<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>GRID THE GREY — AI Threat Intelligence | GRID THE GREY</title><link>https://gridthegrey.com/</link><description>Real-time AI security intelligence — adversarial ML, LLM vulnerabilities, and supply chain threats mapped to MITRE ATLAS and OWASP LLM Top 10.</description><generator>Hugo</generator><language>en-us</language><copyright/><lastBuildDate>Mon, 13 Jul 2026 11:47:53 +0530</lastBuildDate><atom:link href="https://gridthegrey.com/index.xml" rel="self" type="application/rss+xml"/><item><title>OpenAI GPT-5.6 Sol Ships Faster Parallel Tool-Use for Agents</title><link>https://gridthegrey.com/posts/openai-gpt-5-6-sol-ships-faster-parallel-tool-use-for-agents/</link><pubDate>Mon, 13 Jul 2026 06:00:02 +0000</pubDate><guid>https://gridthegrey.com/posts/openai-gpt-5-6-sol-ships-faster-parallel-tool-use-for-agents/</guid><category>Threat Level: MEDIUM</category><category>First Look</category><category>Agentic AI</category><category>LLM Security</category><category>Supply Chain</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0057 - LLM Data Leakage</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0040 - ML Model Inference API Access</category><category>AML.T0056 - LLM Meta Prompt Extraction</category><description>Ploy's migration guide documents GPT-5.6 Sol, OpenAI's new flagship model, which delivers significantly faster agentic task completion through aggressive parallel tool-call fanning — a behavioural departure from previous models. For defenders, this parallelism expands the blast radius of a compromised agent session, as more tool calls execute concurrently before any human or automated review can intercept them. Teams running production agents should reassess tool-call budgets, rate limits, and tracing assumptions that were calibrated to sequential incumbents like Claude Opus.</description></item><item><title>Meta Launches Muse Image with Public Instagram Photo Reuse</title><link>https://gridthegrey.com/posts/meta-launches-muse-image-with-public-instagram-photo-reuse/</link><pubDate>Mon, 13 Jul 2026 05:22:39 +0000</pubDate><guid>https://gridthegrey.com/posts/meta-launches-muse-image-with-public-instagram-photo-reuse/</guid><category>Threat Level: HIGH</category><category>First Look</category><category>LLM Security</category><category>Adversarial ML</category><category>Industry News</category><category>Regulatory</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0043 - Craft Adversarial Data</category><category>AML.T0040 - ML Model Inference API Access</category><category>AML.T0057 - LLM Data Leakage</category><description>Meta's Muse Image model, embedded across its platform family, allows any user to @-mention a public Instagram account and generate AI imagery using that account's public photos and videos — enabled by default with no notification to the subject. This creates significant non-consensual identity and likeness risks at scale, enabling synthetic media abuse, disinformation campaigns, and social engineering lures built from harvested public profile content. Defenders and enterprise security teams should treat this as a new mass-scale OSINT-to-deepfake pipeline that lowers the technical barrier for targeted impersonation attacks to near zero.</description></item><item><title>Estonia Launches State-Issued Digital IDs for AI Agents</title><link>https://gridthegrey.com/posts/estonia-launches-state-issued-digital-ids-for-ai-agents/</link><pubDate>Mon, 13 Jul 2026 05:20:25 +0000</pubDate><guid>https://gridthegrey.com/posts/estonia-launches-state-issued-digital-ids-for-ai-agents/</guid><category>Threat Level: HIGH</category><category>First Look</category><category>Agentic AI</category><category>Regulatory</category><category>LLM Security</category><category>AML.T0012 - Valid Accounts</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0040 - ML Model Inference API Access</category><category>AML.T0057 - LLM Data Leakage</category><description>Estonia is piloting a framework to issue government-recognised digital identity credentials to AI agents, enabling them to act on behalf of citizens in official government processes. This creates a novel identity and authorisation attack surface where compromised or spoofed agent identities could perform legally consequential government actions without human oversight. Defenders must urgently assess how agent identity verification, credential revocation, and delegation chains are enforced within this new trust model.