LIVE FEED
Zhipu AI Releases GLM-5.2 Open-Weight Model

Zhipu AI Releases GLM-5.2 Open-Weight Model

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 The Verge AI

Zhipu AI (Z.ai) has released GLM-5.2, an open-weight model that researchers report matches Anthropic's Mythos in bug-finding and cybersecurity-related tasks, while remaining freely downloadable and runnable on commodity hardware. The open-weight distribution removes access controls and usage monitoring that restrict frontier closed models, enabling unconstrained offensive security use by any actor. Defenders face a materially elevated threat from nation-state and cybercriminal actors who can now fine-tune, deploy, and weaponise a frontier-class vulnerability-discovery model without API gatekeeping or usage telemetry.

Anthropic CEO: Open-Source AI Models Pose Systemic Safety Risk

Anthropic CEO: Open-Source AI Models Pose Systemic Safety Risk

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.2 Meta AI (via HN)

Anthropic CEO Dario Amodei testified to lawmakers that open-source AI models present a systemic safety risk because once released, developers lose the ability to monitor misuse, revoke access, or patch safety guardrails. For defenders, this formalises a long-standing asymmetry: closed-source safety controls (rate-limiting, usage monitoring, kill-switches) become irrelevant once capable weights are publicly distributed. Security teams building on or competing against open-weight models must now treat every downloaded model artifact as a potentially unpatched, unmonitored endpoint that can be fine-tuned to remove safety constraints entirely.

Sakana AI and 360 Launch Fugu and Tulongfeng Models

Sakana AI and 360 Launch Fugu and Tulongfeng Models

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.8 Cohere AI (via HN)

Sakana AI's Fugu and Chinese firm 360's Tulongfeng are frontier AI models positioned as functional alternatives to Anthropic's export-restricted Mythos and Fable 5, with Fugu explicitly designed for agentic orchestration across third-party model APIs. For defenders, the proliferation of cybersecurity-focused frontier models outside US regulatory reach removes a key friction point that previously slowed adversary access to high-capability AI offensive tooling. The agentic, multi-model orchestration design of Fugu in particular introduces compounded supply-chain and prompt-injection risk for any enterprise connecting these models to existing tool ecosystems.

AI Code Review Agents: DoS Loop Costs $41K in Inference

AI Code Review Agents: DoS Loop Costs $41K in Inference

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 Simon Willison

A hypothetical but technically grounded incident report depicts two competing AI code review agents entering an uncontrolled disagreement loop over a suspected malicious package, generating 340 comments and $41,255 in inference costs before human intervention. The scenario illustrates real risks of excessive agency, lack of circuit-breakers, and cost-based denial-of-service in multi-agent agentic pipelines. While fictional, the scenario directly mirrors documented failure modes in production AI systems and supply chain security workflows.

OpenAI Workspace Phishing via Fraudulent Tenant Registration

OpenAI Workspace Phishing via Fraudulent Tenant Registration

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 BleepingComputer

Threat actors are registering fraudulent OpenAI tenants impersonating legitimate companies and inviting employees to join them, in a campaign dubbed 'Poisoned Tenant' by Push Security. The attack exploits OpenAI's legitimate invitation infrastructure, making phishing emails appear authentic as they pass all email authentication checks. The goal appears to be tricking employees into submitting sensitive corporate information via ChatGPT chats and projects within the attacker-controlled workspace.

OpenAI Launches GPT-5.6 with Enhanced Agentic Capabilities

OpenAI Launches GPT-5.6 with Enhanced Agentic Capabilities

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 TechCrunch AI

OpenAI has released GPT-5.6 in a restricted preview to government-vetted partners, featuring three models (Sol, Terra, Luna) with significantly upgraded agentic capabilities in coding, biology, and cybersecurity, including a coordinated multi-subagent 'ultra' mode. The cybersecurity-specific enhancements and agentic orchestration introduce meaningful new attack surface: adversaries gaining access to Sol's coordinated subagent architecture could automate sophisticated multi-stage intrusions at scale previously requiring significant human expertise. The restricted rollout itself creates a novel supply chain and access-control risk, as the 'trusted partner' gating model concentrates high-capability model access among a small set of privileged accounts, making partner credential compromise a high-value target.

Anthropic Releases Claude Mythos 5 Under U.S. Export Controls

Anthropic Releases Claude Mythos 5 Under U.S. Export Controls

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.8 Anthropic (via HN)

The U.S. Commerce Department has lifted export controls on Anthropic's Claude Mythos 5, permitting access to over 100 vetted U.S. institutions and government agencies under a nascent federal AI licensing regime. For defenders, this tiered-release model introduces a new class of risk: the 'trusted partner' designation becomes a high-value target, as compromise of any listed entity grants implicit legitimacy to interact with a model previously deemed too dangerous for general release. Security teams at approved organizations should treat Mythos 5 access credentials and API endpoints as critical assets, and assume adversaries will probe the boundary between licensed and unlicensed access patterns.

