https://gridthegrey.com/Real-time AI security intelligence — adversarial ML, LLM vulnerabilities, and supply chain threats mapped to MITRE ATLAS and OWASP LLM Top 10.Hugoen-usWed, 10 Jun 2026 18:54:23 +0530https://gridthegrey.com/posts/ai-email-agent-susceptible-to-classic-phishing-tactics-leaks-credentials-and-crm/Wed, 10 Jun 2026 13:24:07 +0000https://gridthegrey.com/posts/ai-email-agent-susceptible-to-classic-phishing-tactics-leaks-credentials-and-crm/Threat Level: HIGHAgentic AILLM SecurityPrompt InjectionResearchAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0012 - Valid AccountsVaronis Threat Labs demonstrated that the OpenClaw open-source AI agent framework is vulnerable to social engineering attacks analogous to those used against human targets, successfully tricking the agent into exfiltrating AWS credentials, database secrets, and CRM exports to attacker-controlled addresses. The research tested two LLMs (Gemini 3.1 Pro and GPT-5.4) across generic and phishing-aware configurations, finding that even the hardened profile did not fully prevent data leakage. These findings highlight that autonomous AI agents with broad tool access and insufficient identity verification represent a significant and largely unaddressed attack surface in enterprise environments.https://gridthegrey.com/posts/anthropic-mythos-threatens-bug-bounty-industry-with-machine-speed-vulnerability/Wed, 10 Jun 2026 13:23:03 +0000https://gridthegrey.com/posts/anthropic-mythos-threatens-bug-bounty-industry-with-machine-speed-vulnerability/Threat Level: MEDIUMAgentic AIIndustry NewsResearchLLM SecurityAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0044 - Full ML Model AccessAnthropic's Claude Mythos model is accelerating automated vulnerability discovery to a degree that may fundamentally disrupt the bug bounty and offensive security industries. As AI transitions from a force multiplier to a potential replacement for human security researchers, the economics and structure of vulnerability disclosure programs face significant pressure. The shift raises critical questions about the future of human-led offensive security and whether AI-generated findings will saturate or devalue traditional bounty programs.https://gridthegrey.com/posts/anthropic-s-mythos-class-claude-fable-5-ships-with-cybersecurity-fallback/Wed, 10 Jun 2026 13:21:39 +0000https://gridthegrey.com/posts/anthropic-s-mythos-class-claude-fable-5-ships-with-cybersecurity-fallback/Threat Level: MEDIUMLLM SecurityJailbreaksAgentic AIIndustry NewsRegulatoryAML.T0054 - LLM JailbreakAML.T0051 - LLM Prompt InjectionAML.T0015 - Evade ML ModelAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceAnthropic has released Claude Fable 5, a high-capability 'Mythos-class' model that automatically falls back to a less capable model (Claude Opus 4.8) when queries touch sensitive domains like cybersecurity and biology. The company conducted over 1,000 hours of external red-teaming with no universal jailbreaks discovered, though it openly acknowledges financially motivated adversaries will attempt to circumvent these controls. Trusted cybersecurity partners under Project Glasswing receive elevated access to the full Mythos 5 capabilities, raising questions about insider risk and tiered trust model security.https://gridthegrey.com/posts/claude-mythos-weaponises-n-day-vulnerabilities-into-working-exploits-within/Wed, 10 Jun 2026 13:20:58 +0000https://gridthegrey.com/posts/claude-mythos-weaponises-n-day-vulnerabilities-into-working-exploits-within/Threat Level: CRITICALLLM SecurityJailbreaksAgentic AIResearchIndustry NewsAML.T0047 - ML-Enabled Product or ServiceAML.T0054 - LLM JailbreakAML.T0043 - Craft Adversarial DataAML.T0044 - Full ML Model AccessAnthropic's Claude Mythos Preview model demonstrated the ability to generate functional proof-of-concept exploits targeting known Firefox and Windows vulnerabilities within minutes to hours, compressing the traditional patch gap window dramatically. Testing also revealed that public Anthropic models with safety guardrails disabled could produce working exploits, though at a lower success rate than Mythos. The findings underscore how frontier LLMs are shifting the threat landscape for unpatched N-day vulnerabilities by automating and accelerating exploit development previously bottlenecked by scarce reverse engineering expertise.https://gridthegrey.com/posts/microsoft-publishes-investigator-playbook-for-ai-telemetry-and-incident/Wed, 10 Jun 2026 12:06:48 +0000https://gridthegrey.com/posts/microsoft-publishes-investigator-playbook-for-ai-telemetry-and-incident/Threat Level: MEDIUMLLM SecurityPrompt InjectionAgentic AIResearchIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0040 - ML Model Inference API AccessAML.T0012 - Valid AccountsMicrosoft has released a structured investigator playbook for reconstructing AI-related activity across Microsoft 365 Copilot and Azure AI services, addressing the challenge of converting raw telemetry into coherent incident timelines. The playbook targets threats already