</description></item><item><title>AI Widens Skill-Ability Gap, Enabling Autonomous Cyberattacks</title><link>https://gridthegrey.com/posts/ai-widens-skill-ability-gap-enabling-autonomous-cyberattacks/</link><pubDate>Mon, 13 Jul 2026 05:19:07 +0000</pubDate><guid>https://gridthegrey.com/posts/ai-widens-skill-ability-gap-enabling-autonomous-cyberattacks/</guid><category>Threat Level: HIGH</category><category>Agentic AI</category><category>LLM Security</category><category>Regulatory</category><category>Industry News</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0054 - LLM Jailbreak</category><category>AML.T0040 - ML Model Inference API Access</category><description>A Five Eyes joint advisory and Bruce Schneier's analysis highlight how AI systems are dramatically lowering the barrier to sophisticated cyberattacks by decoupling skill from ability. Open-source and frontier models can autonomously execute network intrusions, ransomware deployment, and data theft with minimal user expertise. The piece argues that guardrails from major AI vendors are insufficient, as uncensored open-source models circulate freely and continue to improve.</description></item><item><title>OpenAI Expands ChatGPT Into Family and Caregiver Households</title><link>https://gridthegrey.com/posts/openai-expands-chatgpt-into-family-and-caregiver-households/</link><pubDate>Sun, 12 Jul 2026 04:28:05 +0000</pubDate><guid>https://gridthegrey.com/posts/openai-expands-chatgpt-into-family-and-caregiver-households/</guid><category>Threat Level: MEDIUM</category><category>First Look</category><category>LLM Security</category><category>Jailbreaks</category><category>Regulatory</category><category>Industry News</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0054 - LLM Jailbreak</category><category>AML.T0056 - LLM Meta Prompt Extraction</category><category>AML.T0057 - LLM Data Leakage</category><category>AML.T0012 - Valid Accounts</category><category>AML.T0047 - ML-Enabled Product or Service</category><description>OpenAI is building dedicated family-oriented product experiences for ChatGPT, targeting parents, caregivers, and older adults as adoption among users aged 35 and older accelerates. This household expansion introduces a high-value, trust-sensitive attack surface where vulnerable populations — including minors and elderly users — interact with AI systems that were not originally designed with their safety profiles in mind. Security teams and child-safety advocates should anticipate increased adversarial interest in manipulating family-mode guardrails, extracting parental oversight credentials, and exploiting the trust asymmetry between caregivers and AI-mediated household experiences.</description></item><item><title>Iroh Launches Mesh LLM for Distributed AI Across Peer Nodes</title><link>https://gridthegrey.com/posts/iroh-launches-mesh-llm-for-distributed-ai-across-peer-nodes/</link><pubDate>Sun, 12 Jul 2026 04:22:19 +0000</pubDate><guid>https://gridthegrey.com/posts/iroh-launches-mesh-llm-for-distributed-ai-across-peer-nodes/</guid><category>Threat Level: HIGH</category><category>First Look</category><category>Supply Chain</category><category>LLM Security</category><category>Agentic AI</category><category>Model Theft</category><category>AML.T0010 - ML Supply Chain Compromise</category><category>AML.T0018 - Backdoor ML Model</category><category>AML.T0040 - ML Model Inference API Access</category><category>AML.T0044 - Full ML Model Access</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0057 - LLM Data Leakage</category><category>AML.T0031 - Erode ML Model Integrity</category><category>AML.T0012 - Valid Accounts</category><description>Mesh LLM on iroh enables teams to pool GPUs across arbitrary machines into a single OpenAI-compatible inference endpoint, distributing model layers peer-to-peer over authenticated QUIC connections with no central server. This dramatically expands the attack surface for defenders: the decentralised, pluggable architecture introduces new vectors for node impersonation, malicious plugin injection, inter-stage activation tampering, and supply chain compromise across every participating endpoint. Security teams evaluating self-hosted or federated AI deployments must treat each mesh peer as a potential adversary boundary, not a trusted internal resource.