https://gridthegrey.com/Real-time AI security intelligence — adversarial ML, LLM vulnerabilities, and supply chain threats mapped to MITRE ATLAS and OWASP LLM Top 10.Hugoen-usFri, 08 May 2026 08:44:08 +0530https://gridthegrey.com/posts/ai-assisted-fuzzing-uncovers-423-firefox-security-bugs-in-one-month/Fri, 08 May 2026 03:13:53 +0000https://gridthegrey.com/posts/ai-assisted-fuzzing-uncovers-423-firefox-security-bugs-in-one-month/Threat Level: HIGHResearchIndustry NewsLLM SecurityAgentic AIAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataMozilla used early access to Anthropic's Claude Mythos model to systematically discover and patch hundreds of previously unknown vulnerabilities in Firefox, including bugs over 15–20 years old. The effort demonstrates a step-change in AI-assisted vulnerability research, with April 2026 seeing 423 security fixes compared to a monthly baseline of 20–30. The same capability that empowered Mozilla's defenders also signals that adversaries with similar model access could industrialise exploit discovery against open-source software at scale.https://gridthegrey.com/posts/fake-claude-ai-site-used-to-distribute-beagle-backdoor-and-plugx-malware/Fri, 08 May 2026 03:12:21 +0000https://gridthegrey.com/posts/fake-claude-ai-site-used-to-distribute-beagle-backdoor-and-plugx-malware/Threat Level: HIGHSupply ChainIndustry NewsLLM SecurityAML.T0047 - ML-Enabled Product or ServiceAML.T0010 - ML Supply Chain CompromiseThreat actors created a convincing fake website impersonating Anthropic's Claude AI to trick developers into downloading a trojanized installer that deploys the new 'Beagle' backdoor alongside a PlugX malware chain. The campaign specifically targets Claude-Code developers by advertising a fraudulent 'high-performance relay service,' suggesting deliberate targeting of the AI developer community. The attack leverages DLL sideloading via a legitimate signed G Data executable to evade detection while establishing persistent remote access.https://gridthegrey.com/posts/malicious-repos-trigger-silent-code-execution-in-claude-cursor-gemini-clis/Fri, 08 May 2026 03:10:50 +0000https://gridthegrey.com/posts/malicious-repos-trigger-silent-code-execution-in-claude-cursor-gemini-clis/Threat Level: HIGHLLM SecurityPrompt InjectionAgentic AISupply ChainResearchAML.T0051 - LLM Prompt InjectionAML.T0010 - ML Supply Chain CompromiseAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataA vulnerability class dubbed 'TrustFall' demonstrates that malicious code repositories can trigger arbitrary code execution in AI-assisted developer tools including Claude Code, Cursor CLI, Gemini CLI, and GitHub Copilot CLI, with little to no user interaction required. The attack surface stems from inadequate or easily dismissed warning dialogs that fail to surface the risk of executing untrusted repository content. Developers cloning or opening adversarial repositories are exposed to full host-level compromise through the elevated trust these AI coding agents place in repository-supplied context.https://gridthegrey.com/posts/mcp-hijack-attack-steals-claude-code-oauth-tokens-via-silent-man-in-the-middle/Fri, 08 May 2026 03:04:52 +0000https://gridthegrey.com/posts/mcp-hijack-attack-steals-claude-code-oauth-tokens-via-silent-man-in-the-middle/Threat Level: HIGHLLM SecurityAgentic AISupply ChainResearchAML.T0010 - ML Supply Chain CompromiseAML.T0012 - Valid AccountsAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageMitiga Labs has disclosed a stealthy attack chain targeting Claude Code's MCP infrastructure, allowing adversaries to silently intercept OAuth tokens by redirecting MCP traffic through attacker-controlled infrastructure. The attack requires only the ability to install a malicious npm package, which modifies ~/.claude.json to insert a proxy and pre-sets trust flags to suppress security prompts. Because the OAuth token grants broad access to all connected SaaS tools, successful exploitation effectively hands attackers a persistent master key to the victim's integrated development environment.https://gridthegrey.com/posts/pixel-level-perturbations-enable-invisible-prompt-injection-in-vision-language/Fri, 08 May 2026 03:03:08 +0000https://gridthegrey.com/posts/pixel-level-perturbations-enable-invisible-prompt-injection-in-vision-language/Threat Level: HIGHPrompt InjectionAdversarial MLLLM SecurityAgentic AIResearchAML.T0043 - Craft Adversarial DataAML.T0051 - LLM Prompt InjectionAML.T0015 - Evade ML ModelAML.T0040 - ML Model Inference API AccessAML.T0057 - LLM Data LeakageCisco's AI Threat Intelligence team has demonstrated that bounded pixel-level perturbations can recover the attack effectiveness of degraded typographic images against vision-language models (VLMs), enabling hidden prompt injection that bypasses both human review and content filters. The technique works by optimising