https://gridthegrey.com/Real-time AI security intelligence — adversarial ML, LLM vulnerabilities, and supply chain threats mapped to MITRE ATLAS and OWASP LLM Top 10.Hugoen-usWed, 06 May 2026 09:47:08 +0530https://gridthegrey.com/posts/bleeding-llama-flaw-exposes-300000-ollama-servers-to-unauthenticated-data-theft/Wed, 06 May 2026 04:16:56 +0000https://gridthegrey.com/posts/bleeding-llama-flaw-exposes-300000-ollama-servers-to-unauthenticated-data-theft/Threat Level: CRITICALLLM SecurityResearchIndustry NewsAML.T0040 - ML Model Inference API AccessAML.T0057 - LLM Data LeakageAML.T0044 - Full ML Model AccessAML.T0043 - Craft Adversarial DataA critical heap out-of-bounds read vulnerability (CVE-2026-7482, CVSS 9.3) in Ollama's GGUF model loader allows unauthenticated remote attackers to exfiltrate sensitive heap memory — including API keys, prompts, and PII — using just three API calls. With approximately 300,000 Ollama instances publicly exposed and no authentication required by default, the attack surface is immediately and broadly exploitable. The vulnerability has been patched in Ollama version 0.17.1, but unpatched internet-facing deployments remain at critical risk.https://gridthegrey.com/posts/crowdstrike-researcher-details-ai-jailbreaking-and-data-poisoning-techniques/Wed, 06 May 2026 04:15:58 +0000https://gridthegrey.com/posts/crowdstrike-researcher-details-ai-jailbreaking-and-data-poisoning-techniques/Threat Level: MEDIUMLLM SecurityJailbreaksAdversarial MLData PoisoningResearchIndustry NewsAML.T0054 - LLM JailbreakAML.T0051 - LLM Prompt InjectionAML.T0020 - Poison Training DataAML.T0043 - Craft Adversarial DataAML.T0015 - Evade ML ModelJoey Melo, Principal Security Researcher at CrowdStrike, outlines his methodology for AI red teaming, focusing on manipulating LLM guardrails through jailbreaking and data poisoning without altering underlying source code. His work, rooted in competitive AI hacking challenges, translates classical adversarial thinking into the emerging field of machine learning security. The profile highlights the growing professionalisation of AI red teaming as organisations seek to harden LLM deployments against real-world manipulation attacks.https://gridthegrey.com/posts/mass-scan-reveals-widespread-authentication-failures-across-exposed-ai/Wed, 06 May 2026 04:15:21 +0000https://gridthegrey.com/posts/mass-scan-reveals-widespread-authentication-failures-across-exposed-ai/Threat Level: HIGHLLM SecurityAgentic AIIndustry NewsResearchJailbreaksAML.T0040 - ML Model Inference API AccessAML.T0044 - Full ML Model AccessAML.T0054 - LLM JailbreakAML.T0057 - LLM Data LeakageAML.T0012 - Valid AccountsAML.T0047 - ML-Enabled Product or ServiceA scan of over one million exposed AI services found pervasive security failures including absent authentication, leaked API keys, and exposed business logic across self-hosted LLM deployments. Agent management platforms such as Flowise and n8n were discovered internet-exposed without access controls, revealing credential lists and internal workflows. The findings indicate systemic misconfiguration risk as enterprises race to self-host AI infrastructure without applying baseline security practices.https://gridthegrey.com/posts/backdoored-pytorch-lightning-package-steals-cloud-credentials-from-ai-developers/Tue, 05 May 2026 05:36:41 +0000https://gridthegrey.com/posts/backdoored-pytorch-lightning-package-steals-cloud-credentials-from-ai-developers/Threat Level: HIGHSupply ChainLLM SecurityIndustry NewsAML.T0010 - ML Supply Chain CompromiseAML.T0018 - Backdoor ML ModelAML.T0012 - Valid AccountsA malicious version of PyTorch Lightning (v2.6.3) was published to PyPI, embedding a hidden execution chain that silently downloads a JavaScript runtime and executes a heavily obfuscated credential-stealing payload dubbed 'ShaiWorm'. The attack targeted AI/ML developers