Claude Opus 4.6 Resists 6,000 Prompt Injection Attempts

Claude Opus 4.6 Resists 6,000 Prompt Injection Attempts

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 Simon Willison

A public challenge exposing an AI email assistant to over 6,000 prompt injection attempts found that Claude Opus 4.6 successfully resisted all efforts to leak secrets or execute malicious instructions embedded in emails. While the result suggests frontier model training against injection attacks is meaningfully improving, security researchers caution that the absence of a successful attack under constrained conditions does not constitute a security guarantee. The author and Hacker News community both note that sophisticated or novel attack vectors could still break through, and irreversible-damage scenarios should not rely solely on model-level defences.

OpenAI Launches Jalapeño Custom Inference Chip

OpenAI Launches Jalapeño Custom Inference Chip

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 5.8 TechCrunch AI

OpenAI has unveiled 'Jalapeño', its first custom-built AI inference processor co-designed with Broadcom, optimised for running large language models at reduced cost and power consumption. The move deepens OpenAI's vertical integration across the full AI stack — from chip silicon through to end-user products — introducing new hardware supply chain dependencies and firmware-level attack surfaces that defenders must now account for. Security teams should treat purpose-built AI silicon as a new tier of the ML supply chain, with unique risks around hardware backdoors, firmware integrity, and reduced hardware diversity.

First Look: Agentic AI SOC Systems Ship Autonomous Decision-Making at Machine Speed

First Look: Agentic AI SOC Systems Ship Autonomous Decision-Making at Machine Speed

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.8 SecurityWeek

Agentic AI systems deployed in security operations and enterprise workflows are increasingly executing autonomous decisions at machine speed, using LLM-derived confidence regardless of context accuracy. The core security risk is that incomplete, poisoned, or manipulated context fed to these agents produces confidently wrong actions executed without human review. Defenders face a compounded threat: adversaries can now target the context layer—asset inventories, threat feeds, exposure data—to induce systematic misconfiguration or inaction at scale.

MoEngage Deploys Autonomous AI Agents via Aampe Acquisition

MoEngage Deploys Autonomous AI Agents via Aampe Acquisition

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.8 TechCrunch AI

MoEngage has acquired Aampe to deploy individualized AI agents for every customer, enabling autonomous decisions on messaging targeting, timing, and content at enterprise scale across 1,350+ brands globally. This architecture introduces a large, distributed fleet of autonomous agents operating on sensitive behavioral and PII data, dramatically expanding the blast radius of any single compromise. Security teams at enterprises adopting this platform must now reason about agent-level trust boundaries, data inference risks, and the amplification potential of adversarial manipulation across millions of simultaneous decision-making agents.

Dragos Launches EmberAI, an OT-Specific AI Platform

Dragos Launches EmberAI, an OT-Specific AI Platform

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 SecurityWeek

Dragos has launched EmberAI, an AI module embedded within its OT security platform that allows analysts to query threat intelligence, asset data, and network activity in plain language, grounded in a decade of proprietary OT-specific data. The system introduces new attack surface considerations because it aggregates highly sensitive OT network telemetry, vulnerability data, and adversary intelligence into a single AI-queryable layer — making the platform itself a high-value target. Defenders must weigh the risks of prompt injection, over-reliance on AI-generated recommendations in safety-critical environments, and the intelligence value this consolidated dataset represents to nation-state adversaries.

Cordyceps Campaign Poisons CI/CD Workflows in Open Source

Cordyceps Campaign Poisons CI/CD Workflows in Open Source

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 Dark Reading

A campaign dubbed 'Cordyceps' is exploiting weaknesses in CI/CD workflows to inject malicious pull requests into high-profile open-source projects, including Google's AI Agent Development Kit and Microsoft's Azure Sentinel. The attack surface spans multiple trusted ecosystems, meaning poisoned code could propagate into AI tooling, cloud infrastructure, and widely-used developer utilities before detection. The breadth of targets — including Python's Black formatter — signals a supply chain strategy designed to maximise downstream blast radius.

Anthropic's Mythos AI Breached Classified US Government Systems in Hours

Anthropic's Mythos AI Breached Classified US Government Systems in Hours

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.1 SecurityWeek

Anthropic's Mythos AI model identified vulnerabilities in classified US government computer systems within hours during a government-sanctioned testing exercise under Project Glasswing. A senior US official confirmed the findings to the Associated Press, corroborating statements made by Sen. Mark Warner that the model 'broke into almost all of our classified systems.' The incident marks a landmark demonstration of AI-enabled offensive cyber capability at the highest sensitivity levels of government infrastructure.

AI Agent Hijacking via Legacy Infrastructure Exploits

AI Agent Hijacking via Legacy Infrastructure Exploits

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 The Hacker News

Attackers are bypassing AI-layer defences entirely by exploiting unpatched legacy infrastructure — misconfigured Active Directory, stale credentials, and over-privileged IAM roles — to hijack the resources AI agents depend on. Research cited in the article shows 70% of organisations grant AI systems more access than a human in the same role, driving a 76% incident rate among over-privileged deployments. The article argues that securing AI agents requires closing the underlying infrastructure exposure gap, not just hardening the model layer.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.