observed in enterprise deployments, including prompt injection attempts and unauthorized data access, and operationalizes a scope–context–signal methodology across Purview, Defender, and Sentinel. This guidance directly supports security teams responding to AI-specific incidents where unstructured telemetry has previously hindered attribution and impact assessment.https://gridthegrey.com/posts/self-replicating-ai-worm-uses-local-llm-to-generate-exploits-at-runtime/Wed, 10 Jun 2026 12:05:13 +0000https://gridthegrey.com/posts/self-replicating-ai-worm-uses-local-llm-to-generate-exploits-at-runtime/Threat Level: CRITICALAgentic AILLM SecurityResearchAdversarial MLAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataAML.T0044 - Full ML Model AccessAML.T0051 - LLM Prompt InjectionUniversity of Toronto researchers demonstrated a proof-of-concept AI worm that leverages a locally hosted open-weight LLM to autonomously reason through network targets, generate novel exploit chains at runtime, and self-replicate — achieving 62% network penetration across a 33-host testbed with no human intervention. Unlike traditional worms with fixed payloads, this system bypasses conventional patch-based defences by dynamically adapting attack logic to whatever vulnerabilities it discovers. The use of offline open-weight models eliminates dependency on commercial AI APIs, making it resilient to rate-limiting or platform-level safety controls.https://gridthegrey.com/posts/miasma-worm-targets-ai-coding-agents-via-poisoned-microsoft-packages/Tue, 09 Jun 2026 10:45:08 +0000https://gridthegrey.com/posts/miasma-worm-targets-ai-coding-agents-via-poisoned-microsoft-packages/Threat Level: CRITICALSupply ChainAgentic AILLM SecurityIndustry NewsAML.T0010 - ML Supply Chain CompromiseAML.T0012 - Valid AccountsAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageSeventy-three Microsoft-hosted open source packages were compromised with the Miasma credential-stealing worm, which activates specifically when developers open packages inside AI coding agents. The malware, attributed to threat actor TeamPCP, exploits legitimate OIDC token workflows and SLSA provenance attestation to bypass supply-chain integrity checks and spread laterally across cloud infrastructure. This marks the second such compromise of an official Microsoft repository in as many months, indicating a sustained campaign targeting developer toolchains and the AI-assisted development pipeline.https://gridthegrey.com/posts/ai-security-m-a-surge-agentic-identity-llm-evaluation-and-browser-control/Mon, 08 Jun 2026 14:06:27 +0000https://gridthegrey.com/posts/ai-security-m-a-surge-agentic-identity-llm-evaluation-and-browser-control/Threat Level: MEDIUMAgentic AILLM SecurityIndustry NewsSupply ChainAML.T0047 - ML-Enabled Product or ServiceAML.T0012 - Valid AccountsAML.T0057 - LLM Data LeakageAML.T0040 - ML Model Inference API AccessMay 2026 saw a wave of cybersecurity acquisitions with a clear focus on securing AI agents and LLM infrastructure, including Cisco's ~$400M acquisition of Astrix Security for non-human identity management and Check Point's acquisition of Deepchecks for LLM evaluation and continuous monitoring. Akamai also moved to acquire LayerX for AI usage control and agentic activity visibility across browsers and IDEs. These deals signal that enterprise security vendors are racing to build defensive capabilities around the expanding agentic AI attack surface.https://gridthegrey.com/posts/claude-code-github-action-leaked-ci-cd-secrets-via-prompt-injection/Mon, 08 Jun 2026 14:05:30 +0000https://gridthegrey.com/posts/claude-code-github-action-leaked-ci-cd-secrets-via-prompt-injection/Threat Level: HIGHPrompt InjectionAgentic AILLM SecuritySupply ChainResearchAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataMicrosoft Threat Intelligence disclosed a vulnerability in Anthropic's Claude Code GitHub Action whereby prompt injection via untrusted GitHub content — issue bodies, PR descriptions, and comments — could cause the AI agent to read sensitive environment variables, including the ANTHROPIC_API_KEY, from /proc/self/environ. The flaw stemmed from inconsistent sandboxing: while subprocess execution paths like Bash were scrubbed of environment variables, the Read tool had no equivalent restriction. Anthropic patched the issue in Claude Code version 2.1.128 by blocking access to sensitive /proc filesystem paths.https://gridthegrey.com/posts/gartner-flags-deepfakes-and-prompt-injection-among-top-attacker-advantages/Mon, 08 Jun 2026 14:05:30 +0000https://gridthegrey.com/posts/gartner-flags-deepfakes-and-prompt-injection-among-top-attacker-advantages/Threat Level: HIGHLLM SecurityPrompt InjectionAdversarial MLIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0043 - Craft Adversarial DataAML.T0047 - ML-Enabled Product or ServiceAML.T0054 - LLM JailbreakGartner analysts have identified deepfakes and prompt injection as two of four critical emerging threats where attackers currently hold a structural advantage over defenders. The