LIVE FEED
Cisco, Check Point M&A Targets AI Agent Identity Gaps

Cisco, Check Point M&A Targets AI Agent Identity Gaps

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 SecurityWeek

May 2026 saw a wave of cybersecurity acquisitions with a clear focus on securing AI agents and LLM infrastructure, including Cisco's ~$400M acquisition of Astrix Security for non-human identity management and Check Point's acquisition of Deepchecks for LLM evaluation and continuous monitoring. Akamai also moved to acquire LayerX for AI usage control and agentic activity visibility across browsers and IDEs. These deals signal that enterprise security vendors are racing to build defensive capabilities around the expanding agentic AI attack surface.

Deepfakes and Prompt Injection Top AI Security Threats

Deepfakes and Prompt Injection Top AI Security Threats

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 Dark Reading

Gartner analysts have identified deepfakes and prompt injection as two of four critical emerging threats where attackers currently hold a structural advantage over defenders. The advisory signals growing institutional recognition that AI-native attack vectors are maturing faster than enterprise defenses. Organizations are urged to treat these threats as priority items requiring immediate defensive investment.

ChatGPT Prompt Injection Enables Data Exfiltration

ChatGPT Prompt Injection Enables Data Exfiltration

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 7.2 Simon Willison

OpenAI has rolled out 'Lockdown Mode' for ChatGPT personal and self-serve business accounts, a deterministic control designed to block the data exfiltration leg of prompt injection attacks. The feature directly addresses the 'Lethal Trifecta' — the combination of private data access, untrusted content exposure, and an outbound exfiltration channel — by restricting outbound network requests at the infrastructure level rather than relying on AI-evaluated guardrails. Critically, OpenAI's own documentation acknowledges the feature's existence implies that default ChatGPT settings do not robustly prevent determined data exfiltration attacks.

Claude Mythos Unauthorized Access Exposes AI Security

Claude Mythos Unauthorized Access Exposes AI Security

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 The Hacker News

A reported unauthorized access to Anthropic's Claude Mythos model within hours of its limited technical preview highlights acute security risks as agentic AI is deployed across classified defense and intelligence networks. The incident underscores vulnerabilities specific to AI infrastructure in high-security environments, including training data poisoning, access control failures, and cross-domain classification boundary erosion. Secure IT infrastructure, governed access, and cross-domain data controls are identified as prerequisites for safe AI deployment at mission scale.

Microsoft Scout Agent Vulnerable to Prompt Injection

Microsoft Scout Agent Vulnerable to Prompt Injection

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 HN AI Security

Microsoft has launched Scout, an always-on autonomous AI agent built on the OpenClaw framework that operates across Microsoft 365 apps including Teams, Outlook, OneDrive, and SharePoint with its own Entra identity. The agent's persistent, unsupervised access to email, calendar, chat, and external systems via MCP creates a broad new attack surface for prompt injection, privilege abuse, and data exfiltration. As an experimental release with limited deployment controls, security teams should treat Scout as a high-risk agentic surface requiring careful governance before broad adoption.

Excessive Agency in AI Agents Enables Enterprise Breaches

Excessive Agency in AI Agents Enables Enterprise Breaches

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 Dark Reading

Enterprises deploying AI agents with elevated permissions and minimal oversight face compounding security risks as agentic systems gain the ability to take real-world actions with limited human intervention. The attack surface expands dramatically when agents can access APIs, execute code, and chain decisions autonomously, making containment of a compromise significantly harder. Security teams must implement least-privilege principles and robust monitoring before agentic deployments scale beyond their ability to govern.

Adversa AI: 89% of AI Agents Fail Security Tests

Adversa AI: 89% of AI Agents Fail Security Tests

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 SecurityWeek

Adversa AI's AI Risk Quadrant report evaluated 100 AI agents across ten categories, finding that only 11 qualify as both capable and well-defended. The research identifies a structural 'power-protection inversion' where the most capable agents also present the widest attack surface, driven by a 'lethal trifecta' of private data access, exposure to untrusted content, and outbound action capability. Computer and coding agents showed the most severe exposure, raising urgent concerns about autonomous agent deployment in enterprise environments.

Shadow-AI Apps Expose Corporate Data via Misconfiguration

Shadow-AI Apps Expose Corporate Data via Misconfiguration

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 The Hacker News

A Red Access investigation found over 2,000 corporate applications built on AI-assisted 'vibe-coding' platforms publicly accessible on the open internet, many containing sensitive business data with no access controls. These shadow-built apps connect directly to production systems — CRMs, ERPs, BI tools — creating a new class of unaudited attack surface invisible to conventional security stacks. Traditional controls such as CASB, DLP, and EDR are structurally blind to this threat because the risk originates at the application layer, not the identity or network layer.