perturbations against open-source embedding models and transferring results to proprietary systems like GPT-4o and Claude, exposing a cross-model transferability risk. The attack allows adversaries to embed instructions—such as data exfiltration commands—inside images that appear as visual noise to human observers.https://gridthegrey.com/posts/prompt-injection-achieves-rce-in-semantic-kernel-agent-framework/Fri, 08 May 2026 03:01:32 +0000https://gridthegrey.com/posts/prompt-injection-achieves-rce-in-semantic-kernel-agent-framework/Threat Level: CRITICALLLM SecurityPrompt InjectionAgentic AIResearchAML.T0051 - LLM Prompt InjectionAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataAML.T0057 - LLM Data LeakageMicrosoft's Defender Security Research Team disclosed two CVEs in Semantic Kernel — a widely-used AI agent orchestration framework — demonstrating how prompt injection can escalate to remote code execution via compromised plugins. The vulnerabilities (CVE-2026-26030 and CVE-2026-25592) expose a systemic risk in the agentic AI layer: because frameworks like Semantic Kernel abstract tool orchestration, a single flaw in how LLM outputs are mapped to system tools can propagate across every application built on that foundation. This research signals a critical shift in AI threat modelling, where prompt injection is no longer a content risk but an execution risk.https://gridthegrey.com/posts/unmanaged-ai-agents-expose-enterprise-identity-perimeters-to-silent-compromise/Thu, 07 May 2026 03:56:03 +0000https://gridthegrey.com/posts/unmanaged-ai-agents-expose-enterprise-identity-perimeters-to-silent-compromise/Threat Level: HIGHAgentic AILLM SecurityRegulatoryIndustry NewsAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageEnterprises are deploying AI agents faster than governance frameworks can track them, creating a shadow identity layer that operates outside traditional IAM visibility. These agents run continuously, accumulate permissions opportunistically, and interact with sensitive data at machine speed — largely unmonitored. The structural gap between agent activity and IAM coverage represents a significant and growing attack surface for privilege abuse and data exfiltration.https://gridthegrey.com/posts/bleeding-llama-flaw-exposes-300000-ollama-servers-to-unauthenticated-data-theft/Wed, 06 May 2026 04:16:56 +0000https://gridthegrey.com/posts/bleeding-llama-flaw-exposes-300000-ollama-servers-to-unauthenticated-data-theft/Threat Level: CRITICALLLM SecurityResearchIndustry NewsAML.T0040 - ML Model Inference API AccessAML.T0057 - LLM Data LeakageAML.T0044 - Full ML Model AccessAML.T0043 - Craft Adversarial DataA critical heap out-of-bounds read vulnerability (CVE-2026-7482, CVSS 9.3) in Ollama's GGUF model loader allows unauthenticated remote attackers to exfiltrate sensitive heap memory — including API keys, prompts, and PII — using just three API calls. With approximately 300,000 Ollama instances publicly exposed and no authentication required by default, the attack surface is immediately and broadly exploitable. The vulnerability has been patched in Ollama version 0.17.1, but unpatched internet-facing deployments remain at critical risk.https://gridthegrey.com/posts/crowdstrike-researcher-details-ai-jailbreaking-and-data-poisoning-techniques/Wed, 06 May 2026 04:15:58 +0000https://gridthegrey.com/posts/crowdstrike-researcher-details-ai-jailbreaking-and-data-poisoning-techniques/Threat Level: MEDIUMLLM SecurityJailbreaksAdversarial MLData PoisoningResearchIndustry NewsAML.T0054 - LLM JailbreakAML.T0051 - LLM Prompt InjectionAML.T0020 - Poison Training DataAML.T0043 - Craft Adversarial DataAML.T0015 - Evade ML ModelJoey Melo, Principal Security Researcher at CrowdStrike, outlines his methodology for AI red teaming, focusing on manipulating LLM guardrails through jailbreaking and data poisoning without altering underlying source code. His work, rooted in competitive AI hacking challenges, translates classical adversarial thinking into the emerging field of machine learning security. The profile highlights the growing professionalisation of AI red teaming as organisations seek to harden LLM deployments against real-world manipulation attacks.https://gridthegrey.com/posts/mass-scan-reveals-widespread-authentication-failures-across-exposed-ai/Wed, 06 May 2026 04:15:21 +0000https://gridthegrey.com/posts/mass-scan-reveals-widespread-authentication-failures-across-exposed-ai/Threat Level: HIGHLLM SecurityAgentic AIIndustry NewsResearchJailbreaksAML.T0040 - ML Model Inference API AccessAML.T0044 - Full ML Model AccessAML.T0054 - LLM JailbreakAML.T0057 - LLM Data LeakageAML.T0012 - Valid AccountsAML.T0047 - ML-Enabled Product or ServiceA scan of over one million exposed AI services found pervasive security failures including absent authentication, leaked API keys, and exposed business logic across self-hosted