or Service

Anthropic's Claude Mythos Autonomously Uncovers 10,000 Critical Software Flaws

ATLAS OWASP HIGH ▲ 8.5 The Hacker News May 25, 2026

Anthropic's Project Glasswing has deployed Claude Mythos Preview — a frontier AI model — to autonomously discover over 10,000 high- and critical-severity vulnerabilities across widely used open-source software, with 1,094 confirmed as valid high/critical flaws. The initiative highlights a growing asymmetry: AI is accelerating vulnerability discovery far faster than the security community can remediate, compressing patch windows and raising the stakes for defenders. Anthropic is now urging shorter patch cycles and hardened defaults, warning that comparable offensive capabilities could soon be broadly accessible to threat actors.

AML.T0047 - ML-Enabled Product or Service AML.T0040 - ML Model Inference API Access AML.T0043 - Craft Adversarial Data

SentinelOne Prompt Security Targets Agentic AI Trust Verification Gap

ATLAS OWASP MEDIUM ▲ 6.5 SentinelOne Blog May 25, 2026

SentinelOne has published guidance on securing agentic AI systems, framing unverified trust in AI agents as a core enterprise risk. The piece promotes their Prompt Security product as a control layer for AI tools, agents, and pipelines deployed across the enterprise. While primarily a product-focused announcement, it highlights the genuine security challenge of blind trust in autonomous AI agents executing actions on behalf of users and systems.

AML.T0051 - LLM Prompt Injection AML.T0057 - LLM Data Leakage AML.T0047 - ML-Enabled Product or Service AML.T0056 - LLM Meta Prompt Extraction

LLM Coding Agents Collapse Under Structural Constraints, Study Finds

ATLAS OWASP HIGH ▲ 7.2 HN AI Security May 25, 2026

A systematic study of LLM agents performing backend code generation reveals a 'constraint decay' phenomenon where agents lose up to 30 assertion pass-rate points as structural requirements accumulate, approaching complete failure in some configurations. This fragility has direct security implications: production deployments relying on LLM-generated code may silently violate architectural constraints such as ORM patterns, database access controls, and API contracts. The findings expose a critical gap between functional correctness and structural safety in agentic coding systems.

AML.T0047 - ML-Enabled Product or Service AML.T0031 - Erode ML Model Integrity AML.T0051 - LLM Prompt Injection

May 22, 2026

Google's Gemini Spark Agent Raises Prompt Injection Risks at Enterprise Scale

ATLAS OWASP MEDIUM ▲ 6.5 Simon Willison May 22, 2026

Google's newly announced Gemini Spark personal AI agent, integrated with Gmail, Drive, Calendar, and other sensitive Google services, presents a significant prompt injection attack surface as it processes user data at scale. The article highlights that Google's published security mitigations — ephemeral VMs, Agent Gateway, and DLP policies — address infrastructure isolation but do not directly address the prompt injection vector inherent to LLM-powered agents processing untrusted content. Additionally, the transition from open-source Gemini CLI to a closed-source Antigravity CLI raises supply chain transparency concerns.

AML.T0051 - LLM Prompt Injection AML.T0057 - LLM Data Leakage AML.T0047 - ML-Enabled Product or Service AML.T0010 - ML Supply Chain Compromise

AI Agent Identity Sprawl Creates New Attack Surface in Enterprise IAM

ATLAS OWASP MEDIUM ▲ 6.2 Dark Reading May 22, 2026

As AI agents proliferate across enterprise environments, their associated non-human identities are introducing governance and security gaps that traditional IAM frameworks were not designed to handle. New Omdia research highlights that AI agent identity management demands distinct budget allocations and security controls separate from conventional IAM programs. The failure to properly secure and govern these machine identities exposes organisations to credential abuse, privilege escalation, and lateral movement risks.

AML.T0012 - Valid Accounts AML.T0040 - ML Model Inference API Access AML.T0047 - ML-Enabled Product or Service

AI Security Lacks Reliable Measurement: Why Benchmarks Alone Are Insufficient

ATLAS OWASP MEDIUM ▲ 6.2 Schneier on Security May 22, 2026

A report highlighted by Bruce Schneier argues that AI security cannot be reliably measured through benchmarks alone, drawing parallels to the decades-long evolution of software security engineering. The core finding is that LLM weight spaces encode continuous spectrums that resist meaningful quantitative measurement, making trust in model outputs structurally difficult to establish. The practical implication is that organisations must rely on assurance processes rather than scorecards to manage AI security risk.

AML.T0031 - Erode ML Model Integrity AML.T0047 - ML-Enabled Product or Service AML.T0044 - Full ML Model Access

Anthropic's Mythos AI Model Used to Find Exploitable macOS Kernel Vulnerability

ATLAS OWASP HIGH ▲ 7.5 Schneier on Security May 22, 2026

A threat group leveraged Anthropic's Mythos AI model to identify and exploit a kernel memory corruption vulnerability in Apple's M5 chip running macOS. This represents a concrete, reported instance of AI-assisted vulnerability research being used offensively to discover low-level hardware-adjacent exploits. The incident underscores the dual-use danger of increasingly capable AI coding and reasoning models in the hands of adversarial actors.

AML.T0047 - ML-Enabled Product or Service AML.T0043 - Craft Adversarial Data AML.T0040 - ML Model Inference API Access

Microsoft Open-Sources RAMPART and Clarity to Harden AI Agent Security

ATLAS OWASP MEDIUM ▲ 7.2 The Hacker News May 22, 2026

Microsoft has released two open-source tools, RAMPART and Clarity, aimed at embedding security testing into AI agent development workflows. RAMPART extends the existing PyRIT framework with a Pytest-native harness for running adversarial and safety tests against AI agents, explicitly covering cross-prompt injection, data exfiltration, and behavioural regression scenarios. Clarity operates as a pre-code design analysis tool, helping teams surface and challenge unsafe assumptions before an agentic system is built.

