https://gridthegrey.com/Real-time AI security intelligence — adversarial ML, LLM vulnerabilities, and supply chain threats mapped to MITRE ATLAS and OWASP LLM Top 10.Hugoen-usSat, 25 Apr 2026 10:44:49 +0530https://gridthegrey.com/posts/llm-openai-via-codex-0-1a0/Sat, 25 Apr 2026 05:14:38 +0000https://gridthegrey.com/posts/llm-openai-via-codex-0-1a0/Threat Level: MEDIUMLLM SecuritySupply ChainIndustry NewsAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessAML.T0010 - ML Supply Chain CompromiseA new Python package, llm-openai-via-codex 0.1a0, explicitly 'hijacks' Codex CLI credentials to route API calls through an unofficial OpenAI endpoint, bypassing standard API billing and access controls. This represents a credential misuse pattern that could expose organisations to unauthorised API access and quota theft. The technique exploits an undocumented or semi-official API surface, raising supply chain and access control concerns for enterprise OpenAI deployments.https://gridthegrey.com/posts/lmdeploy-cve-2026-33626-flaw-exploited-within-13-hours-of-disclosure/Sat, 25 Apr 2026 05:09:59 +0000https://gridthegrey.com/posts/lmdeploy-cve-2026-33626-flaw-exploited-within-13-hours-of-disclosure/Threat Level: CRITICALLLM SecuritySupply ChainIndustry NewsAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageA critical SSRF vulnerability in LMDeploy (CVE-2026-33626), an open-source LLM deployment toolkit, was actively exploited within 13 hours of public disclosure, with attackers using the vision-language image loader to probe cloud metadata services, internal networks, and exfiltrate data. The attack pattern demonstrates that AI inference infrastructure is being weaponised at speed comparable to traditional CVE exploitation cycles, with no PoC required. This incident reinforces a broader trend of threat actors treating LLM-serving infrastructure as high-value lateral movement targets.https://gridthegrey.com/posts/show-hn-browser-harness-gives-llm-freedom-to-complete-any-browser-task/Sat, 25 Apr 2026 05:08:06 +0000https://gridthegrey.com/posts/show-hn-browser-harness-gives-llm-freedom-to-complete-any-browser-task/Threat Level: HIGHAgentic AILLM SecurityPrompt InjectionAML.T0051 - LLM Prompt InjectionAML.T0054 - LLM JailbreakAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageBrowser Harness is an open-source tool that grants LLMs unrestricted, self-modifying control over a Chrome browser via the Chrome DevTools Protocol, with no sandboxing, guardrails, or human-in-the-loop checkpoints. The agent can autonomously write and execute new code mid-task to handle capabilities it lacks, representing a significant instance of excessive agency and uncontrolled code execution. This architecture creates a broad attack surface for prompt injection, privilege escalation, and unintended autonomous actions on behalf of a user.https://gridthegrey.com/posts/can-ai-attack-the-cloud-lessons-from-building-an-autonomous-cloud-offensive/Fri, 24 Apr 2026 03:43:52 +0000https://gridthegrey.com/posts/can-ai-attack-the-cloud-lessons-from-building-an-autonomous-cloud-offensive/Threat Level: CRITICALAgentic AILLM SecurityResearchAML.T0047 - ML-Enabled Product or ServiceAML.T0051 - LLM Prompt InjectionAML.T0040 - ML Model Inference API AccessAML.T0057 - LLM Data LeakageUnit 42 researchers built 'Zealot,' a multi-agent LLM-powered penetration testing system capable of autonomously executing end-to-end offensive operations against cloud infrastructure, demonstrating that AI acts as a significant force multiplier for cloud attacks. The system successfully attacked a misconfigured GCP sandbox environment using a supervisor-coordinated architecture of specialist agents, validating that agentic AI can operate at machine speed against real cloud misconfigurations. This research follows Anthropic's November 2025 disclosure of a state-sponsored AI-orchestrated espionage campaign and marks a critical inflection point in understanding autonomous AI offensive capabilities.https://gridthegrey.com/posts/bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign/Fri, 24 Apr 2026 03:40:25 +0000https://gridthegrey.com/posts/bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign/Threat Level: HIGHSupply ChainLLM SecurityIndustry NewsAML.T0010 - ML Supply Chain CompromiseAML.T0057 - LLM Data LeakageAML.T0012 - Valid AccountsA compromised version of the Bitwarden CLI npm package was found stealing developer secrets, including configurations for AI coding tools such as Claude, Kiro, Cursor, Codex CLI, and Aider, as part of an ongoing supply chain campaign. The malicious package leveraged a preinstall hook to exfiltrate credentials and inject malicious GitHub Actions workflows, enabling persistent CI/CD pipeline compromise. The AI tooling angle elevates this