</description></item><item><title>HalluSquatting Exploits AI Hallucinations for Botnet RCE</title><link>https://gridthegrey.com/posts/hallusquatting-exploits-ai-hallucinations-for-botnet-rce/</link><pubDate>Sun, 12 Jul 2026 04:21:16 +0000</pubDate><guid>https://gridthegrey.com/posts/hallusquatting-exploits-ai-hallucinations-for-botnet-rce/</guid><category>Threat Level: HIGH</category><category>LLM Security</category><category>Supply Chain</category><category>Adversarial ML</category><category>Research</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0043 - Craft Adversarial Data</category><category>AML.T0010 - ML Supply Chain Compromise</category><description>Researchers have demonstrated a novel attack technique called 'HalluSquatting', which weaponises AI hallucinations by registering fake package names that LLMs fabricate, turning them into malware delivery vectors. When developers trust AI-recommended dependencies and install the squatted packages, attackers can achieve remote code execution and potentially recruit victim machines into botnets. The technique represents a significant escalation in the practical exploitation of LLM hallucinations beyond misinformation into active infrastructure compromise.</description></item><item><title>OpenClaw AI Assistant Flaws Enable WhatsApp-to-Host RCE</title><link>https://gridthegrey.com/posts/openclaw-ai-assistant-flaws-enable-whatsapp-to-host-rce/</link><pubDate>Sat, 11 Jul 2026 16:47:26 +0000</pubDate><guid>https://gridthegrey.com/posts/openclaw-ai-assistant-flaws-enable-whatsapp-to-host-rce/</guid><category>Threat Level: CRITICAL</category><category>Agentic AI</category><category>LLM Security</category><category>Research</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0057 - LLM Data Leakage</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0012 - Valid Accounts</category><description>Three high-severity vulnerabilities in OpenClaw, a personal AI assistant, have been chained to enable remote code execution on the host system via a WhatsApp message, requiring no prior foothold. The flaws—covering OS command injection, incomplete input filtering, and path traversal—allow sandbox escape, credential theft, and privilege escalation. All three have been patched in OpenClaw version 2026.6.6, but unpatched deployments remain at significant risk.</description></item><item><title>Netwrix Analysis: AI Agents Widen the Non-Human Identity Gap</title><link>https://gridthegrey.com/posts/netwrix-analysis-ai-agents-widen-the-non-human-identity-gap/</link><pubDate>Sat, 11 Jul 2026 16:41:38 +0000</pubDate><guid>https://gridthegrey.com/posts/netwrix-analysis-ai-agents-widen-the-non-human-identity-gap/</guid><category>Threat Level: HIGH</category><category>First Look</category><category>Agentic AI</category><category>LLM Security</category><category>Industry News</category><category>AML.T0012 - Valid Accounts</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0057 - LLM Data Leakage</category><category>AML.T0040 - ML Model Inference API Access</category><description>A Netwrix-sponsored analysis highlights how AI agents are rapidly proliferating machine identities inside enterprise environments, creating credentials and inheriting permissions far faster than existing identity governance can track. The core risk is that AI agents operate outside traditional human-lifecycle identity controls, leaving security teams unable to enumerate what exists, who owns it, or what it can access. Defenders face an expanding blind spot where a single compromised agent credential can chain laterally across cloud services, SaaS platforms, and secrets stores — as demonstrated by the UNC6395/Drift OAuth campaign against Salesforce environments in 2025.</description></item><item><title>Ghostcommit PoC Embeds Prompt Injection in PNG to Steal Repo Secrets</title><link>https://gridthegrey.com/posts/ghostcommit-poc-embeds-prompt-injection-in-png-to-steal-repo-secrets/</link><pubDate>Sat, 11 Jul 2026 16:39:30 +0000</pubDate><guid>https://gridthegrey.com/posts/ghostcommit-poc-embeds-prompt-injection-in-png-to-steal-repo-secrets/</guid><category>Threat Level: CRITICAL</category><category>First Look</category><category>Prompt Injection</category><category>Agentic AI</category><category>Supply Chain</category><category>LLM Security</category><category>Research</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0057 - LLM Data Leakage</category><category>AML.T0043 - Craft Adversarial Data</category><category>AML.T0010 - ML Supply Chain Compromise</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0015 - Evade ML Model</category><description>Researchers from UMKC's ASSET Research Group have published a proof-of-concept attack called Ghostcommit that hides malicious prompt injection instructions inside PNG image files referenced by AGENTS.md convention files, causing AI coding agents to silently exfiltrate repository secrets. The technique exploits a blind spot shared by multiple AI code review tools — including CodeRabbit and Bugbot — which exclude or ignore binary image files from analysis, allowing the payload to survive review undetected. Defenders operating AI-assisted development pipelines must treat image files in agentic context paths as a new, uncontrolled input surface and reassess trust boundaries around automatically-ingested project convention files.