LIVE FEED
ML Supply Chain Compromise in DoD AI Integration

ML Supply Chain Compromise in DoD AI Integration

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.5 SecurityWeek

The US Department of Defense has formalised agreements with seven major technology companies — including Google, Microsoft, OpenAI, and Amazon Web Services — to integrate AI into classified military networks for battlefield decision support. The move raises significant AI security concerns around human oversight, adversarial manipulation of high-stakes AI systems, and supply chain risks introduced by multiple commercial vendors operating within classified environments. Notably, Anthropic was excluded following a public dispute over AI safety and ethics in warfare.

GPT-5.5 and Mythos Execute 32-Step Network Intrusion

GPT-5.5 and Mythos Execute 32-Step Network Intrusion

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 Ars Technica Security

The UK's AI Security Institute (AISI) found that OpenAI's GPT-5.5 matches Anthropic's Mythos Preview on cybersecurity benchmarks, including a 32-step simulated corporate network intrusion. Both models successfully completed the 'The Last Ones' data-extraction simulation — a first for any AI system — suggesting autonomous offensive cyber capability is a general frontier-model property, not a one-vendor breakthrough. The findings raise urgent questions about responsible release practices and the pace at which LLMs can independently execute multi-stage attacks.

Account Takeover Protection: OpenAI Hardens ChatGPT Auth

Account Takeover Protection: OpenAI Hardens ChatGPT Auth

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 Wired Security

OpenAI has introduced Advanced Account Security, an optional hardened authentication mode for ChatGPT and Codex users who face elevated risk of account takeover, including journalists, dissidents, and researchers. The feature enforces passkey or physical security key authentication, eliminates SMS/email recovery routes, and removes OpenAI support team access to recovery options to block social engineering attacks. Members of OpenAI's Trusted Access for Cyber programme will be mandated to enable it or provide equivalent enterprise SSO attestation by June 1.

GPT-5.5 Matches Claude Mythos in Vulnerability Discovery

GPT-5.5 Matches Claude Mythos in Vulnerability Discovery

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 Simon Willison

The UK's AI Security Institute has evaluated OpenAI's GPT-5.5 for offensive cybersecurity capabilities, finding it comparable to Anthropic's Claude Mythos model in identifying security vulnerabilities. Unlike Mythos, GPT-5.5 is generally available, meaning its vulnerability-discovery capabilities are accessible to a broad population including malicious actors. This raises significant concerns about the proliferation of AI-assisted exploitation tools at scale.

Agent Hijacking and Prompt Injection Threaten AI Payments

Agent Hijacking and Prompt Injection Threaten AI Payments

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 Wired Security

The FIDO Alliance, backed by Google and Mastercard, is forming working groups to establish cryptographic standards for authenticating AI agent-initiated transactions, addressing risks like agent hijacking, prompt injection, and unauthorised financial actions. The initiative responds to a growing attack surface where agentic AI systems act on behalf of users without adequate authentication frameworks. Google's Agent Payments Protocol (AP2) and Mastercard's Verifiable Intent framework are being contributed as open-source foundations for the effort.

GPT-5.4-Cyber Expansion Raises LLM Jailbreak Dual-Use Risks

GPT-5.4-Cyber Expansion Raises LLM Jailbreak Dual-Use Risks

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 SecurityWeek

OpenAI has expanded access to GPT-5.4-Cyber, a fine-tuned model designed for defensive cybersecurity applications, following Anthropic's reveal of its Mythos cybersecurity model. While framed as a defensive tool for legitimate security practitioners, the widened access to a capability-enhanced cybersecurity LLM raises dual-use concerns around potential misuse for offensive operations. The competitive dynamic between major AI labs in the security-focused model space signals a broader industry trend that warrants careful access control and policy scrutiny.

Anthropic Claude Mythos Sparks AI Vulnerability Storm Warning

Anthropic Claude Mythos Sparks AI Vulnerability Storm Warning

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 Dark Reading

The Cloud Security Alliance has issued a warning about an anticipated 'AI vulnerability storm' following the release of Anthropic's Claude Mythos model, urging CISOs to prepare defensive postures in advance of expected exploit activity. The advisory signals growing institutional concern that major LLM releases create systemic risk windows as adversaries probe new model capabilities and attack surfaces. Security leaders are being advised to treat post-release periods of frontier AI models as high-alert intervals requiring elevated monitoring and response readiness.

GenAI Security Risks: OWASP Updates LLM Top 10 Framework

GenAI Security Risks: OWASP Updates LLM Top 10 Framework

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 7.2 Dark Reading

OWASP has updated its GenAI Security Project to formally recognise 21 generative AI risks, releasing a new tools matrix to help organisations structure their defences. The update notably distinguishes between securing traditional GenAI systems and the emerging attack surface presented by agentic AI architectures. This guidance represents a significant standards-level acknowledgement that agentic AI requires its own dedicated security posture.

Anthropic Claude Prompt Injection Enables Excessive Agency

Anthropic Claude Prompt Injection Enables Excessive Agency

ATLAS OWASP LOW Limited impact · Standard review ▲ 6.2 CrowdStrike Blog

CrowdStrike, as a founding member of Anthropic's Mythos program, is highlighting the security challenges posed by increasingly capable frontier AI models, signaling a growing industry focus on securing agentic and large-scale AI systems. The article underscores the philosophical and practical position that AI capability gains must be matched by proportional security investment. While the piece is primarily a vendor partnership announcement and executive viewpoint, it reflects an important industry trend toward formalising AI-specific security frameworks and tooling.

US summons bank bosses over cyber risks from Anthropic's latest AI model

US summons bank bosses over cyber risks from Anthropic's latest AI model

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 8.5 HN AI Security

The US Treasury convened major bank executives to discuss cybersecurity risks posed by Anthropic's unreleased Claude Mythos model, which the company claims has surpassed nearly all human experts at finding and exploiting software vulnerabilities. A code leak prompted Anthropic to publicly acknowledge the model's unprecedented offensive cyber capability, raising systemic financial sector risk concerns. The meeting signals growing regulatory awareness of AI-enabled cyber threats to critical financial infrastructure.

Anthropic Mythos AI Autonomously Discovers Zero-Day Exploits

Anthropic Mythos AI Autonomously Discovers Zero-Day Exploits

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 Dark Reading

Anthropic has released a preview of 'Mythos,' an AI model reportedly capable of autonomously discovering and exploiting critical zero-day vulnerabilities, raising significant dual-use concerns. While Anthropic claims the model ships with access controls, the security community is scrutinising whether those safeguards are sufficient to prevent misuse by malicious actors. The development represents a pivotal moment in the arms race between offensive AI capabilities and defensive governance frameworks.

Shadow AI Governance Threats Across SaaS and Cloud Endpoints

Shadow AI Governance Threats Across SaaS and Cloud Endpoints

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 CrowdStrike Blog

CrowdStrike has announced new platform innovations targeting the governance of Shadow AI and the security of AI agents across endpoints, SaaS, and cloud environments. The release highlights growing enterprise concerns around unmanaged AI tool proliferation and the attack surface introduced by autonomous AI agents. These developments reflect an industry-wide shift toward operationalising AI-specific security controls within existing SOC workflows.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.