who use this popular deep learning framework, exposing cloud credentials, API keys, browser-stored secrets, and GitHub tokens. The package has since been reverted to a safe version, but any developer who imported the compromised version should rotate all secrets immediately.https://gridthegrey.com/posts/pentagon-deploys-classified-ai-across-seven-tech-giants-for-warfighter-systems/Mon, 04 May 2026 03:28:36 +0000https://gridthegrey.com/posts/pentagon-deploys-classified-ai-across-seven-tech-giants-for-warfighter-systems/Threat Level: HIGHAgentic AISupply ChainRegulatoryIndustry NewsLLM SecurityAML.T0010 - ML Supply Chain CompromiseAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataAML.T0057 - LLM Data LeakageThe US Department of Defense has formalised agreements with seven major technology companies — including Google, Microsoft, OpenAI, and Amazon Web Services — to integrate AI into classified military networks for battlefield decision support. The move raises significant AI security concerns around human oversight, adversarial manipulation of high-stakes AI systems, and supply chain risks introduced by multiple commercial vendors operating within classified environments. Notably, Anthropic was excluded following a public dispute over AI safety and ethics in warfare.https://gridthegrey.com/posts/cross-machine-ai-agent-relay-tool-expands-attack-surface-for-developer/Sun, 03 May 2026 03:31:51 +0000https://gridthegrey.com/posts/cross-machine-ai-agent-relay-tool-expands-attack-surface-for-developer/Threat Level: MEDIUMAgentic AISupply ChainLLM SecurityIndustry NewsAML.T0047 - ML-Enabled Product or ServiceAML.T0010 - ML Supply Chain CompromiseAML.T0051 - LLM Prompt InjectionAML.T0040 - ML Model Inference API AccessLoopsy is an open-source tool enabling cross-machine communication between AI coding agents (Claude Code, Cursor, Codex) and mobile devices via a self-hosted Cloudflare Workers relay. While designed for legitimate developer productivity, the architecture introduces significant attack surface: a relay brokering shell access and AI agent commands across machines is a high-value target for interception, hijacking, or supply chain compromise. Security teams should assess exposure before deploying such tools in sensitive development environments.https://gridthegrey.com/posts/desktop-automation-cli-grants-ai-agents-deep-os-level-control/Sun, 03 May 2026 03:30:02 +0000https://gridthegrey.com/posts/desktop-automation-cli-grants-ai-agents-deep-os-level-control/Threat Level: HIGHAgentic AILLM SecurityPrompt InjectionResearchAML.T0051 - LLM Prompt InjectionAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageAML.T0040 - ML Model Inference API Accessagent-desktop is an open-source Rust CLI tool that exposes full OS accessibility trees to AI agents, enabling programmatic control of any desktop application without screenshots or browser sandboxing. This dramatically expands the attack surface for agentic AI systems, as a compromised or prompt-injected agent could silently manipulate native applications, exfiltrate data, or perform destructive actions across the host OS. The tool's deterministic element references and structured JSON output make it trivially scriptable, lowering the barrier for AI-driven desktop abuse.https://gridthegrey.com/posts/frontier-llms-now-autonomously-breach-corporate-networks-in-aisi-cyber-tests/Sat, 02 May 2026 04:50:23 +0000https://gridthegrey.com/posts/frontier-llms-now-autonomously-breach-corporate-networks-in-aisi-cyber-tests/Threat Level: HIGHLLM SecurityAgentic AIResearchIndustry NewsRegulatoryAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataThe UK's AI Security Institute (AISI) found that OpenAI's GPT-5.5 matches Anthropic's Mythos Preview on cybersecurity benchmarks, including a 32-step simulated corporate network intrusion. Both models successfully completed