</description></item><item><title>Microsoft MDASH Brings AI-Powered Windows Vulnerability Discovery</title><link>https://gridthegrey.com/posts/microsoft-mdash-brings-ai-powered-windows-vulnerability-discovery/</link><pubDate>Fri, 10 Jul 2026 04:28:07 +0000</pubDate><guid>https://gridthegrey.com/posts/microsoft-mdash-brings-ai-powered-windows-vulnerability-discovery/</guid><category>Threat Level: HIGH</category><category>First Look</category><category>Agentic AI</category><category>Supply Chain</category><category>Industry News</category><category>AML.T0010 - ML Supply Chain Compromise</category><category>AML.T0020 - Poison Training Data</category><category>AML.T0031 - Erode ML Model Integrity</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0043 - Craft Adversarial Data</category><description>Microsoft has deployed MDASH (Multi-model Agentic Scanning Harness), an AI-powered agentic system that autonomously scans Windows binaries for vulnerabilities and validates findings through multiple AI models before human engineer review. The accelerated discovery pipeline means defenders will see a higher volume of Patch Tuesday fixes, compressing patch deployment windows and increasing pressure on enterprise patch management processes. Simultaneously, the same AI-accelerated vulnerability discovery capability is available to adversaries, raising the risk that threat actors identify and weaponise flaws faster than Microsoft's pipeline can remediate them.</description></item><item><title>FableCut Ships AI-Drivable Browser Video Editor via MCP and REST</title><link>https://gridthegrey.com/posts/fablecut-ships-ai-drivable-browser-video-editor-via-mcp-and-rest/</link><pubDate>Fri, 10 Jul 2026 04:27:18 +0000</pubDate><guid>https://gridthegrey.com/posts/fablecut-ships-ai-drivable-browser-video-editor-via-mcp-and-rest/</guid><category>Threat Level: MEDIUM</category><category>First Look</category><category>Agentic AI</category><category>Prompt Injection</category><category>LLM Security</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0057 - LLM Data Leakage</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0043 - Craft Adversarial Data</category><category>AML.T0040 - ML Model Inference API Access</category><description>FableCut is a zero-dependency, browser-based non-linear video editor that exposes its entire timeline as a JSON document and accepts live control from AI agents via MCP (Model Context Protocol) and REST APIs, enabling tools like Claude Code or Claude Desktop to autonomously edit video. This agent-accessible media pipeline introduces meaningful new attack surface: any AI agent granted MCP/REST access can read, overwrite, or poison the JSON timeline, and a compromised or prompt-injected agent could silently alter exported video content. Defenders managing AI agent workflows that touch media pipelines should treat this as an unsandboxed tool-use endpoint requiring strict authZ, input validation, and output integrity checks.</description></item><item><title>AI Agents Emerge as a New Identity Class Orgs Must Secure</title><link>https://gridthegrey.com/posts/ai-agents-emerge-as-a-new-identity-class-orgs-must-secure/</link><pubDate>Fri, 10 Jul 2026 04:26:27 +0000</pubDate><guid>https://gridthegrey.com/posts/ai-agents-emerge-as-a-new-identity-class-orgs-must-secure/</guid><category>Threat Level: HIGH</category><category>First Look</category><category>Agentic AI</category><category>LLM Security</category><category>AML.T0012 - Valid Accounts</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0057 - LLM Data Leakage</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0056 - LLM Meta Prompt Extraction</category><description>AI agents are being recognised as a distinct identity type that cannot be adequately governed using legacy service account or API token frameworks, requiring purpose-built identity and access management approaches. For defenders, this gap means agents operating today are likely over-privileged, under-monitored, and outside existing IAM policy scope. Security teams face an immediate challenge in extending least-privilege, auditability, and lifecycle management controls to autonomous agent identities before adversaries exploit the blind spot.