advisory signals growing institutional recognition that AI-native attack vectors are maturing faster than enterprise defenses. Organizations are urged to treat these threats as priority items requiring immediate defensive investment.https://gridthegrey.com/posts/openai-lockdown-mode-targets-prompt-injection-data-exfiltration-vector/Mon, 08 Jun 2026 14:04:03 +0000https://gridthegrey.com/posts/openai-lockdown-mode-targets-prompt-injection-data-exfiltration-vector/Threat Level: MEDIUMLLM SecurityPrompt InjectionIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceOpenAI has rolled out 'Lockdown Mode' for ChatGPT personal and self-serve business accounts, a deterministic control designed to block the data exfiltration leg of prompt injection attacks. The feature directly addresses the 'Lethal Trifecta' — the combination of private data access, untrusted content exposure, and an outbound exfiltration channel — by restricting outbound network requests at the infrastructure level rather than relying on AI-evaluated guardrails. Critically, OpenAI's own documentation acknowledges the feature's existence implies that default ChatGPT settings do not robustly prevent determined data exfiltration attacks.https://gridthegrey.com/posts/prototype-ai-worm-carries-embedded-llm-for-decentralised-self-propagation/Mon, 08 Jun 2026 14:04:03 +0000https://gridthegrey.com/posts/prototype-ai-worm-carries-embedded-llm-for-decentralised-self-propagation/Threat Level: HIGHLLM SecurityAgentic AIAdversarial MLResearchAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataAML.T0051 - LLM Prompt InjectionResearchers have prototyped an internet worm that bundles its own large language model, executing it on compromised hosts to enable fully decentralised propagation with no single point of control. The design mirrors John Brunner's 1975 fictional conception of a worm and echoes the destructive potential of WannaCry and NotPetya, but with the added capability of dynamically generating novel attacks by ingesting recent public vulnerability disclosures. The absence of a command-and-control chokepoint makes traditional takedown strategies ineffective, significantly raising the threat posed by AI-augmented malware.https://gridthegrey.com/posts/unauthorized-access-to-anthropic-s-claude-mythos-exposes-agentic-ai-defense/Mon, 08 Jun 2026 14:02:42 +0000https://gridthegrey.com/posts/unauthorized-access-to-anthropic-s-claude-mythos-exposes-agentic-ai-defense/Threat Level: HIGHAgentic AILLM SecuritySupply ChainData PoisoningIndustry NewsAML.T0020 - Poison Training DataAML.T0010 - ML Supply Chain CompromiseAML.T0040 - ML Model Inference API AccessAML.T0044 - Full ML Model AccessAML.T0057 - LLM Data LeakageAML.T0012 - Valid AccountsA reported unauthorized access to Anthropic's Claude Mythos model within hours of its limited technical preview highlights acute security risks as agentic AI is deployed across classified defense and intelligence networks. The incident underscores vulnerabilities specific to AI infrastructure in high-security environments, including training data poisoning, access control failures, and cross-domain classification boundary erosion. Secure IT infrastructure, governed access, and cross-domain data controls are identified as prerequisites for safe AI deployment at mission scale.https://gridthegrey.com/posts/microsoft-scout-autonomous-agent-expands-attack-surface-across-microsoft-365/Thu, 04 Jun 2026 05:41:41 +0000https://gridthegrey.com/posts/microsoft-scout-autonomous-agent-expands-attack-surface-across-microsoft-365/Threat Level: MEDIUMAgentic AILLM SecurityIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessMicrosoft has launched Scout, an always-on autonomous AI agent built on the OpenClaw framework that operates across Microsoft 365 apps including Teams, Outlook, OneDrive, and SharePoint with its own Entra identity. The agent's persistent, unsupervised access to email, calendar, chat, and external systems via MCP creates a broad new attack surface for prompt injection, privilege abuse, and data exfiltration. As an experimental release with limited deployment controls, security teams should treat Scout as a high-risk agentic surface requiring careful governance before broad adoption.https://gridthegrey.com/posts/high-autonomy-ai-agents-with-broad-permissions-pose-enterprise-security-crisis/Thu, 04 Jun 2026 05:40:36 +0000https://gridthegrey.com/posts/high-autonomy-ai-agents-with-broad-permissions-pose-enterprise-security-crisis/Threat Level: HIGHAgentic AILLM SecurityIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0047 - ML-Enabled Product or ServiceAML.T0012 - Valid AccountsAML.T0057 - LLM Data LeakageEnterprises deploying AI agents with elevated permissions and minimal oversight face compounding security risks as agentic systems gain the ability to take real-world actions with limited human intervention. The attack surface expands dramatically when agents can access APIs, execute code, and chain decisions autonomously, making containment of a compromise significantly