https://gridthegrey.com/Real-time AI security intelligence — adversarial ML, LLM vulnerabilities, and supply chain threats mapped to MITRE ATLAS and OWASP LLM Top 10.Hugoen-usFri, 22 May 2026 07:53:20 +0530https://gridthegrey.com/posts/google-s-gemini-spark-agent-raises-prompt-injection-risks-at-enterprise-scale/Fri, 22 May 2026 02:23:05 +0000https://gridthegrey.com/posts/google-s-gemini-spark-agent-raises-prompt-injection-risks-at-enterprise-scale/Threat Level: MEDIUMPrompt InjectionAgentic AILLM SecuritySupply ChainIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0010 - ML Supply Chain CompromiseGoogle's newly announced Gemini Spark personal AI agent, integrated with Gmail, Drive, Calendar, and other sensitive Google services, presents a significant prompt injection attack surface as it processes user data at scale. The article highlights that Google's published security mitigations — ephemeral VMs, Agent Gateway, and DLP policies — address infrastructure isolation but do not directly address the prompt injection vector inherent to LLM-powered agents processing untrusted content. Additionally, the transition from open-source Gemini CLI to a closed-source Antigravity CLI raises supply chain transparency concerns.https://gridthegrey.com/posts/ai-agent-identity-sprawl-creates-new-attack-surface-in-enterprise-iam/Fri, 22 May 2026 02:22:18 +0000https://gridthegrey.com/posts/ai-agent-identity-sprawl-creates-new-attack-surface-in-enterprise-iam/Threat Level: MEDIUMAgentic AIIndustry NewsRegulatoryAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceAs AI agents proliferate across enterprise environments, their associated non-human identities are introducing governance and security gaps that traditional IAM frameworks were not designed to handle. New Omdia research highlights that AI agent identity management demands distinct budget allocations and security controls separate from conventional IAM programs. The failure to properly secure and govern these machine identities exposes organisations to credential abuse, privilege escalation, and lateral movement risks.https://gridthegrey.com/posts/ai-security-lacks-reliable-measurement-why-benchmarks-alone-are-insufficient/Fri, 22 May 2026 02:21:32 +0000https://gridthegrey.com/posts/ai-security-lacks-reliable-measurement-why-benchmarks-alone-are-insufficient/Threat Level: MEDIUMLLM SecurityResearchRegulatoryIndustry NewsAML.T0031 - Erode ML Model IntegrityAML.T0047 - ML-Enabled Product or ServiceAML.T0044 - Full ML Model AccessA report highlighted by Bruce Schneier argues that AI security cannot be reliably measured through benchmarks alone, drawing parallels to the decades-long evolution of software security engineering. The core finding is that LLM weight spaces encode continuous spectrums that resist meaningful quantitative measurement, making trust in model outputs structurally difficult to establish. The practical implication is that organisations must rely on assurance processes rather than scorecards to manage AI security risk.https://gridthegrey.com/posts/anthropic-s-mythos-ai-model-used-to-find-exploitable-macos-kernel-vulnerability/Fri, 22 May 2026 02:20:55 +0000https://gridthegrey.com/posts/anthropic-s-mythos-ai-model-used-to-find-exploitable-macos-kernel-vulnerability/Threat Level: HIGHLLM SecurityAgentic AIResearchIndustry NewsAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataAML.T0040 - ML Model Inference API AccessA threat group leveraged Anthropic's Mythos AI model to identify and exploit a kernel memory corruption vulnerability in Apple's M5 chip running macOS. This represents a concrete, reported instance of AI-assisted vulnerability research being used offensively to discover low-level hardware-adjacent exploits. The incident underscores the dual-use danger of increasingly capable AI coding and reasoning models in the hands of adversarial actors.https://gridthegrey.com/posts/microsoft-open-sources-rampart-and-clarity-to-harden-ai-agent-security/Fri, 22 May 2026 02:18:06 +0000https://gridthegrey.com/posts/microsoft-open-sources-rampart-and-clarity-to-harden-ai-agent-security/Threat Level: MEDIUMLLM SecurityPrompt InjectionAgentic AIResearchIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataMicrosoft has released two open-source tools, RAMPART and Clarity, aimed at embedding security testing into AI agent development workflows. RAMPART extends the existing PyRIT framework with a Pytest-native harness for running adversarial and safety tests against AI agents, explicitly covering cross-prompt injection, data exfiltration, and behavioural regression scenarios. Clarity operates as a pre-code design analysis tool, helping teams surface and challenge unsafe assumptions before an agentic system is built.https://gridthegrey.com/posts/llm-activation-steering-goes-local-security-implications-of-direct-model/Sun, 