LLM deployments. Agent management platforms such as Flowise and n8n were discovered internet-exposed without access controls, revealing credential lists and internal workflows. The findings indicate systemic misconfiguration risk as enterprises race to self-host AI infrastructure without applying baseline security practices.https://gridthegrey.com/posts/backdoored-pytorch-lightning-package-steals-cloud-credentials-from-ai-developers/Tue, 05 May 2026 05:36:41 +0000https://gridthegrey.com/posts/backdoored-pytorch-lightning-package-steals-cloud-credentials-from-ai-developers/Threat Level: HIGHSupply ChainLLM SecurityIndustry NewsAML.T0010 - ML Supply Chain CompromiseAML.T0018 - Backdoor ML ModelAML.T0012 - Valid AccountsA malicious version of PyTorch Lightning (v2.6.3) was published to PyPI, embedding a hidden execution chain that silently downloads a JavaScript runtime and executes a heavily obfuscated credential-stealing payload dubbed 'ShaiWorm'. The attack targeted AI/ML developers who use this popular deep learning framework, exposing cloud credentials, API keys, browser-stored secrets, and GitHub tokens. The package has since been reverted to a safe version, but any developer who imported the compromised version should rotate all secrets immediately.https://gridthegrey.com/posts/pentagon-deploys-classified-ai-across-seven-tech-giants-for-warfighter-systems/Mon, 04 May 2026 03:28:36 +0000https://gridthegrey.com/posts/pentagon-deploys-classified-ai-across-seven-tech-giants-for-warfighter-systems/Threat Level: HIGHAgentic AISupply ChainRegulatoryIndustry NewsLLM SecurityAML.T0010 - ML Supply Chain CompromiseAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataAML.T0057 - LLM Data LeakageThe US Department of Defense has formalised agreements with seven major technology companies — including Google, Microsoft, OpenAI, and Amazon Web Services — to integrate AI into classified military networks for battlefield decision support. The move raises significant AI security concerns around human oversight, adversarial manipulation of high-stakes AI systems, and supply chain risks introduced by multiple commercial vendors operating within classified environments. Notably, Anthropic was excluded following a public dispute over AI safety and ethics in warfare.https://gridthegrey.com/posts/cross-machine-ai-agent-relay-tool-expands-attack-surface-for-developer/Sun, 03 May 2026 03:31:51 +0000https://gridthegrey.com/posts/cross-machine-ai-agent-relay-tool-expands-attack-surface-for-developer/Threat Level: MEDIUMAgentic AISupply ChainLLM SecurityIndustry NewsAML.T0047 - ML-Enabled Product or ServiceAML.T0010 - ML Supply Chain CompromiseAML.T0051 - LLM Prompt InjectionAML.T0040 - ML Model Inference API AccessLoopsy is an open-source tool enabling cross-machine communication between AI coding agents (Claude Code, Cursor, Codex) and mobile devices via a self-hosted Cloudflare Workers relay. While designed for legitimate developer productivity, the architecture introduces significant attack surface: a relay brokering shell access and AI agent commands across machines is a high-value target for interception, hijacking, or supply chain compromise. Security teams should assess exposure before deploying such tools in sensitive development environments.https://gridthegrey.com/posts/desktop-automation-cli-grants-ai-agents-deep-os-level-control/Sun, 03 May 2026 03:30:02 +0000https://gridthegrey.com/posts/desktop-automation-cli-grants-ai-agents-deep-os-level-control/Threat Level: HIGHAgentic AILLM SecurityPrompt InjectionResearchAML.T0051 - LLM Prompt InjectionAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageAML.T0040 - ML Model Inference API Accessagent-desktop is an open-source Rust CLI tool that exposes full OS accessibility trees to AI agents, enabling programmatic control of any desktop application without screenshots or browser sandboxing. This dramatically expands the attack surface for agentic AI systems, as a compromised or prompt-injected agent could silently manipulate native applications, exfiltrate data, or perform destructive actions across the host OS. The tool's deterministic element references and structured JSON output make it trivially scriptable, lowering the barrier for AI-driven desktop abuse.https://gridthegrey.com/posts/frontier-llms-now-autonomously-breach-corporate-networks-in-aisi-cyber-tests/Sat, 02 May 2026 04:50:23 +0000https://gridthegrey.com/posts/frontier-llms-now-autonomously-breach-corporate-networks-in-aisi-cyber-tests/Threat Level: HIGHLLM SecurityAgentic AIResearchIndustry NewsRegulatoryAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataThe UK's AI Security Institute (AISI) found that OpenAI's GPT-5.5 matches Anthropic's Mythos Preview on cybersecurity benchmarks, including a 32-step simulated corporate network intrusion. Both models successfully completed the 'The Last