LIVE FEED
AI Supply Chain Compromise: Models Lack Bill of Materials

AI Supply Chain Compromise: Models Lack Bill of Materials

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 Dark Reading

As AI systems proliferate across enterprise environments, the lack of standardised AI Bills of Materials (AI BOMs) leaves organisations blind to the components, training data, and dependencies embedded in deployed models. The article examines whether 2026 marks a turning point for AI BOM adoption as a risk management practice. Without visibility into AI supply chains, organisations remain exposed to hidden vulnerabilities including poisoned models, compromised dependencies, and undisclosed third-party components.

CVE-2026-5194: Anthropic Claude Discovers 10,000+ Flaws

CVE-2026-5194: Anthropic Claude Discovers 10,000+ Flaws

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 The Hacker News

Anthropic's Project Glasswing has deployed Claude Mythos Preview — a frontier AI model — to autonomously discover over 10,000 high- and critical-severity vulnerabilities across widely used open-source software, with 1,094 confirmed as valid high/critical flaws. The initiative highlights a growing asymmetry: AI is accelerating vulnerability discovery far faster than the security community can remediate, compressing patch windows and raising the stakes for defenders. Anthropic is now urging shorter patch cycles and hardened defaults, warning that comparable offensive capabilities could soon be broadly accessible to threat actors.

SentinelOne Warns on Prompt Injection Risks in AI Agents

SentinelOne Warns on Prompt Injection Risks in AI Agents

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 SentinelOne Blog

SentinelOne has published guidance on securing agentic AI systems, framing unverified trust in AI agents as a core enterprise risk. The piece promotes their Prompt Security product as a control layer for AI tools, agents, and pipelines deployed across the enterprise. While primarily a product-focused announcement, it highlights the genuine security challenge of blind trust in autonomous AI agents executing actions on behalf of users and systems.

Gemini Spark Prompt Injection Exposes Enterprise Gmail Data

Gemini Spark Prompt Injection Exposes Enterprise Gmail Data

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 Simon Willison

Google's newly announced Gemini Spark personal AI agent, integrated with Gmail, Drive, Calendar, and other sensitive Google services, presents a significant prompt injection attack surface as it processes user data at scale. The article highlights that Google's published security mitigations — ephemeral VMs, Agent Gateway, and DLP policies — address infrastructure isolation but do not directly address the prompt injection vector inherent to LLM-powered agents processing untrusted content. Additionally, the transition from open-source Gemini CLI to a closed-source Antigravity CLI raises supply chain transparency concerns.

AI Agent Identity Sprawl Bypasses Enterprise IAM Systems

AI Agent Identity Sprawl Bypasses Enterprise IAM Systems

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 Dark Reading

As AI agents proliferate across enterprise environments, their associated non-human identities are introducing governance and security gaps that traditional IAM frameworks were not designed to handle. New Omdia research highlights that AI agent identity management demands distinct budget allocations and security controls separate from conventional IAM programs. The failure to properly secure and govern these machine identities exposes organisations to credential abuse, privilege escalation, and lateral movement risks.

LLM Safety Benchmarks Fail to Reliably Measure Security

LLM Safety Benchmarks Fail to Reliably Measure Security

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 Schneier on Security

A report highlighted by Bruce Schneier argues that AI security cannot be reliably measured through benchmarks alone, drawing parallels to the decades-long evolution of software security engineering. The core finding is that LLM weight spaces encode continuous spectrums that resist meaningful quantitative measurement, making trust in model outputs structurally difficult to establish. The practical implication is that organisations must rely on assurance processes rather than scorecards to manage AI security risk.

Mythos AI Exploits macOS Kernel Memory Corruption

Mythos AI Exploits macOS Kernel Memory Corruption

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 Schneier on Security

A threat group leveraged Anthropic's Mythos AI model to identify and exploit a kernel memory corruption vulnerability in Apple's M5 chip running macOS. This represents a concrete, reported instance of AI-assisted vulnerability research being used offensively to discover low-level hardware-adjacent exploits. The incident underscores the dual-use danger of increasingly capable AI coding and reasoning models in the hands of adversarial actors.

Microsoft RAMPART Tests AI Agents for Prompt Injection

Microsoft RAMPART Tests AI Agents for Prompt Injection

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 7.2 The Hacker News

Microsoft has released two open-source tools, RAMPART and Clarity, aimed at embedding security testing into AI agent development workflows. RAMPART extends the existing PyRIT framework with a Pytest-native harness for running adversarial and safety tests against AI agents, explicitly covering cross-prompt injection, data exfiltration, and behavioural regression scenarios. Clarity operates as a pre-code design analysis tool, helping teams surface and challenge unsafe assumptions before an agentic system is built.