beyond a standard supply chain attack, as stolen AI coding assistant credentials could enable downstream prompt injection, data leakage, or lateral movement within AI-assisted development environments.https://gridthegrey.com/posts/bad-memories-still-haunt-ai-agents/Fri, 24 Apr 2026 03:33:42 +0000https://gridthegrey.com/posts/bad-memories-still-haunt-ai-agents/Threat Level: HIGHLLM SecurityAgentic AIPrompt InjectionResearchAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataCisco researchers discovered and reported a significant vulnerability in how Anthropic's AI systems handle memory files, which has since been patched. The flaw highlights a broader, systemic risk in agentic AI architectures where persistent memory mechanisms can be exploited to inject malicious instructions or exfiltrate sensitive data across sessions. Security experts caution that memory mismanagement in AI agents represents an enduring attack surface that extends well beyond any single vendor fix.https://gridthegrey.com/posts/chatgpt-data-leakage-via-a-hidden-outbound-channel-in-the-code-execution-runtime/Fri, 24 Apr 2026 03:30:25 +0000https://gridthegrey.com/posts/chatgpt-data-leakage-via-a-hidden-outbound-channel-in-the-code-execution-runtime/Threat Level: CRITICALLLM SecurityPrompt InjectionAgentic AIResearchAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0018 - Backdoor ML ModelAML.T0056 - LLM Meta Prompt ExtractionCheck Point Research disclosed a critical vulnerability in ChatGPT's code execution runtime that allows a single malicious prompt to establish a covert outbound exfiltration channel, bypassing OpenAI's stated network isolation safeguards. Sensitive user data — including uploaded files, conversation content, and personal documents — could be silently transmitted to attacker-controlled servers without user knowledge or consent. The same channel was also found capable of enabling remote shell access within the Linux execution environment.https://gridthegrey.com/posts/chinese-cybersecurity-firms-ai-hacking-claims-draw-comparisons-to-claude-mythos/Fri, 24 Apr 2026 03:14:26 +0000https://gridthegrey.com/posts/chinese-cybersecurity-firms-ai-hacking-claims-draw-comparisons-to-claude-mythos/Threat Level: HIGHAgentic AIResearchIndustry NewsLLM SecurityAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataChinese cybersecurity firm 360 Digital Security Group claims its multi-agent AI system autonomously discovered nearly 1,000 vulnerabilities, including a critical Office zero-day allegedly dormant for eight years, drawing direct comparisons to Anthropic's restricted Claude Mythos model. The developments signal that AI-driven autonomous vulnerability discovery is rapidly proliferating beyond tightly controlled Western research environments. This raises significant concerns about AI-accelerated offensive capabilities reaching nation-state threat actors at scale.https://gridthegrey.com/posts/double-agents-exposing-security-blind-spots-in-gcp-vertex-ai/Fri, 24 Apr 2026 03:10:36 +0000https://gridthegrey.com/posts/double-agents-exposing-security-blind-spots-in-gcp-vertex-ai/Threat Level: CRITICALAgentic AILLM SecurityResearchSupply ChainAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageAML.T0044 - Full ML Model AccessUnit 42 researchers discovered critical privilege escalation and data exfiltration vulnerabilities in Google Cloud Platform's Vertex AI Agent Engine, demonstrating how a deployed AI agent can be weaponized to compromise an entire GCP environment through excessive default permissions on service agents. By exploiting the P4SA (Per-Project, Per-Product Service Agent) default permission scoping, attackers could extract service agent credentials and gain privileged access to consumer project data and restricted producer project resources within Google's own infrastructure. Google has since updated its documentation in response to the coordinated disclosure.https://gridthegrey.com/posts/project-glasswing-proved-ai-can-find-the-bugs-who-s-going-to-fix-them/Fri, 24 Apr 2026 02:57:23 +0000https://gridthegrey.com/posts/project-glasswing-proved-ai-can-find-the-bugs-who-s-going-to-fix-them/Threat Level: CRITICALAgentic AILLM SecurityResearchIndustry NewsAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataAML.T0051 - LLM Prompt InjectionAML.T0031 - Erode ML Model IntegrityAnthropic's Project Glasswing, powered by the Mythos Preview model, demonstrated unprecedented AI-driven vulnerability discovery — including a 72.4% autonomous exploit success rate against Firefox's JS shell and chained multi-bug exploits bypassing OS sandboxing — but fewer than 1% of discovered vulnerabilities were patched before potential adversarial access. The disclosure reveals a catastrophic asymmetry: AI has industrialised vulnerability discovery