LIVE FEED
OpenAI Launches Patch the Planet Vulnerability Initiative

OpenAI Launches Patch the Planet Vulnerability Initiative

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 5.8 TechCrunch AI

OpenAI has partnered with Trail of Bits to launch 'Patch the Planet,' an initiative using AI-assisted tooling (including Codex Security) to help open-source maintainers find and patch vulnerabilities at scale. While the defensive intent is clear, the program introduces new attack surface considerations: AI-generated patches applied to widely-used open-source projects create a high-value supply chain target, and the triage/remediation pipeline itself could be manipulated to introduce subtle flaws. Defenders should monitor open-source dependencies that receive AI-assisted patches and assess the integrity guarantees of the remediation workflow.

Enterprise Security Platforms Ship Autonomous Threat Response

Enterprise Security Platforms Ship Autonomous Threat Response

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 The Hacker News

A new class of agentic AI security platforms is emerging that autonomously correlates threat intelligence, validates controls, and prioritizes remediations across siloed enterprise security tooling — moving beyond assistive chatbot interfaces to continuous, multi-step autonomous action. This shift introduces significant new attack surface: an AI system with persistent access to live exposure data, security telemetry, and remediation workflows becomes a high-value target for adversarial manipulation. Defenders must assess trust boundaries, prompt injection risks, and the consequences of autonomous action taken on poisoned or manipulated inputs before deploying these systems.

Delphi Ships AI Karamo Brown Clone for Kē Wellness App

Delphi Ships AI Karamo Brown Clone for Kē Wellness App

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 TechCrunch AI

Karamo Brown's Kē wellness app deploys an AI digital clone of the celebrity — voice, persona, and advisory content — built by Delphi from interviews, podcasts, and public clips, enabling real-time conversational coaching at scale. For defenders, celebrity-clone architectures introduce layered risks: the training corpus is largely public and manipulable, the voice synthesis surface is exploitable for deepfake derivation, and the mental-health context creates elevated harm potential if the persona is hijacked or jailbroken. Security teams evaluating similar deployments should treat the persona boundary as a primary control point, since users in vulnerable emotional states are disproportionately exposed to manipulation if guardrails fail.

AWS SageMaker Ships 100+ Inference Metrics to CloudWatch

AWS SageMaker Ships 100+ Inference Metrics to CloudWatch

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 AWS Machine Learning Blog

AWS has released a deep observability layer for SageMaker AI inference endpoints, emitting over 100 metrics covering GPU health, KV cache pressure, token-level latency, and traffic distribution into a native CloudWatch Insights dashboard with PromQL-compatible export. For defenders, this centralised telemetry surface introduces new reconnaissance and exfiltration vectors: an adversary with read access to CloudWatch or connected third-party tools (Grafana, Datadog) can infer model architecture, request patterns, and capacity limits without touching the model itself. The richness of these signals also raises insider-threat risk, as operational staff now have granular visibility into inference behaviour that can be leveraged to reverse-engineer model characteristics or plan targeted denial-of-service campaigns.

Orphaned AI Agents Bypass SailPoint Identity Controls

Orphaned AI Agents Bypass SailPoint Identity Controls

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 The Hacker News

Enterprises deploying internal AI agents face a growing identity accountability gap: when the employee who created an autonomous agent leaves, the agent's access tokens and credentials often remain active and unmonitored. Traditional access management tools fail to detect this risk because they treat AI agents as static software rather than identity-bearing entities capable of exfiltrating sensitive data. The problem compounds at scale as shadow AI deployments proliferate across organizations without centralised visibility or ownership tracking.

Anthropic's Mythos 5 and Fable 5 Hit by Export Block

Anthropic's Mythos 5 and Fable 5 Hit by Export Block

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 TechCrunch AI

The Trump administration's overnight export block of Anthropic's Mythos 5 and Fable 5 models — triggered by reported safety guardrail bypass vulnerabilities flagged by Amazon — has exposed the fragility of international AI supply chains built on U.S.-controlled infrastructure. For defenders, this event crystallises a critical dependency risk: organisations and governments that have embedded American AI models into critical systems now face the possibility of abrupt, unexplained access revocation with no remediation path. Security teams must now treat AI vendor access continuity as a threat vector equivalent to a third-party SaaS outage, and accelerate contingency planning around model substitution and sovereign alternatives.

Midjourney Medical Releases Full-Body AI Ultrasound Scanner

Midjourney Medical Releases Full-Body AI Ultrasound Scanner

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 5.8 The Verge AI

Midjourney Medical has announced a full-body ultrasound scanner that uses a ring of sensors and AI processing to generate MRI-comparable internal body imagery, representing a significant pivot from image generation into AI-assisted medical diagnostics hardware. The convergence of AI inference pipelines with sensitive biometric and anatomical data creates new attack surfaces around health data exfiltration, model output manipulation, and diagnostic integrity. Defenders in healthcare and enterprise wellness programmes should treat this class of device as a high-sensitivity AI-enabled medical endpoint requiring strict data governance and supply chain vetting.