17 May 2026 02:17:55 +0000https://gridthegrey.com/posts/llm-activation-steering-goes-local-security-implications-of-direct-model/Threat Level: MEDIUMLLM SecurityAdversarial MLJailbreaksResearchAML.T0044 - Full ML Model AccessAML.T0054 - LLM JailbreakAML.T0031 - Erode ML Model IntegrityAML.T0015 - Evade ML ModelActivation steering — the technique of directly manipulating LLM internal representations mid-inference to alter model behaviour — is becoming more accessible to non-lab engineers via local models like DeepSeek-V4-Flash. This democratisation lowers the barrier for adversaries to craft targeted behavioural overrides that bypass prompt-level safety controls. The emergence of first-class steering support in tools like DwarfStar 4 signals that model-internal manipulation is transitioning from academic curiosity to practical attack surface.https://gridthegrey.com/posts/ai-agents-weaponise-vulnerability-discovery-as-ai-generated-code-expands-attack/Sun, 17 May 2026 02:16:12 +0000https://gridthegrey.com/posts/ai-agents-weaponise-vulnerability-discovery-as-ai-generated-code-expands-attack/Threat Level: HIGHAgentic AILLM SecuritySupply ChainIndustry NewsAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataAML.T0010 - ML Supply Chain CompromiseAML.T0051 - LLM Prompt InjectionAI agents are now capable of autonomously discovering and exploiting obscure software vulnerabilities, raising the stakes for defenders already struggling with the volume of potentially insecure AI-generated code flooding codebases. The convergence of agentic exploitation capabilities and mass AI-assisted development creates a compounding risk: more vulnerabilities introduced at scale, and more capable automated systems to find and abuse them. Security teams must adapt their tooling, processes, and threat models to account for both sides of this AI-driven equation.https://gridthegrey.com/posts/four-openclaw-flaws-chain-together-for-full-ai-agent-compromise/Fri, 15 May 2026 21:24:57 +0000https://gridthegrey.com/posts/four-openclaw-flaws-chain-together-for-full-ai-agent-compromise/Threat Level: CRITICALAgentic AILLM SecurityPrompt InjectionResearchAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0018 - Backdoor ML ModelAML.T0047 - ML-Enabled Product or ServiceAML.T0012 - Valid AccountsResearchers at Cyera disclosed four vulnerabilities in OpenClaw, an AI agent runtime platform, that can be chained to achieve credential theft, privilege escalation, and persistent backdoor access. The attack chain, dubbed 'Claw Chain', exploits sandbox escapes, allowlist bypasses, and a spoofable ownership flag in the MCP loopback runtime to weaponise the agent's own privileges against the host environment. All four CVEs have been patched in OpenClaw version 2026.4.22 and users should update immediately.https://gridthegrey.com/posts/malicious-node-ipc-versions-target-cloud-ai-tool-credentials-via-supply-chain/Fri, 15 May 2026 21:24:13 +0000https://gridthegrey.com/posts/malicious-node-ipc-versions-target-cloud-ai-tool-credentials-via-supply-chain/Threat Level: CRITICALSupply ChainLLM SecurityIndustry NewsAML.T0010 - ML Supply Chain CompromiseAML.T0012 - Valid AccountsAML.T0057 - LLM Data LeakageThree versions of the widely-used node-ipc npm package were found to contain obfuscated stealer/backdoor payloads published by an unauthorised maintainer account. The malware harvests 90 categories of developer secrets — including Claude AI and Kiro IDE configurations, AWS, Azure, and GCP credentials — and exfiltrates them via HTTPS and DNS tunnelling to an attacker-controlled domain. The compromise is notable for bypassing npm lifecycle hooks entirely and, in one version, targeting a specific developer via pre-computed SHA-256 fingerprinting.https://gridthegrey.com/posts/microsoft-outlines-defense-in-depth-framework-for-autonomous-ai-agents/Fri, 15 May 2026 21:22:59 +0000https://gridthegrey.com/posts/microsoft-outlines-defense-in-depth-framework-for-autonomous-ai-agents/Threat Level: MEDIUMAgentic AILLM SecurityPrompt InjectionSupply ChainResearchAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0010 - ML Supply Chain CompromiseAML.T0047 - ML-Enabled Product or ServiceAML.T0054 - LLM JailbreakMicrosoft's Security Blog introduces a layered defense-in-depth model specifically designed for autonomous AI agents, which now invoke tools, modify data, and trigger workflows with minimal human oversight. The framework identifies novel threat classes — including agent hijacking, intent breaking, and supply chain compromise — that are amplified by agentic autonomy. The guidance positions application-layer architecture, permissions, and governance as the most critical controls as agent autonomy scales.https://gridthegrey.com/posts/rust-compiler-project-drafts-formal-llm-contribution-policy/Fri, 