AI Agents Weaponise Vulnerability Discovery as AI-Generated Code Expands Attack Surface

AI Agents Weaponise Vulnerability Discovery as AI-Generated Code Expands Attack Surface

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 Dark Reading

AI agents are now capable of autonomously discovering and exploiting obscure software vulnerabilities, raising the stakes for defenders already struggling with the volume of potentially insecure AI-generated code flooding codebases. The convergence of agentic exploitation capabilities and mass AI-assisted development creates a compounding risk: more vulnerabilities introduced at scale, and more capable automated systems to find and abuse them. Security teams must adapt their tooling, processes, and threat models to account for both sides of this AI-driven equation.

node-ipc Supply Chain Backdoor Steals Cloud and AI Credentials

node-ipc Supply Chain Backdoor Steals Cloud and AI Credentials

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 7.2 The Hacker News

Three versions of the widely-used node-ipc npm package were found to contain obfuscated stealer/backdoor payloads published by an unauthorised maintainer account. The malware harvests 90 categories of developer secrets — including Claude AI and Kiro IDE configurations, AWS, Azure, and GCP credentials — and exfiltrates them via HTTPS and DNS tunnelling to an attacker-controlled domain. The compromise is notable for bypassing npm lifecycle hooks entirely and, in one version, targeting a specific developer via pre-computed SHA-256 fingerprinting.

Rust Compiler Tightens LLM Code Policy for Supply Chain

Rust Compiler Tightens LLM Code Policy for Supply Chain

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 HN AI Security

The Rust compiler project (rust-lang/rust) is formalising a policy governing LLM use in contributions, signalling growing institutional recognition of AI-generated code risks in critical infrastructure. The policy, proposed via pull request on rust-forge, is scoped to the core compiler repository and will be linked from contribution guidelines. This represents a significant governance precedent for open-source security-critical projects managing supply chain integrity amid widespread LLM-assisted development.

TanStack Supply Chain Attack Exposes OpenAI Keys

TanStack Supply Chain Attack Exposes OpenAI Keys

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 The Hacker News

A supply chain attack targeting TanStack via the Mini Shai-Hulud malware compromised two OpenAI employee devices, exposing internal source code repositories and code-signing certificates for macOS, iOS, and Windows apps. While no user data or production systems were breached, OpenAI was forced to revoke and reissue signing certificates, requiring macOS users to update ChatGPT Desktop, Codex, and Atlas apps before June 12, 2026. The incident marks OpenAI's second certificate rotation in two months and is part of a broader campaign by threat actor TeamPCP targeting major AI and open-source ecosystems.

TeamPCP Steals Mistral AI Source Code via Supply Chain

TeamPCP Steals Mistral AI Source Code via Supply Chain

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 BleepingComputer

The TeamPCP threat group has compromised Mistral AI's codebase management system via the Shai-Hulud software supply chain attack, stealing approximately 5GB of internal repositories covering training, fine-tuning, benchmarking, and inference pipelines. The hackers are demanding $25,000 for nearly 450 repositories or threatening to leak them publicly within a week. Mistral AI confirmed the breach but stated that core repositories, hosted services, managed user data, and research environments were not affected.

Sweet Security Launches Sweet Attack Agentic AI Red Teaming

Sweet Security Launches Sweet Attack Agentic AI Red Teaming

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 7.2 SecurityWeek

Sweet Security has launched 'Sweet Attack', a continuous agentic AI red teaming platform designed to counter the growing asymmetry between AI-assisted attackers and human defenders — a tipping point the industry has termed the 'Mythos Moment'. The platform differentiates itself by grounding frontier model reasoning in live runtime telemetry from each customer's own environment, including topology, identity paths, and unencrypted Layer 7 exposure, to identify genuinely exploitable attack chains rather than theoretical ones. The development signals a broader industry shift toward autonomous, environment-aware AI agents as a necessary component of modern security operations.

AI Agents Generate Custom Malware in Mexico, Brazil

AI Agents Generate Custom Malware in Mexico, Brazil

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 Dark Reading

Two threat campaigns targeting organisations in Mexico and Brazil have leveraged AI agents to dynamically generate customised hacking tools, marking a notable escalation in automated, AI-assisted cyberattacks. The use of AI agents for on-the-fly tool generation lowers the technical barrier for attackers and accelerates the attack cycle. This represents a concrete, in-the-wild demonstration of agentic AI being exploited as an offensive capability.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.