</description></item><item><title>CVE-2026-12958: GhostApproval Symlink Attack on Coding Agents</title><link>https://gridthegrey.com/posts/ghostapproval-symlink-flaw-hits-six-ai-coding-agents/</link><pubDate>Thu, 09 Jul 2026 07:05:14 +0000</pubDate><guid>https://gridthegrey.com/posts/ghostapproval-symlink-flaw-hits-six-ai-coding-agents/</guid><category>Threat Level: HIGH</category><category>Agentic AI</category><category>LLM Security</category><category>Prompt Injection</category><category>Supply Chain</category><category>Research</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0010 - ML Supply Chain Compromise</category><category>AML.T0057 - LLM Data Leakage</category><description>Wiz researchers disclosed GhostApproval, a symlink-based attack affecting six AI coding assistants — Amazon Q Developer, Claude Code, Augment, Cursor, Google Antigravity, and Windsurf — that allows malicious repositories to write attacker-controlled content to sensitive files such as SSH authorized_keys or shell startup scripts. The core failure is an informed-consent bypass: the agent's approval dialog names a harmless file while the write targets a sensitive one, or in some tools the write completes before any prompt appears. Three vendors have patched, two have not, and Anthropic disputes the classification as a vulnerability.</description></item><item><title>Prompt Injection Attacks Claude Code and Codex Execution</title><link>https://gridthegrey.com/posts/friendly-fire-claude-code-and-codex-run-attacker-code-via-readme/</link><pubDate>Thu, 09 Jul 2026 07:05:14 +0000</pubDate><guid>https://gridthegrey.com/posts/friendly-fire-claude-code-and-codex-run-attacker-code-via-readme/</guid><category>Threat Level: HIGH</category><category>Prompt Injection</category><category>Agentic AI</category><category>LLM Security</category><category>Supply Chain</category><category>Research</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0010 - ML Supply Chain Compromise</category><category>AML.T0043 - Craft Adversarial Data</category><description>Researchers at the AI Now Institute have demonstrated a proof-of-concept attack dubbed 'Friendly Fire' that tricks AI coding agents — specifically Anthropic's Claude Code and OpenAI's Codex in autonomous mode — into executing malicious binaries while performing routine security reviews. The attack embeds a disguised payload inside an open-source library and uses a plain README.md instruction to direct the agent to run a malicious shell script, bypassing existing trust-prompt defences. Because the weakness is architectural rather than version-specific, no patch exists; mitigation requires workflow changes.</description></item><item><title>DPAPI Abuse in Claude Code and Cursor Triggers EDR</title><link>https://gridthegrey.com/posts/ai-coding-agents-trigger-edr-rules-via-dpapi-and-lolbas/</link><pubDate>Thu, 09 Jul 2026 06:48:39 +0000</pubDate><guid>https://gridthegrey.com/posts/ai-coding-agents-trigger-edr-rules-via-dpapi-and-lolbas/</guid><category>Threat Level: HIGH</category><category>Agentic AI</category><category>LLM Security</category><category>Industry News</category><category>Research</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0057 - LLM Data Leakage</category><description>Sophos telemetry from June 2026 reveals that AI coding agents including Claude Code, Cursor, and OpenAI Codex are triggering endpoint detection rules designed to catch human attackers, performing actions such as DPAPI-based credential decryption, Windows Credential Manager enumeration, and persistence via startup folder writes. The behaviour is not malicious in intent, but the agents exhibit attacker-like pivot-when-blocked logic and abuse legitimate Windows utilities in ways indistinguishable from living-off-the-land intrusions. This blurring of the line between benign automation and attack tradecraft creates significant noise for defenders and may erode confidence in high-fidelity detection rules.