15 May 2026 21:18:40 +0000https://gridthegrey.com/posts/rust-compiler-project-drafts-formal-llm-contribution-policy/Threat Level: MEDIUMSupply ChainRegulatoryIndustry NewsLLM SecurityAML.T0010 - ML Supply Chain CompromiseAML.T0020 - Poison Training DataAML.T0031 - Erode ML Model IntegrityThe Rust compiler project (rust-lang/rust) is formalising a policy governing LLM use in contributions, signalling growing institutional recognition of AI-generated code risks in critical infrastructure. The policy, proposed via pull request on rust-forge, is scoped to the core compiler repository and will be linked from contribution guidelines. This represents a significant governance precedent for open-source security-critical projects managing supply chain integrity amid widespread LLM-assisted development.https://gridthegrey.com/posts/tanstack-supply-chain-attack-compromises-openai-developer-devices-and-signing/Fri, 15 May 2026 21:16:27 +0000https://gridthegrey.com/posts/tanstack-supply-chain-attack-compromises-openai-developer-devices-and-signing/Threat Level: HIGHSupply ChainIndustry NewsLLM SecurityAML.T0010 - ML Supply Chain CompromiseAML.T0012 - Valid AccountsAML.T0047 - ML-Enabled Product or ServiceA supply chain attack targeting TanStack via the Mini Shai-Hulud malware compromised two OpenAI employee devices, exposing internal source code repositories and code-signing certificates for macOS, iOS, and Windows apps. While no user data or production systems were breached, OpenAI was forced to revoke and reissue signing certificates, requiring macOS users to update ChatGPT Desktop, Codex, and Atlas apps before June 12, 2026. The incident marks OpenAI's second certificate rotation in two months and is part of a broader campaign by threat actor TeamPCP targeting major AI and open-source ecosystems.https://gridthegrey.com/posts/teampcp-steals-5gb-of-mistral-ai-source-code-via-supply-chain-attack/Fri, 15 May 2026 21:14:57 +0000https://gridthegrey.com/posts/teampcp-steals-5gb-of-mistral-ai-source-code-via-supply-chain-attack/Threat Level: HIGHSupply ChainModel TheftLLM SecurityIndustry NewsAML.T0010 - ML Supply Chain CompromiseAML.T0044 - Full ML Model AccessAML.T0057 - LLM Data LeakageAML.T0012 - Valid AccountsThe TeamPCP threat group has compromised Mistral AI's codebase management system via the Shai-Hulud software supply chain attack, stealing approximately 5GB of internal repositories covering training, fine-tuning, benchmarking, and inference pipelines. The hackers are demanding $25,000 for nearly 450 repositories or threatening to leak them publicly within a week. Mistral AI confirmed the breach but stated that core repositories, hosted services, managed user data, and research environments were not affected.https://gridthegrey.com/posts/agentic-ai-red-teaming-emerges-as-defence-against-ai-speed-attack-chains/Thu, 14 May 2026 04:48:10 +0000https://gridthegrey.com/posts/agentic-ai-red-teaming-emerges-as-defence-against-ai-speed-attack-chains/Threat Level: MEDIUMAgentic AILLM SecurityIndustry NewsResearchAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataSweet Security has launched 'Sweet Attack', a continuous agentic AI red teaming platform designed to counter the growing asymmetry between AI-assisted attackers and human defenders — a tipping point the industry has termed the 'Mythos Moment'. The platform differentiates itself by grounding frontier model reasoning in live runtime telemetry from each customer's own environment, including topology, identity paths, and unencrypted Layer 7 exposure, to identify genuinely exploitable attack chains rather than theoretical ones. The development signals a broader industry shift toward autonomous, environment-aware AI agents as a necessary component of modern security operations.https://gridthegrey.com/posts/ai-agents-weaponised-to-generate-custom-attack-tools-in-latam-campaigns/Thu, 14 May 2026 04:46:57 +0000https://gridthegrey.com/posts/ai-agents-weaponised-to-generate-custom-attack-tools-in-latam-campaigns/Threat Level: HIGHAgentic AILLM SecurityJailbreaksIndustry NewsAML.T0047 - ML-Enabled Product or ServiceAML.T0051 - LLM Prompt InjectionAML.T0054 - LLM JailbreakAML.T0043 - Craft Adversarial DataTwo threat campaigns targeting organisations in Mexico and Brazil have leveraged AI agents to dynamically generate customised hacking tools, marking a notable escalation in automated, AI-assisted cyberattacks. The use of AI agents for on-the-fly tool generation lowers the technical barrier for attackers and accelerates the attack cycle. This represents a concrete, in-the-wild demonstration of agentic AI being exploited as an offensive capability.https://gridthegrey.com/posts/gpt-5-5-matches-specialist-models-in-vulnerability-discovery-democratising-cyber/Thu, 14 May 2026 04:46:14 +0000https://gridthegrey.com/posts/gpt-5-5-matches-specialist-models-in-vulnerability-discovery-democratising-cyber/Threat Level: HIGHLLM SecurityResearchIndustry NewsJailbreaksAML.T0047 - ML-Enabled Product or ServiceAML.T0054 - LLM JailbreakAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataThe UK AI Security Institute has evaluated GPT-5.5 and found it comparable to Claude Mythos in identifying security vulnerabilities, with both models now generally available to the public. This parity raises serious concerns about the lowered barrier to entry for offensive cyber operations, as adversaries can leverage widely accessible models for vulnerability research. Commentary from security experts highlights that LLM-based vulnerability discovery is constrained to known attack patterns, but the existence of jailbreaks means guardrails provide only partial mitigation.https://gridthegrey.com/posts/microsoft-mdash-agentic-ai-system-discovers-16-critical-windows-vulnerabilities/Thu, 14 May 2026 04:45:04 +0000https://gridthegrey.com/posts/microsoft-mdash-agentic-ai-system-discovers-16-critical-windows-vulnerabilities/Threat Level: HIGHAgentic AIResearchIndustry NewsLLM SecurityAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataMicrosoft has disclosed MDASH, a multi-model agentic AI scanning system that autonomously discovered 16 vulnerabilities patched in May 2026's Patch Tuesday, including two critical RCE flaws. The system orchestrates over 100 specialised AI agents in a structured pipeline covering auditing, debating, and proof-of-exploitability stages. MDASH represents a significant shift in how AI is being deployed offensively and defensively within the vulnerability research lifecycle, with direct implications for how agentic AI systems are trusted, scoped, and governed.https://gridthegrey.com/posts/openai-daybreak-deploys-agentic-ai-models-for-vulnerability-detection-and/Wed, 13 May 2026 08:28:06 +0000https://gridthegrey.com/posts/openai-daybreak-deploys-agentic-ai-models-for-vulnerability-detection-and/Threat Level: MEDIUMAgentic AILLM SecurityIndustry NewsResearchAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0054 - LLM JailbreakAML.T0051 - LLM Prompt InjectionOpenAI has launched Daybreak, an AI-powered cybersecurity platform combining GPT-5.5 variants and Codex Security to automate vulnerability detection, threat modelling, and patch validation for enterprise codebases. The initiative introduces a tiered model access structure — including a permissive 'GPT-5.5-Cyber' for red teaming — raising questions about dual-use risk and model misuse if access controls are circumvented. The rollout also contextualises a broader industry tension: AI is accelerating vulnerability discovery faster than defenders can remediate, contributing to triage fatigue and hallucinated bug reports.https://gridthegrey.com/posts/state-machine-guardrails-proposed-to-rein-in-uncontrolled-ai-agent-tool-access/Wed, 13 May 2026 08:26:56 +0000https://gridthegrey.com/posts/state-machine-guardrails-proposed-to-rein-in-uncontrolled-ai-agent-tool-access/Threat Level: LOWAgentic AILLM SecurityResearchIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0047 - ML-Enabled Product or ServiceStatewright is an open-source framework that enforces state machine constraints on AI agents, restricting which tools agents can invoke during each phase of a workflow. The project directly addresses the Excessive Agency problem, where AI agents operating with broad, unconstrained tool access can take unintended or harmful actions. While a defensive development rather than a threat disclosure, it signals growing practitioner awareness of agentic AI risk and offers a concrete mitigation pattern for teams deploying coding agents like Claude Code, Codex, or Cursor.https://gridthegrey.com/posts/supply-chain-worm-compromises-mistral-ai-guardrails-ai-and-tanstack-packages/Wed, 13 May 2026 08:08:33 +0000https://gridthegrey.com/posts/supply-chain-worm-compromises-mistral-ai-guardrails-ai-and-tanstack-packages/Threat Level: CRITICALSupply ChainLLM SecurityAgentic AIIndustry NewsAML.T0010 - ML Supply Chain CompromiseAML.T0047 - ML-Enabled Product or ServiceAML.T0018 - Backdoor ML ModelAML.T0057 - LLM Data LeakageThe TeamPCP threat actor has executed a broad supply chain campaign dubbed Mini Shai-Hulud, injecting credential-stealing malware into npm and PyPI packages from major AI and developer tooling ecosystems including Mistral AI, Guardrails AI, and TanStack. The malware profiles execution environments, exfiltrates cloud, CI, and AI tool credentials, and establishes persistence inside Claude Code and VS Code IDEs. The TanStack compromise alone affected 42 packages and 84 versions, exploiting a chained GitHub Actions attack to inject malicious payloads without stealing npm tokens directly.