the 'The Last Ones' data-extraction simulation — a first for any AI system — suggesting autonomous offensive cyber capability is a general frontier-model property, not a one-vendor breakthrough. The findings raise urgent questions about responsible release practices and the pace at which LLMs can independently execute multi-stage attacks.https://gridthegrey.com/posts/premature-ai-agent-deployments-expose-production-systems-to-destructive-actions/Sat, 02 May 2026 04:45:09 +0000https://gridthegrey.com/posts/premature-ai-agent-deployments-expose-production-systems-to-destructive-actions/Threat Level: HIGHAgentic AILLM SecurityIndustry NewsAML.T0047 - ML-Enabled Product or ServiceAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageOrganisations are deploying AI agents into production environments without adequate security testing, resulting in destructive outcomes such as unintended deletion of production databases. The core risk is excessive agency granted to AI systems before trust boundaries and guardrails are established. This represents a systemic industry failure to apply basic security principles before integrating autonomous AI tooling into critical infrastructure.https://gridthegrey.com/posts/anthropic-launches-claude-security-to-close-ai-accelerated-exploit-window/Fri, 01 May 2026 07:06:29 +0000https://gridthegrey.com/posts/anthropic-launches-claude-security-to-close-ai-accelerated-exploit-window/Threat Level: HIGHLLM SecurityAgentic AIIndustry NewsResearchAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataAnthropic has released Claude Security in public beta, a dedicated vulnerability scanning product aimed at countering the accelerating threat of AI-powered exploitation exemplified by its own Mythos model. The tool integrates directly into Claude Enterprise, scanning repositories for vulnerabilities, providing confidence-rated findings, and generating targeted patches — compressing the security team-to-engineer remediation cycle from days to a single session. The launch reflects a broader industry acknowledgment that frontier AI models in adversarial hands are fundamentally shortening time-to-exploit, forcing defenders to adopt equivalent AI-native tooling.https://gridthegrey.com/posts/cvss-10-gemini-cli-flaw-turns-ci-cd-pipelines-into-rce-attack-vectors/Fri, 01 May 2026 06:54:32 +0000https://gridthegrey.com/posts/cvss-10-gemini-cli-flaw-turns-ci-cd-pipelines-into-rce-attack-vectors/Threat Level: CRITICALLLM SecurityAgentic AISupply ChainPrompt InjectionAML.T0051 - LLM Prompt InjectionAML.T0010 - ML Supply Chain CompromiseAML.T0047 - ML-Enabled Product or ServiceGoogle has patched a maximum-severity (CVSS 10.0) vulnerability in its Gemini CLI tooling that allowed unauthenticated attackers to achieve remote code execution by planting malicious configuration files in workspace directories automatically trusted by the agent in headless/CI mode. The flaw effectively weaponised CI/CD pipelines as supply chain attack paths, bypassing sandbox protections entirely before they could initialise. A secondary issue in '--yolo' mode further enabled prompt injection to trigger unrestricted shell command execution.https://gridthegrey.com/posts/openai-launches-phishing-resistant-security-mode-for-high-risk-chatgpt-accounts/Fri, 01 May 2026 04:42:27 +0000https://gridthegrey.com/posts/openai-launches-phishing-resistant-security-mode-for-high-risk-chatgpt-accounts/Threat Level: MEDIUMLLM SecurityIndustry NewsRegulatoryAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceOpenAI has introduced Advanced Account Security, an optional hardened authentication mode for ChatGPT and Codex users who face elevated risk of account takeover, including journalists, dissidents, and researchers. The feature enforces passkey or physical security key authentication, eliminates SMS/email recovery routes, and removes