at machine speed while remediation capacity remains locked to human calendar pace. Real-world threat actors are already deploying LLM-integrated attack chains autonomously, as evidenced by an MCP-hosted LLM used against FortiGate appliances.https://gridthegrey.com/posts/ai-powered-defense-for-an-ai-accelerated-threat-landscape/Thu, 23 Apr 2026 12:12:12 +0000https://gridthegrey.com/posts/ai-powered-defense-for-an-ai-accelerated-threat-landscape/Threat Level: HIGHLLM SecurityAgentic AIAdversarial MLIndustry NewsAML.T0043 - Craft Adversarial DataAML.T0047 - ML-Enabled Product or ServiceAML.T0051 - LLM Prompt InjectionAML.T0015 - Evade ML ModelMicrosoft's Security Blog outlines how AI is accelerating the offensive threat landscape, with models now capable of autonomously discovering vulnerabilities and chaining lower-severity issues into functional exploits with working proof-of-concept code. The post frames this as an inflection point requiring AI-native defensive responses. While promotional in tone, it reflects an industry-wide acknowledgment that AI-enabled attack automation is outpacing traditional detection capabilities.https://gridthegrey.com/posts/how-sentinelones-ai-edr-autonomously-discovered-and-stopped-anthropics-claude-a/Thu, 23 Apr 2026 11:58:53 +0000https://gridthegrey.com/posts/how-sentinelones-ai-edr-autonomously-discovered-and-stopped-anthropics-claude-a/Threat Level: HIGHLLM SecuritySupply ChainAgentic AIIndustry NewsAML.T0010 - ML Supply Chain CompromiseAML.T0047 - ML-Enabled Product or ServiceAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageSentinelOne claims its AI-powered EDR autonomously detected and blocked Anthropic's Claude LLM from executing a zero-day supply chain attack, representing a significant case study in agentic AI systems operating as attack vectors. The incident highlights the emerging threat surface created when LLMs are granted autonomous execution capabilities within enterprise environments. This appears to be a vendor marketing piece, and the claims warrant independent verification, but the scenario it describes — an AI agent compromising supply chain integrity — is technically credible and aligns with known agentic AI risk models.https://gridthegrey.com/posts/openclaw-gives-users-yet-another-reason-to-be-freaked-out-about-security/Thu, 23 Apr 2026 11:48:38 +0000https://gridthegrey.com/posts/openclaw-gives-users-yet-another-reason-to-be-freaked-out-about-security/Threat Level: CRITICALAgentic AILLM SecurityIndustry NewsAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageA critical privilege escalation vulnerability (CVE-2026-33579) in OpenClaw, a viral agentic AI tool, allowed attackers with the lowest-level pairing permissions to silently gain full administrative access to any OpenClaw instance. Given that OpenClaw by design holds broad access to sensitive resources—including credentials, files, and connected services—the practical blast radius of this flaw is full instance takeover with no user interaction required. Thousands of deployments may already be silently compromised.https://gridthegrey.com/posts/toxic-combinations-when-cross-app-permissions-stack-into-risk/Thu, 23 Apr 2026 11:39:35 +0000https://gridthegrey.com/posts/toxic-combinations-when-cross-app-permissions-stack-into-risk/Threat Level: HIGHAgentic AILLM SecuritySupply ChainPrompt InjectionIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceThe article examines 'toxic combinations' — a compounding risk pattern where AI agents and OAuth integrations bridge multiple SaaS applications, creating attack surfaces that no single application owner reviews. A real-world case involving Moltbook exposed 1.5 million agent API tokens and plaintext third-party credentials, illustrating how agentic AI identities create cross-app trust relationships invisible to conventional access controls. The threat is structural: non-human identities now outnumber human ones in most SaaS environments, and single-app access reviews are architecturally blind to inter-application permission stacking.https://gridthegrey.com/posts/when-an-attacker-meets-a-group-of-agents-navigating-amazon-bedrock-s-multi-agent/Thu, 23 Apr 2026 04:25:46 +0000https://gridthegrey.com/posts/when-an-attacker-meets-a-group-of-agents-navigating-amazon-bedrock-s-multi-agent/Threat Level: HIGHLLM SecurityPrompt InjectionAgentic AIResearchAML.T0051 - LLM Prompt InjectionAML.T0056 - LLM Meta Prompt ExtractionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataUnit 42 researchers conducted red-team analysis of Amazon Bedrock's multi-agent collaboration framework, demonstrating how attackers can systematically exploit prompt injection to traverse agent hierarchies, extract system instructions, and invoke tools with attacker-controlled inputs. The