LIVE FEED
AI Agents Weaponise Vulnerability Discovery as AI-Generated Code Expands Attack Surface

AI Agents Weaponise Vulnerability Discovery as AI-Generated Code Expands Attack Surface

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 Dark Reading

AI agents are now capable of autonomously discovering and exploiting obscure software vulnerabilities, raising the stakes for defenders already struggling with the volume of potentially insecure AI-generated code flooding codebases. The convergence of agentic exploitation capabilities and mass AI-assisted development creates a compounding risk: more vulnerabilities introduced at scale, and more capable automated systems to find and abuse them. Security teams must adapt their tooling, processes, and threat models to account for both sides of this AI-driven equation.

node-ipc Supply Chain Backdoor Steals Cloud and AI Credentials

node-ipc Supply Chain Backdoor Steals Cloud and AI Credentials

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 7.2 The Hacker News

Three versions of the widely-used node-ipc npm package were found to contain obfuscated stealer/backdoor payloads published by an unauthorised maintainer account. The malware harvests 90 categories of developer secrets — including Claude AI and Kiro IDE configurations, AWS, Azure, and GCP credentials — and exfiltrates them via HTTPS and DNS tunnelling to an attacker-controlled domain. The compromise is notable for bypassing npm lifecycle hooks entirely and, in one version, targeting a specific developer via pre-computed SHA-256 fingerprinting.

Agent Hijacking: Microsoft's Defense-in-Depth Framework

Agent Hijacking: Microsoft's Defense-in-Depth Framework

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 7.2 Microsoft Security Blog

Microsoft's Security Blog introduces a layered defense-in-depth model specifically designed for autonomous AI agents, which now invoke tools, modify data, and trigger workflows with minimal human oversight. The framework identifies novel threat classes — including agent hijacking, intent breaking, and supply chain compromise — that are amplified by agentic autonomy. The guidance positions application-layer architecture, permissions, and governance as the most critical controls as agent autonomy scales.

Rust Compiler Tightens LLM Code Policy for Supply Chain

Rust Compiler Tightens LLM Code Policy for Supply Chain

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 HN AI Security

The Rust compiler project (rust-lang/rust) is formalising a policy governing LLM use in contributions, signalling growing institutional recognition of AI-generated code risks in critical infrastructure. The policy, proposed via pull request on rust-forge, is scoped to the core compiler repository and will be linked from contribution guidelines. This represents a significant governance precedent for open-source security-critical projects managing supply chain integrity amid widespread LLM-assisted development.

TanStack Supply Chain Attack Exposes OpenAI Keys

TanStack Supply Chain Attack Exposes OpenAI Keys

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 The Hacker News

A supply chain attack targeting TanStack via the Mini Shai-Hulud malware compromised two OpenAI employee devices, exposing internal source code repositories and code-signing certificates for macOS, iOS, and Windows apps. While no user data or production systems were breached, OpenAI was forced to revoke and reissue signing certificates, requiring macOS users to update ChatGPT Desktop, Codex, and Atlas apps before June 12, 2026. The incident marks OpenAI's second certificate rotation in two months and is part of a broader campaign by threat actor TeamPCP targeting major AI and open-source ecosystems.

TeamPCP Steals Mistral AI Source Code via Supply Chain

TeamPCP Steals Mistral AI Source Code via Supply Chain

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 BleepingComputer

The TeamPCP threat group has compromised Mistral AI's codebase management system via the Shai-Hulud software supply chain attack, stealing approximately 5GB of internal repositories covering training, fine-tuning, benchmarking, and inference pipelines. The hackers are demanding $25,000 for nearly 450 repositories or threatening to leak them publicly within a week. Mistral AI confirmed the breach but stated that core repositories, hosted services, managed user data, and research environments were not affected.

CVE-2026-45321: Supply Chain Worm Targets Mistral AI

CVE-2026-45321: Supply Chain Worm Targets Mistral AI

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 The Hacker News

The TeamPCP threat actor has executed a broad supply chain campaign dubbed Mini Shai-Hulud, injecting credential-stealing malware into npm and PyPI packages from major AI and developer tooling ecosystems including Mistral AI, Guardrails AI, and TanStack. The malware profiles execution environments, exfiltrates cloud, CI, and AI tool credentials, and establishes persistence inside Claude Code and VS Code IDEs. The TanStack compromise alone affected 42 packages and 84 versions, exploiting a chained GitHub Actions attack to inject malicious payloads without stealing npm tokens directly.