AML.T0051 - LLM Prompt Injection AML.T0057 - LLM Data Leakage AML.T0047 - ML-Enabled Product or Service AML.T0043 - Craft Adversarial Data

May 17, 2026

LLM Activation Steering Goes Local: Security Implications of Direct Model Manipulation

ATLAS OWASP MEDIUM ▲ 6.2 HN AI Security May 17, 2026

Activation steering — the technique of directly manipulating LLM internal representations mid-inference to alter model behaviour — is becoming more accessible to non-lab engineers via local models like DeepSeek-V4-Flash. This democratisation lowers the barrier for adversaries to craft targeted behavioural overrides that bypass prompt-level safety controls. The emergence of first-class steering support in tools like DwarfStar 4 signals that model-internal manipulation is transitioning from academic curiosity to practical attack surface.

AML.T0044 - Full ML Model Access AML.T0054 - LLM Jailbreak AML.T0031 - Erode ML Model Integrity AML.T0015 - Evade ML Model

AI Agents Weaponise Vulnerability Discovery as AI-Generated Code Expands Attack Surface

ATLAS OWASP HIGH ▲ 7.5 Dark Reading May 17, 2026

AI agents are now capable of autonomously discovering and exploiting obscure software vulnerabilities, raising the stakes for defenders already struggling with the volume of potentially insecure AI-generated code flooding codebases. The convergence of agentic exploitation capabilities and mass AI-assisted development creates a compounding risk: more vulnerabilities introduced at scale, and more capable automated systems to find and abuse them. Security teams must adapt their tooling, processes, and threat models to account for both sides of this AI-driven equation.

AML.T0047 - ML-Enabled Product or Service AML.T0043 - Craft Adversarial Data AML.T0010 - ML Supply Chain Compromise AML.T0051 - LLM Prompt Injection

May 15, 2026

Four OpenClaw Flaws Chain Together for Full AI Agent Compromise

ATLAS OWASP CRITICAL ▲ 8.9 The Hacker News May 15, 2026

Researchers at Cyera disclosed four vulnerabilities in OpenClaw, an AI agent runtime platform, that can be chained to achieve credential theft, privilege escalation, and persistent backdoor access. The attack chain, dubbed 'Claw Chain', exploits sandbox escapes, allowlist bypasses, and a spoofable ownership flag in the MCP loopback runtime to weaponise the agent's own privileges against the host environment. All four CVEs have been patched in OpenClaw version 2026.4.22 and users should update immediately.

AML.T0051 - LLM Prompt Injection AML.T0057 - LLM Data Leakage AML.T0018 - Backdoor ML Model AML.T0047 - ML-Enabled Product or Service AML.T0012 - Valid Accounts

Malicious node-ipc Versions Target Cloud, AI Tool Credentials via Supply Chain Backdoor

ATLAS OWASP CRITICAL ▲ 7.2 The Hacker News May 15, 2026

Three versions of the widely-used node-ipc npm package were found to contain obfuscated stealer/backdoor payloads published by an unauthorised maintainer account. The malware harvests 90 categories of developer secrets — including Claude AI and Kiro IDE configurations, AWS, Azure, and GCP credentials — and exfiltrates them via HTTPS and DNS tunnelling to an attacker-controlled domain. The compromise is notable for bypassing npm lifecycle hooks entirely and, in one version, targeting a specific developer via pre-computed SHA-256 fingerprinting.

AML.T0010 - ML Supply Chain Compromise AML.T0012 - Valid Accounts AML.T0057 - LLM Data Leakage

Microsoft Outlines Defense-in-Depth Framework for Autonomous AI Agents

ATLAS OWASP MEDIUM ▲ 7.2 Microsoft Security Blog May 15, 2026

Microsoft's Security Blog introduces a layered defense-in-depth model specifically designed for autonomous AI agents, which now invoke tools, modify data, and trigger workflows with minimal human oversight. The framework identifies novel threat classes — including agent hijacking, intent breaking, and supply chain compromise — that are amplified by agentic autonomy. The guidance positions application-layer architecture, permissions, and governance as the most critical controls as agent autonomy scales.

AML.T0051 - LLM Prompt Injection AML.T0057 - LLM Data Leakage AML.T0010 - ML Supply Chain Compromise AML.T0047 - ML-Enabled Product or Service AML.T0054 - LLM Jailbreak

Rust Compiler Project Drafts Formal LLM Contribution Policy

ATLAS OWASP MEDIUM ▲ 6.2 HN AI Security May 15, 2026

The Rust compiler project (rust-lang/rust) is formalising a policy governing LLM use in contributions, signalling growing institutional recognition of AI-generated code risks in critical infrastructure. The policy, proposed via pull request on rust-forge, is scoped to the core compiler repository and will be linked from contribution guidelines. This represents a significant governance precedent for open-source security-critical projects managing supply chain integrity amid widespread LLM-assisted development.

AML.T0010 - ML Supply Chain Compromise AML.T0020 - Poison Training Data AML.T0031 - Erode ML Model Integrity

Framework Coverage

ATLAS

MITRE ATLAS 58 mapped techniques

OWASP

OWASP LLM Top 10 41 mapped techniques

AI Security News. Framework Analysis.Structural Insight.