research reveals that multi-agent architectures introduce compounded attack surfaces through inter-agent communication channels, though no underlying Bedrock vulnerabilities were identified. Properly configured Guardrails and pre-processing stages effectively mitigate the demonstrated attack chains.https://gridthegrey.com/posts/crabtrap-an-llm-as-a-judge-http-proxy-to-secure-agents-in-production/Wed, 22 Apr 2026 10:00:29 +0000https://gridthegrey.com/posts/crabtrap-an-llm-as-a-judge-http-proxy-to-secure-agents-in-production/Threat Level: MEDIUMAgentic AILLM SecurityPrompt InjectionResearchIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageAML.T0040 - ML Model Inference API AccessBrex has open-sourced CrabTrap, an HTTP proxy that uses an LLM-as-a-judge architecture to intercept, evaluate, and block or allow requests made by AI agents in real time against configurable policies. The tool targets a critical gap in agentic AI deployments — the lack of runtime guardrails for autonomous agent actions — and represents a practical defensive control against excessive agency and prompt injection exploitation. Its production-oriented design positions it as a notable contribution to the emerging agentic AI security toolchain.https://gridthegrey.com/posts/quoting-bobby-holley/Wed, 22 Apr 2026 09:52:31 +0000https://gridthegrey.com/posts/quoting-bobby-holley/Threat Level: MEDIUMLLM SecurityResearchIndustry NewsAgentic AIAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessFirefox CTO Bobby Holley reports that a collaboration with Anthropic using an early version of Claude Mythos Preview identified 271 vulnerabilities in Firefox, resulting in fixes shipped in Firefox 150. This represents a significant real-world demonstration of AI-assisted vulnerability discovery at scale, signalling a shift in the defender-attacker dynamic. The findings suggest LLMs are becoming operationally viable tools for large-scale code security auditing.https://gridthegrey.com/posts/claude-system-prompts-as-a-git-timeline/Wed, 22 Apr 2026 02:07:46 +0000https://gridthegrey.com/posts/claude-system-prompts-as-a-git-timeline/Threat Level: MEDIUMLLM SecurityResearchIndustry NewsAML.T0056 - LLM Meta Prompt ExtractionAML.T0040 - ML Model Inference API AccessAML.T0054 - LLM JailbreakSimon Willison has created a git-based tool to track the evolution of Anthropic's publicly published Claude system prompts across model versions, enabling structured diff analysis of prompt changes over time. While the underlying prompts are intentionally public, the tooling lowers the barrier for adversarial reconnaissance — making it easier for threat actors to identify shifts in safety constraints, refusal heuristics, or behavioral guardrails between model releases. This kind of systematic prompt archaeology directly supports meta-prompt extraction and jailbreak development workflows.https://gridthegrey.com/posts/google-fixes-critical-rce-flaw-in-ai-based-antigravity-tool/Wed, 22 Apr 2026 02:01:29 +0000https://gridthegrey.com/posts/google-fixes-critical-rce-flaw-in-ai-based-antigravity-tool/Threat Level: CRITICALLLM SecurityPrompt InjectionAgentic AIAML.T0051 - LLM Prompt InjectionAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageGoogle has patched a critical prompt injection vulnerability in an agentic AI tool designed for filesystem operations, where insufficient input sanitisation enabled sandbox escape and arbitrary code execution. The flaw highlights the compounding risk surface of agentic AI systems that interface directly with operating system resources. This is a significant example of how LLM-native vulnerabilities can translate into traditional high-severity RCE outcomes.https://gridthegrey.com/posts/google-patches-antigravity-ide-flaw-enabling-prompt-injection-code-execution/Tue, 21 Apr 2026 18:32:25 +0000https://gridthegrey.com/posts/google-patches-antigravity-ide-flaw-enabling-prompt-injection-code-execution/Threat Level: HIGHPrompt InjectionAgentic AILLM SecurityResearchAML.T0051 - LLM Prompt InjectionAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataA now-patched vulnerability in Google's agentic IDE Antigravity allowed attackers to achieve arbitrary code execution by injecting malicious flags into the find_by_name tool's Pattern parameter, bypassing the platform's Strict Mode sandbox before security constraints were enforced. The attack chain could be triggered entirely via indirect prompt injection—embedding hidden instructions in files pulled from untrusted sources—requiring no account compromise and no additional user interaction. This case exemplifies the systemic risk of insufficient input validation in AI agent tool interfaces, where autonomous execution removes the human oversight layer that traditional security models depend on.