harder. Security teams must implement least-privilege principles and robust monitoring before agentic deployments scale beyond their ability to govern.https://gridthegrey.com/posts/indirect-prompt-injection-via-notifications-hijacks-google-gemini-on-android/Thu, 04 Jun 2026 05:39:55 +0000https://gridthegrey.com/posts/indirect-prompt-injection-via-notifications-hijacks-google-gemini-on-android/Threat Level: HIGHLLM SecurityPrompt InjectionAgentic AIResearchAML.T0051 - LLM Prompt InjectionAML.T0043 - Craft Adversarial DataAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageSafeBreach researcher Or Yair demonstrated that malicious text embedded in WhatsApp, Slack, SMS, or Signal notifications could trigger indirect prompt injection against Google Gemini's Android Utilities feature, causing the assistant to execute real device actions without user awareness. A novel bypass technique called 'Fake Context Alignment' defeated Google's post-patch authorization checks by exploiting multilingual obfuscation and muted hyperlinks to trick victims into authorising sensitive actions. Google has patched the issue, but the research exposes a fundamentally large attack surface where any app capable of pushing a notification becomes a potential injection vector.https://gridthegrey.com/posts/only-11-of-100-ai-agents-pass-security-and-capability-benchmarks/Thu, 04 Jun 2026 05:38:21 +0000https://gridthegrey.com/posts/only-11-of-100-ai-agents-pass-security-and-capability-benchmarks/Threat Level: HIGHAgentic AILLM SecurityPrompt InjectionResearchIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0054 - LLM JailbreakAdversa AI's AI Risk Quadrant report evaluated 100 AI agents across ten categories, finding that only 11 qualify as both capable and well-defended. The research identifies a structural 'power-protection inversion' where the most capable agents also present the widest attack surface, driven by a 'lethal trifecta' of private data access, exposure to untrusted content, and outbound action capability. Computer and coding agents showed the most severe exposure, raising urgent concerns about autonomous agent deployment in enterprise environments.https://gridthegrey.com/posts/prompt-injection-flaw-in-gemini-voice-assistant-enables-notification-based/Thu, 04 Jun 2026 05:37:37 +0000https://gridthegrey.com/posts/prompt-injection-flaw-in-gemini-voice-assistant-enables-notification-based/Threat Level: HIGHLLM SecurityPrompt InjectionAgentic AIAML.T0051 - LLM Prompt InjectionAML.T0043 - Craft Adversarial DataAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceA prompt injection vulnerability in Google Gemini's voice assistant allows attackers to embed malicious instructions within device notifications, which the assistant then processes as legitimate commands. This attack vector enables social engineering, unauthorized actions, and potential data exfiltration without direct user interaction with the malicious payload. The flaw highlights the growing risk of indirect prompt injection in ambient AI assistants that consume untrusted content from the surrounding environment.https://gridthegrey.com/posts/2000-ai-built-apps-expose-corporate-data-via-misconfigured-vibe-coding-platforms/Sun, 31 May 2026 01:44:50 +0000https://gridthegrey.com/posts/2000-ai-built-apps-expose-corporate-data-via-misconfigured-vibe-coding-platforms/Threat Level: HIGHAgentic AILLM SecuritySupply ChainIndustry NewsAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessA Red Access investigation found over 2,000 corporate applications built on AI-assisted 'vibe-coding' platforms publicly accessible on the open internet, many containing sensitive business data with no access controls. These shadow-built apps connect directly to production systems — CRMs, ERPs, BI tools — creating a new class of unaudited attack surface invisible to conventional security stacks. Traditional controls such as CASB, DLP, and EDR are structurally blind to this threat because the risk originates at the application layer, not the identity or network layer.https://gridthegrey.com/posts/anthropic-documents-sandbox-escape-risks-and-credential-exfiltration-vectors-in/Sun, 31 May 2026 01:34:23 +0000https://gridthegrey.com/posts/anthropic-documents-sandbox-escape-risks-and-credential-exfiltration-vectors-in/Threat Level: MEDIUMLLM SecurityAgentic AIResearchIndustry NewsAML.T0057 - LLM Data LeakageAML.T0051 - LLM Prompt InjectionAML.T0047 - ML-Enabled Product or ServiceAML.T0012 - Valid AccountsAnthropic has published detailed documentation of its sandboxing architecture across Claude.ai, Claude Code, and Claude Cowork, including disclosure of a previously identified credential exfiltration vector via the api.anthropic.com/v1/files endpoint. The writeup covers process-level isolation technologies including gVisor, Seatbelt, Bubblewrap, and full VM approaches, and candidly acknowledges security gaps that were missed. This transparency is notable for the agentic AI space, where sandbox documentation is typically sparse and trust is difficult to calibrate.