LIVE THREATS
MEDIUM AI Bills of Materials Emerge as Critical Tool for ML Supply Chain Risk // HIGH Anthropic's Claude Mythos Autonomously Uncovers 10,000 Critical Software Flaws // HIGH LLM Coding Agents Collapse Under Structural Constraints, Study Finds // MEDIUM SentinelOne Prompt Security Targets Agentic AI Trust Verification Gap // MEDIUM Google's Gemini Spark Agent Raises Prompt Injection Risks at Enterprise Scale // MEDIUM AI Agent Identity Sprawl Creates New Attack Surface in Enterprise IAM // MEDIUM AI Security Lacks Reliable Measurement: Why Benchmarks Alone Are Insufficient // HIGH Anthropic's Mythos AI Model Used to Find Exploitable macOS Kernel Vulnerability // MEDIUM Microsoft Open-Sources RAMPART and Clarity to Harden AI Agent Security // MEDIUM LLM Activation Steering Goes Local: Security Implications of Direct Model Manipulation //

Security Frameworks

AI SECURITYSecurity Frameworks

Grid the Grey maps every article to two industry-standard AI security frameworks. Here is a concise reference for both.

MITRE ATLAS

MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) is a knowledge base of adversarial tactics and techniques targeting AI/ML systems, maintained by MITRE Corporation.

It is structured analogously to the well-known MITRE ATT&CK framework but focused specifically on machine learning systems.

Technique ID format: AML.T#### (e.g. AML.T0051 — LLM Prompt Injection)

Key Tactic Categories

TacticDescription
ReconnaissanceGathering information about target ML systems
Resource DevelopmentAcquiring/staging resources for attacks
Initial AccessGaining entry to ML systems or pipelines
ML Attack StagingPreparing adversarial inputs or attacks
ExfiltrationStealing model parameters, training data, or outputs
ImpactDisrupting availability, integrity, or confidentiality of ML systems

Official MITRE ATLAS site

OWASP LLM Top 10

The OWASP LLM Top 10 is a standard awareness document for developers and security practitioners covering the most critical security risks in Large Language Model applications, published by the Open Worldwide Application Security Project (OWASP).

The 10 Categories

IDCategoryDescription
LLM01Prompt InjectionManipulating LLM behaviour via crafted inputs
LLM02Insecure Output HandlingFailing to validate/sanitise LLM outputs downstream
LLM03Training Data PoisoningCorrupting training data to influence model behaviour
LLM04Model Denial of ServiceCausing excessive resource consumption in LLM operations
LLM05Supply Chain VulnerabilitiesRisks in LLM components, training data, or deployment pipelines
LLM06Sensitive Information DisclosureLLMs revealing confidential data from training or context
LLM07Insecure Plugin DesignVulnerabilities in LLM plugins or tool integrations
LLM08Excessive AgencyLLM systems granted excessive permissions or autonomy
LLM09OverrelianceBlindly trusting LLM outputs without validation
LLM10Model TheftExtracting or reconstructing proprietary LLM parameters

Official OWASP LLM Top 10

How Grid the Grey Uses These Frameworks

When the pipeline processes a new article, Claude evaluates the content and maps it to applicable MITRE ATLAS technique IDs and OWASP LLM categories. This mapping appears in:

  • The Framework Analysis Panel on every article page
  • The MITRE ATLAS matrix — shows which techniques appear most in our coverage
  • The OWASP LLM matrix — shows which vulnerability categories are trending
  • The ATLAS and OWASP badges on article cards — click any badge to see the full matrix

See also: Scoring Methodology

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.