Odyssey Launches Physical World Model Platform Backed by Amazon

Odyssey Launches Physical World Model Platform Backed by Amazon

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 TechCrunch AI

Odyssey has raised a $310M Series B to scale its world model platform, which ingests real-world physical environment data to generate interactive simulations, video, and training environments for robotics and gaming. The platform's reliance on large-scale physical data collection, multi-tenant simulation outputs, and deep AWS infrastructure integration introduces supply chain, data poisoning, and adversarial simulation risks defenders should assess. Organizations consuming Odyssey-generated synthetic environments for robotics training or game content pipelines are newly exposed to integrity attacks targeting the underlying world model.

OpenAI Launches ChatGPT for Science with Institutional Access

OpenAI Launches ChatGPT for Science with Institutional Access

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 5.8 BleepingComputer

OpenAI is internally testing a specialised 'ChatGPT for Science' subscription tier, likely restricted to verified universities and research institutions, building on capabilities from GPT-Rosalind — a purpose-built life sciences model already deployed under a trusted-access structure with select pharma partners. The gated, domain-specific nature of this offering creates novel identity and access verification attack surfaces, as threat actors will likely probe credential and institutional verification mechanisms to gain privileged access to specialised scientific knowledge. Defenders at academic and research institutions should anticipate increased phishing campaigns targeting institutional credentials and prepare governance frameworks for AI use in sensitive research environments.

Z.ai Releases GLM-5.2 Open-Weights 753B LLM

Z.ai Releases GLM-5.2 Open-Weights 753B LLM

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.2 Simon Willison

Z.ai has released GLM-5.2, a 753-billion-parameter mixture-of-experts model under an MIT license, ranking as the top open-weights model on the Artificial Analysis Intelligence Index and second on the Code Arena WebDev leaderboard. For defenders, the combination of frontier-level capability, unrestricted open-weights distribution, and a 1-million-token context window materially lowers the barrier for threat actors to self-host a highly capable model outside any provider's safety controls. The model's agentic coding performance and massive context window expand the viable attack surface for automated code generation, targeted phishing, and large-scale document analysis without API-level monitoring.

CrowdStrike Launches Continuous Identity for AI Agents

CrowdStrike Launches Continuous Identity for AI Agents

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.8 CrowdStrike Blog

CrowdStrike's Continuous Identity for AI Agents introduces persistent, trackable identity primitives for agentic workflows — but persistent identities are also persistent targets. Attackers who compromise an agent identity gain a durable, trusted foothold that can persist across sessions and tool invocations without the natural expiry of human session tokens. The feature's integration into the Falcon platform means agent identity tokens, if stolen or forged, may carry elevated detection-suppression trust within the same security toolchain defending the environment.

Anthropic Ships Claude Fable 5 with Exploit Generation

Anthropic Ships Claude Fable 5 with Exploit Generation

FIRST LOOK ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 8.7 Wired Security

Anthropic's Mythos 5 and Claude Fable 5 represent the arrival of frontier AI models with demonstrated, advanced vulnerability discovery and exploit-development capabilities — a capability class that will rapidly proliferate across multiple vendors and open-weight releases. The core attack surface is not model-specific: guardrail bypass of the consumer-facing Fable 5 exposes full Mythos-grade offensive capability to any actor who can defeat the content filters, while the broader proliferation trajectory means defenders must assume adversary access to equivalent capabilities within months. The regulatory response addresses a single vendor while doing nothing to raise the floor for the broader ecosystem of competitive and open-weight models following close behind.

Google Launches Android 17 with Gemini Omni Integration

Google Launches Android 17 with Gemini Omni Integration

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 TechCrunch AI

Android 17 embeds Gemini Omni and multiple AI models (Lyria 3, AudioLM) directly into OS-level functions including video editing, call handling, screen recording, and emergency detection, dramatically expanding the attack surface for AI-assisted exploitation on mobile endpoints. The deep integration of conversational AI with device sensors, media pipelines, and inter-app communication creates novel prompt injection and data exfiltration vectors that existing mobile threat defences were not designed to address. The simultaneous AirDrop interoperability expansion and cross-device Pixel Watch mirroring further widen the lateral movement surface across the Google hardware ecosystem.

Anthropic Mythos Model Theft: China-Linked Access

Anthropic Mythos Model Theft: China-Linked Access

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 8.5 The Verge AI

The White House reportedly believes a China-linked group accessed Anthropic's Mythos AI model, prompting export restrictions on the technology. If confirmed, the breach represents a significant national security threat, as adversaries could exploit the model directly or use knowledge distillation to replicate its capabilities. Separately, reports of jailbreak vulnerabilities in Mythos and Fable compound concerns about unauthorised access to frontier AI systems.

Qwen 3.5-397B Model Theft: Rio's LLM Exposed as Rebranded Clone

Qwen 3.5-397B Model Theft: Rio's LLM Exposed as Rebranded Clone

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.8 HN AI Security

Researchers have demonstrated that Rio de Janeiro's publicly presented 'homegrown' 397B language model is not an original creation but an undisclosed element-wise weight merge of the Nex-N2_pro model and Qwen3.5-397B-A17B. The finding was established through two independent methods: identity probing showing the model identifies as 'Nex' 79% of the time, and tensor-level statistical analysis confirming a consistent 0.6/0.4 blend across all 60 layers. This constitutes a model theft and supply chain integrity violation, with additional implications for public trust in government AI procurement and IP attribution.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.