Ones' data-extraction simulation — a first for any AI system — suggesting autonomous offensive cyber capability is a general frontier-model property, not a one-vendor breakthrough. The findings raise urgent questions about responsible release practices and the pace at which LLMs can independently execute multi-stage attacks.https://gridthegrey.com/posts/premature-ai-agent-deployments-expose-production-systems-to-destructive-actions/Sat, 02 May 2026 04:45:09 +0000https://gridthegrey.com/posts/premature-ai-agent-deployments-expose-production-systems-to-destructive-actions/Threat Level: HIGHAgentic AILLM SecurityIndustry NewsAML.T0047 - ML-Enabled Product or ServiceAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageOrganisations are deploying AI agents into production environments without adequate security testing, resulting in destructive outcomes such as unintended deletion of production databases. The core risk is excessive agency granted to AI systems before trust boundaries and guardrails are established. This represents a systemic industry failure to apply basic security principles before integrating autonomous AI tooling into critical infrastructure.https://gridthegrey.com/posts/anthropic-launches-claude-security-to-close-ai-accelerated-exploit-window/Fri, 01 May 2026 07:06:29 +0000https://gridthegrey.com/posts/anthropic-launches-claude-security-to-close-ai-accelerated-exploit-window/Threat Level: HIGHLLM SecurityAgentic AIIndustry NewsResearchAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataAnthropic has released Claude Security in public beta, a dedicated vulnerability scanning product aimed at countering the accelerating threat of AI-powered exploitation exemplified by its own Mythos model. The tool integrates directly into Claude Enterprise, scanning repositories for vulnerabilities, providing confidence-rated findings, and generating targeted patches — compressing the security team-to-engineer remediation cycle from days to a single session. The launch reflects a broader industry acknowledgment that frontier AI models in adversarial hands are fundamentally shortening time-to-exploit, forcing defenders to adopt equivalent AI-native tooling.https://gridthegrey.com/posts/cvss-10-gemini-cli-flaw-turns-ci-cd-pipelines-into-rce-attack-vectors/Fri, 01 May 2026 06:54:32 +0000https://gridthegrey.com/posts/cvss-10-gemini-cli-flaw-turns-ci-cd-pipelines-into-rce-attack-vectors/Threat Level: CRITICALLLM SecurityAgentic AISupply ChainPrompt InjectionAML.T0051 - LLM Prompt InjectionAML.T0010 - ML Supply Chain CompromiseAML.T0047 - ML-Enabled Product or ServiceGoogle has patched a maximum-severity (CVSS 10.0) vulnerability in its Gemini CLI tooling that allowed unauthenticated attackers to achieve remote code execution by planting malicious configuration files in workspace directories automatically trusted by the agent in headless/CI mode. The flaw effectively weaponised CI/CD pipelines as supply chain attack paths, bypassing sandbox protections entirely before they could initialise. A secondary issue in '--yolo' mode further enabled prompt injection to trigger unrestricted shell command execution.https://gridthegrey.com/posts/openai-launches-phishing-resistant-security-mode-for-high-risk-chatgpt-accounts/Fri, 01 May 2026 04:42:27 +0000https://gridthegrey.com/posts/openai-launches-phishing-resistant-security-mode-for-high-risk-chatgpt-accounts/Threat Level: MEDIUMLLM SecurityIndustry NewsRegulatoryAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceOpenAI has introduced Advanced Account Security, an optional hardened authentication mode for ChatGPT and Codex users who face elevated risk of account takeover, including journalists, dissidents, and researchers. The feature enforces passkey or physical security key authentication, eliminates SMS/email recovery routes, and removes OpenAI support team access to recovery options to block social engineering attacks. Members of OpenAI's Trusted Access for Cyber programme will be mandated to enable it or provide equivalent enterprise SSO attestation by June 1.https://gridthegrey.com/posts/uk-ai-security-institute-finds-gpt-5-5-matches-claude-mythos-in-cyber/Fri, 01 May 2026 04:37:05 +0000https://gridthegrey.com/posts/uk-ai-security-institute-finds-gpt-5-5-matches-claude-mythos-in-cyber/Threat Level: HIGHLLM SecurityResearchIndustry NewsRegulatoryAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataThe UK's AI Security Institute has evaluated OpenAI's GPT-5.5 for offensive cybersecurity capabilities, finding it comparable to Anthropic's Claude Mythos model in identifying security vulnerabilities. Unlike Mythos, GPT-5.5 is generally available, meaning its vulnerability-discovery capabilities are accessible to a broad population including malicious actors. This raises significant concerns about the proliferation of AI-assisted exploitation tools at scale.