OpenAI support team access to recovery options to block social engineering attacks. Members of OpenAI's Trusted Access for Cyber programme will be mandated to enable it or provide equivalent enterprise SSO attestation by June 1.https://gridthegrey.com/posts/uk-ai-security-institute-finds-gpt-5-5-matches-claude-mythos-in-cyber/Fri, 01 May 2026 04:37:05 +0000https://gridthegrey.com/posts/uk-ai-security-institute-finds-gpt-5-5-matches-claude-mythos-in-cyber/Threat Level: HIGHLLM SecurityResearchIndustry NewsRegulatoryAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataThe UK's AI Security Institute has evaluated OpenAI's GPT-5.5 for offensive cybersecurity capabilities, finding it comparable to Anthropic's Claude Mythos model in identifying security vulnerabilities. Unlike Mythos, GPT-5.5 is generally available, meaning its vulnerability-discovery capabilities are accessible to a broad population including malicious actors. This raises significant concerns about the proliferation of AI-assisted exploitation tools at scale.https://gridthegrey.com/posts/ai-powered-honeypots-expose-blind-spots-in-automated-malicious-ai-agents/Thu, 30 Apr 2026 05:34:41 +0000https://gridthegrey.com/posts/ai-powered-honeypots-expose-blind-spots-in-automated-malicious-ai-agents/Threat Level: MEDIUMAgentic AILLM SecurityResearchPrompt InjectionAML.T0051 - LLM Prompt InjectionAML.T0043 - Craft Adversarial DataAML.T0047 - ML-Enabled Product or ServiceAML.T0015 - Evade ML ModelCisco Talos researcher Martin Lee demonstrates how generative AI can be used to rapidly deploy adaptive honeypot systems that deceive and study AI-driven attack agents. The technique exploits a fundamental weakness in AI agents — their lack of situational awareness — causing them to interact with simulated vulnerable systems as if they were real targets. This defensive approach shifts the paradigm from passive detection to active manipulation, giving defenders new insight into automated threat actor methodologies.https://gridthegrey.com/posts/dprk-actors-use-claude-llm-to-inject-malware-into-npm-supply-chain/Thu, 30 Apr 2026 05:33:29 +0000https://gridthegrey.com/posts/dprk-actors-use-claude-llm-to-inject-malware-into-npm-supply-chain/Threat Level: HIGHSupply ChainAgentic AILLM SecurityIndustry NewsAML.T0010 - ML Supply Chain CompromiseAML.T0047 - ML-Enabled Product or ServiceAML.T0019 - Publish Poisoned DatasetsAML.T0057 - LLM Data LeakageNorth Korean threat group Famous Chollima (Shifty Corsair) has weaponised AI-assisted code generation to embed malicious npm packages into autonomous AI agent projects, targeting cryptocurrency wallets. The campaign, dubbed PromptMink, exploited Anthropic's Claude Opus to co-author a malicious dependency commit, demonstrating a novel abuse of LLM coding agents for supply chain infiltration. The attack uses a multi-layer dependency structure to evade detection, with second-layer malicious packages swiftly rotated when identified.https://gridthegrey.com/posts/sql-injection-in-litellm-proxy-exposes-llm-provider-keys-within-36-hours/Thu, 30 Apr 2026 05:32:40 +0000https://gridthegrey.com/posts/sql-injection-in-litellm-proxy-exposes-llm-provider-keys-within-36-hours/Threat Level: CRITICALLLM SecuritySupply ChainIndustry NewsAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceAML.T0010 - ML Supply Chain CompromiseAML.T0057 - LLM Data LeakageA critical SQL injection vulnerability (CVE-2026-42208, CVSS 9.3) in BerriAI's LiteLLM AI gateway was actively exploited within 36 hours of public disclosure, targeting database tables storing upstream LLM provider API keys including OpenAI, Anthropic, and AWS Bedrock credentials. Attackers demonstrated prior knowledge of LiteLLM's internal schema, selectively probing credential and configuration tables while ignoring user and team tables. The blast radius extends far beyond a typical