PromptSpy Zero-Day: AI-Generated Malware for Mass Exploitation

PromptSpy Zero-Day: AI-Generated Malware for Mass Exploitation

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 Mandiant Blog

Google's Threat Intelligence Group (GTIG) has identified, for the first time, a criminal threat actor using a zero-day exploit believed to have been AI-generated, intended for mass exploitation before proactive counter-discovery intervened. The report also documents AI-augmented malware development, autonomous attack orchestration via AI-enabled malware (PROMPTSPY), and obfuscated LLM access pipelines used by adversaries to bypass usage controls. Nation-state actors from China and North Korea are actively pursuing AI-assisted vulnerability discovery, marking a significant escalation in adversarial AI capability.

Typosquatted OpenAI Repo Delivers Rust Infostealer to 244K Users

Typosquatted OpenAI Repo Delivers Rust Infostealer to 244K Users

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 8.5 The Hacker News

A malicious Hugging Face repository impersonated OpenAI's legitimate Privacy Filter model, cloning its description verbatim to gain credibility and reach the platform's trending list with 244,000 downloads. The repository delivered a multi-stage attack chain culminating in a Rust-based information stealer targeting browser credentials, cryptocurrency wallets, and Discord data on Windows machines. The attack leveraged a dead-drop resolver pattern via a public JSON paste service, allowing operators to swap payloads without modifying the repository itself.

Hugging Face Supply Chain: Fake OpenAI Infostealer Hits 244K

Hugging Face Supply Chain: Fake OpenAI Infostealer Hits 244K

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 BleepingComputer

A malicious Hugging Face repository impersonating OpenAI's 'Privacy Filter' project reached #1 on the platform's trending list and accumulated 244,000 downloads before removal, delivering a multi-stage infostealer to Windows users. The attack chain used a disguised Python loader to execute PowerShell commands, ultimately deploying a Rust-based payload capable of harvesting browser credentials, crypto wallets, SSH/VPN configs, and screenshots. The campaign highlights the growing risk of AI/ML supply chain attacks through trusted model-sharing platforms.

Beagle Backdoor Deployed Through Fake Claude Website

Beagle Backdoor Deployed Through Fake Claude Website

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.5 BleepingComputer

Threat actors created a convincing fake website impersonating Anthropic's Claude AI to trick developers into downloading a trojanized installer that deploys the new 'Beagle' backdoor alongside a PlugX malware chain. The campaign specifically targets Claude-Code developers by advertising a fraudulent 'high-performance relay service,' suggesting deliberate targeting of the AI developer community. The attack leverages DLL sideloading via a legitimate signed G Data executable to evade detection while establishing persistent remote access.

TrustFall: Repository Poisoning RCE in AI Coding Tools

TrustFall: Repository Poisoning RCE in AI Coding Tools

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 Dark Reading

A vulnerability class dubbed 'TrustFall' demonstrates that malicious code repositories can trigger arbitrary code execution in AI-assisted developer tools including Claude Code, Cursor CLI, Gemini CLI, and GitHub Copilot CLI, with little to no user interaction required. The attack surface stems from inadequate or easily dismissed warning dialogs that fail to surface the risk of executing untrusted repository content. Developers cloning or opening adversarial repositories are exposed to full host-level compromise through the elevated trust these AI coding agents place in repository-supplied context.

Claude Code OAuth Token Theft via npm Supply Chain

Claude Code OAuth Token Theft via npm Supply Chain

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 9.1 SecurityWeek

Mitiga Labs has disclosed a stealthy attack chain targeting Claude Code's MCP infrastructure, allowing adversaries to silently intercept OAuth tokens by redirecting MCP traffic through attacker-controlled infrastructure. The attack requires only the ability to install a malicious npm package, which modifies ~/.claude.json to insert a proxy and pre-sets trust flags to suppress security prompts. Because the OAuth token grants broad access to all connected SaaS tools, successful exploitation effectively hands attackers a persistent master key to the victim's integrated development environment.

PyTorch Lightning Package Backdoor Steals Developer Credentials

PyTorch Lightning Package Backdoor Steals Developer Credentials

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 BleepingComputer

A malicious version of PyTorch Lightning (v2.6.3) was published to PyPI, embedding a hidden execution chain that silently downloads a JavaScript runtime and executes a heavily obfuscated credential-stealing payload dubbed 'ShaiWorm'. The attack targeted AI/ML developers who use this popular deep learning framework, exposing cloud credentials, API keys, browser-stored secrets, and GitHub tokens. The package has since been reverted to a safe version, but any developer who imported the compromised version should rotate all secrets immediately.

ML Supply Chain Compromise in DoD AI Integration

ML Supply Chain Compromise in DoD AI Integration

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.5 SecurityWeek

The US Department of Defense has formalised agreements with seven major technology companies — including Google, Microsoft, OpenAI, and Amazon Web Services — to integrate AI into classified military networks for battlefield decision support. The move raises significant AI security concerns around human oversight, adversarial manipulation of high-stakes AI systems, and supply chain risks introduced by multiple commercial vendors operating within classified environments. Notably, Anthropic was excluded following a public dispute over AI safety and ethics in warfare.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.