</description></item><item><title>Y Combinator Ships Agentic Code Generation at 37K Lines Daily</title><link>https://gridthegrey.com/posts/first-look-y-combinator-s-garry-tan-deploys-agentic-ai-for-high-volume-code/</link><pubDate>Wed, 08 Jul 2026 12:06:51 +0000</pubDate><guid>https://gridthegrey.com/posts/first-look-y-combinator-s-garry-tan-deploys-agentic-ai-for-high-volume-code/</guid><category>Threat Level: MEDIUM</category><category>First Look</category><category>Agentic AI</category><category>Supply Chain</category><category>LLM Security</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0010 - ML Supply Chain Compromise</category><category>AML.T0057 - LLM Data Leakage</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0031 - Erode ML Model Integrity</category><description>Y Combinator CEO Garry Tan has publicly claimed to ship approximately 37,000 lines of AI-generated code per day using agentic coding tools, and an independent developer analysis has revealed the underlying mechanics of this workflow. This level of AI-assisted code velocity introduces meaningful security concerns around code provenance, supply chain integrity, and the reduced human review time per line of shipped code. Defenders should treat high-velocity AI code pipelines as a new supply chain risk category requiring dedicated SAST/DAST tooling and policy controls.</description></item><item><title>Google Gemini Abused for Phishing-as-a-Service</title><link>https://gridthegrey.com/posts/phishing-as-a-service-ring-weaponises-gemini-to-clone-government-sites/</link><pubDate>Wed, 08 Jul 2026 12:04:07 +0000</pubDate><guid>https://gridthegrey.com/posts/phishing-as-a-service-ring-weaponises-gemini-to-clone-government-sites/</guid><category>Threat Level: HIGH</category><category>LLM Security</category><category>Jailbreaks</category><category>Industry News</category><category>Regulatory</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0043 - Craft Adversarial Data</category><category>AML.T0054 - LLM Jailbreak</category><description>A Chinese cybercriminal group called Outsider Enterprise exploited Google's Gemini AI to mass-produce phishing pages impersonating Google, YouTube, and government agencies like E-ZPass, offering nearly 300 scam templates via Telegram. Google has filed suit and coordinated with major US carriers to block the resulting smishing campaigns. The case highlights how generative AI lowers the technical barrier for large-scale phishing operations and stress-tests provider-side content controls.</description></item><item><title>Writer AI Session Token Leak Enables Account Takeover</title><link>https://gridthegrey.com/posts/session-token-leak-in-writer-ai-enables-cross-tenant-account-takeover/</link><pubDate>Wed, 08 Jul 2026 12:02:28 +0000</pubDate><guid>https://gridthegrey.com/posts/session-token-leak-in-writer-ai-enables-cross-tenant-account-takeover/</guid><category>Threat Level: CRITICAL</category><category>LLM Security</category><category>Agentic AI</category><category>Research</category><category>First Look</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0057 - LLM Data Leakage</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0012 - Valid Accounts</category><category>AML.T0040 - ML Model Inference API Access</category><description>A critical vulnerability dubbed WriteOut in the Writer enterprise AI platform allowed attackers to hijack victim session tokens across organisational boundaries using a malicious agent preview link. The flaw exploited Writer's live preview sandbox, which incorrectly forwarded authenticated session cookies into attacker-controlled execution environments. Writer has patched the issue by isolating sandbox origins and stripping session cookies from preview requests.</description></item><item><title>Anthropic Mythos LLM Scans Federal Software for Vulnerabilities</title><link>https://gridthegrey.com/posts/cisa-deploys-anthropic-llm-to-audit-government-software-attack-surfaces/</link><pubDate>Wed, 08 Jul 2026 11:59:32 +0000</pubDate><guid>https://gridthegrey.com/posts/cisa-deploys-anthropic-llm-to-audit-government-software-attack-surfaces/</guid><category>Threat Level: MEDIUM</category><category>LLM Security</category><category>Agentic AI</category><category>Regulatory</category><category>Industry News</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0040 - ML Model Inference API Access</category><category>AML.T0057 - LLM Data Leakage</category><description>CISA's Attack Surface Evaluation team is reportedly leveraging Anthropic's 'Mythos' model to scan federal government software for security vulnerabilities, representing a significant expansion of AI-assisted offensive security tooling in critical infrastructure defence. The deployment raises important questions about the trustworthiness of LLM-driven vulnerability assessment, potential for model-induced false negatives, and the security of the AI pipeline itself when applied to sensitive government codebases. This marks one of the most prominent known uses of a commercial LLM in an active U.S. government cyber defence role.</description></item></channel></rss>