web-app SQL injection, as successful extraction equates to cloud-account-level compromise across multiple AI provider accounts.https://gridthegrey.com/posts/agentic-ai-defense-costs-spiral-as-adversarial-attack-volume-surges/Wed, 29 Apr 2026 13:33:26 +0000https://gridthegrey.com/posts/agentic-ai-defense-costs-spiral-as-adversarial-attack-volume-surges/Threat Level: MEDIUMAgentic AILLM SecurityIndustry NewsAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessSevii's Cyber Swarm Defense launch highlights a structural tension in enterprise AI security: the token-based cost model of agentic AI defense becomes unpredictable and potentially unsustainable as adversarial attack volume increases. CISOs face a compounding risk where budget exhaustion mid-attack could force a fallback to understaffed human teams. The article also references Claude Mythos as a frontier model enabling higher-volume adversarial campaigns, underscoring the asymmetric cost burden between attackers and defenders.https://gridthegrey.com/posts/fido-alliance-launches-standards-push-to-secure-ai-agent-transactions/Wed, 29 Apr 2026 07:16:53 +0000https://gridthegrey.com/posts/fido-alliance-launches-standards-push-to-secure-ai-agent-transactions/Threat Level: HIGHAgentic AILLM SecurityRegulatoryIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0047 - ML-Enabled Product or ServiceAML.T0012 - Valid AccountsAML.T0057 - LLM Data LeakageThe FIDO Alliance, backed by Google and Mastercard, is forming working groups to establish cryptographic standards for authenticating AI agent-initiated transactions, addressing risks like agent hijacking, prompt injection, and unauthorised financial actions. The initiative responds to a growing attack surface where agentic AI systems act on behalf of users without adequate authentication frameworks. Google's Agent Payments Protocol (AP2) and Mastercard's Verifiable Intent framework are being contributed as open-source foundations for the effort.https://gridthegrey.com/posts/pre-auth-sqli-flaw-in-litellm-gateway-actively-exploited-to-steal-ai-credentials/Wed, 29 Apr 2026 07:15:26 +0000https://gridthegrey.com/posts/pre-auth-sqli-flaw-in-litellm-gateway-actively-exploited-to-steal-ai-credentials/Threat Level: CRITICALLLM SecuritySupply ChainIndustry NewsAML.T0040 - ML Model Inference API AccessAML.T0012 - Valid AccountsAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageAML.T0010 - ML Supply Chain CompromiseA critical unauthenticated SQL injection vulnerability (CVE-2026-42208) in LiteLLM, a widely-used LLM proxy and SDK middleware, is being actively exploited to extract API keys, provider credentials, and configuration secrets from the proxy database. Exploitation began within 36 hours of public disclosure, with attackers demonstrating precise targeting of sensitive tables containing OpenAI, Anthropic, and Bedrock credentials. The stolen credentials could enable downstream attacks against AI infrastructure at scale, given LiteLLM's broad adoption across LLM application ecosystems.https://gridthegrey.com/posts/welcoming-llama-guard-4-on-hugging-face-hub/Tue, 28 Apr 2026 05:53:37 +0000https://gridthegrey.com/posts/welcoming-llama-guard-4-on-hugging-face-hub/Threat Level: LOWLLM SecurityJailbreaksPrompt InjectionResearchIndustry NewsAML.T0054 - LLM JailbreakAML.T0051 - LLM Prompt InjectionAML.T0043 - Craft Adversarial DataAML.T0047 - ML-Enabled Product or ServiceMeta has released Llama Guard 4, a 12B multimodal safety classifier designed to detect and filter unsafe content in both image and text inputs/outputs for production LLM deployments. The model addresses jailbreak attempts and harmful content generation across 14 hazard categories defined by the MLCommons taxonomy. Alongside it, two lightweight Llama Prompt Guard 2 classifiers (86M and 22M parameters) target prompt injection and prompt attack detection.