Claude Sandbox Escape Enables Credential Exfiltration

Claude Sandbox Escape Enables Credential Exfiltration

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 7.2 Simon Willison

Anthropic has published detailed documentation of its sandboxing architecture across Claude.ai, Claude Code, and Claude Cowork, including disclosure of a previously identified credential exfiltration vector via the api.anthropic.com/v1/files endpoint. The writeup covers process-level isolation technologies including gVisor, Seatbelt, Bubblewrap, and full VM approaches, and candidly acknowledges security gaps that were missed. This transparency is notable for the agentic AI space, where sandbox documentation is typically sparse and trust is difficult to calibrate.

ChatGPT Sharing Links Abused for Malware Delivery

ChatGPT Sharing Links Abused for Malware Delivery

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 BleepingComputer

Threat actors are exploiting ChatGPT's legitimate content-sharing infrastructure to host convincing fake outage pages that trick users into downloading malware disguised as a ChatGPT desktop application. The 'LLMShare' campaign abuses chatgpt.com/s/ shared links to render attacker-crafted HTML within a trusted OpenAI domain, bypassing traditional phishing detection that relies on suspicious URL analysis. The attack chain combines Google ad abuse, domain cloaking, and AI platform misuse to deliver what are likely infostealer payloads.

Robinhood Prompt Injection Enables Autonomous Trade Attacks

Robinhood Prompt Injection Enables Autonomous Trade Attacks

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 HN AI Security

Robinhood has launched agentic trading and a virtual credit card that allow third-party AI agents to autonomously execute stock trades and payments on behalf of users via a Model Context Protocol (MCP) integration. This architecture introduces significant attack surface through prompt injection, excessive agency, and insecure plugin design risks inherent to LLM-driven autonomous financial action. The delegation of real financial authority to AI agents with limited human-in-the-loop controls represents a systemic risk to retail investors if agent pipelines are compromised or manipulated.

mouse5212-super-formatter npm Malware Steals Claude Files

mouse5212-super-formatter npm Malware Steals Claude Files

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 The Hacker News

A malicious npm package named 'mouse5212-super-formatter' was discovered exfiltrating files from Anthropic's Claude AI user directory by authenticating to a threat actor-controlled GitHub repository. The package disguised itself as a legitimate archive utility while silently uploading all local workspace files during the postinstall phase. Notably, the attacker's poor operational security — including a leaked GitHub token — suggests AI-generated malware with minimal human oversight, pointing to a growing trend of low-skill threat actors leveraging AI to produce supply chain malware.

GreyVibe Deploys ChatGPT and Gemini in LLM Attack Chain

GreyVibe Deploys ChatGPT and Gemini in LLM Attack Chain

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 SecurityWeek

WithSecure has documented GreyVibe, a Russia-nexus threat actor systematically deploying ChatGPT, Google Gemini, and Ideogram AI across every phase of its attack chain — from phishing lure creation to custom malware development — against Ukrainian targets since August 2025. The group's LLM-assisted malware, LegionRelay, contained design flaws introduced during AI-generated development, which paradoxically allowed researchers to track the group over an extended period. The case illustrates both the operational leverage AI provides to moderately skilled threat actors and the novel forensic signatures that AI-assisted development can inadvertently introduce.

GreyVibe Uses ChatGPT and Gemini for Ukraine Cyberespionage

GreyVibe Uses ChatGPT and Gemini for Ukraine Cyberespionage

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 BleepingComputer

A likely Russian threat group dubbed GreyVibe has been actively using commercial LLMs — including ChatGPT and Google Gemini — to generate high-quality phishing lures, malware tooling, and social-engineering content targeting Ukrainian military, government, and civilian organisations. WithSecure researchers identified LLM artefact markers embedded in campaign imagery, confirming AI-assisted content generation at scale. The case represents a concrete, documented example of adversarial LLM weaponisation in an active nation-state-adjacent cyberespionage campaign.

SQLite Blocks AI-Generated Code Contributions

SQLite Blocks AI-Generated Code Contributions

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 Simon Willison

SQLite has formally prohibited agentic code contributions and strengthened its policy language, reflecting growing concern over AI-generated submissions overwhelming open source maintainers. The project was forced to create a separate bug forum after being flooded with AI-generated reports of inconsistent quality. This represents an emerging operational security challenge for critical infrastructure software projects targeted by autonomous AI coding agents.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.