https://gridthegrey.com/Real-time AI security intelligence — adversarial ML, LLM vulnerabilities, and supply chain threats mapped to MITRE ATLAS and OWASP LLM Top 10.Hugoen-usFri, 19 Jun 2026 13:27:58 +0530https://gridthegrey.com/posts/first-look-delphi-powers-ke-app-s-ai-celebrity-clone-for-wellness-coaching/Fri, 19 Jun 2026 07:57:43 +0000https://gridthegrey.com/posts/first-look-delphi-powers-ke-app-s-ai-celebrity-clone-for-wellness-coaching/Threat Level: MEDIUMFirst LookLLM SecurityPrompt InjectionSupply ChainIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0054 - LLM JailbreakAML.T0056 - LLM Meta Prompt ExtractionAML.T0057 - LLM Data LeakageAML.T0020 - Poison Training DataAML.T0047 - ML-Enabled Product or ServiceAML.T0010 - ML Supply Chain CompromiseKaramo Brown's Kē wellness app deploys an AI digital clone of the celebrity — voice, persona, and advisory content — built by Delphi from interviews, podcasts, and public clips, enabling real-time conversational coaching at scale. For defenders, celebrity-clone architectures introduce layered risks: the training corpus is largely public and manipulable, the voice synthesis surface is exploitable for deepfake derivation, and the mental-health context creates elevated harm potential if the persona is hijacked or jailbroken. Security teams evaluating similar deployments should treat the persona boundary as a primary control point, since users in vulnerable emotional states are disproportionately exposed to manipulation if guardrails fail.https://gridthegrey.com/posts/first-look-aws-sagemaker-ships-100-detailed-inference-metrics-with-cloudwatch/Fri, 19 Jun 2026 07:56:59 +0000https://gridthegrey.com/posts/first-look-aws-sagemaker-ships-100-detailed-inference-metrics-with-cloudwatch/Threat Level: MEDIUMFirst LookLLM SecurityIndustry NewsSupply ChainAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceAML.T0044 - Full ML Model AccessAML.T0012 - Valid AccountsAWS has released a deep observability layer for SageMaker AI inference endpoints, emitting over 100 metrics covering GPU health, KV cache pressure, token-level latency, and traffic distribution into a native CloudWatch Insights dashboard with PromQL-compatible export. For defenders, this centralised telemetry surface introduces new reconnaissance and exfiltration vectors: an adversary with read access to CloudWatch or connected third-party tools (Grafana, Datadog) can infer model architecture, request patterns, and capacity limits without touching the model itself. The richness of these signals also raises insider-threat risk, as operational staff now have granular visibility into inference behaviour that can be leveraged to reverse-engineer model characteristics or plan targeted denial-of-service campaigns.https://gridthegrey.com/posts/first-look-aws-launches-amazon-bedrock-agentcore-harness-for-production-grade/Fri, 19 Jun 2026 07:54:42 +0000https://gridthegrey.com/posts/first-look-aws-launches-amazon-bedrock-agentcore-harness-for-production-grade/Threat Level: HIGHFirst LookAgentic AILLM SecurityPrompt InjectionSupply ChainAML.T0051 - LLM Prompt InjectionAML.T0054 - LLM JailbreakAML.T0057 - LLM Data LeakageAML.T0056 - LLM Meta Prompt ExtractionAML.T0010 - ML Supply Chain CompromiseAML.T0047 - ML-Enabled Product or ServiceAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessAWS has made Amazon Bedrock AgentCore Harness generally available, providing a managed abstraction layer that reduces agent deployment to two API calls while bundling sandboxed compute, persistent memory, tool gateway, browser access, identity management, and observability. For defenders, this dramatically lowers the barrier to deploying autonomous agents with filesystem access, shell execution, web browsing, and multi-provider model switching — compressing what was a weeks-long infrastructure project into minutes. Security teams face an expanded attack surface where prompt injection, tool abuse, cross-session memory poisoning, and supply chain risks through AWS-curated skill catalogs now arrive as a single, tightly integrated managed service rather than individually reviewable components.https://gridthegrey.com/posts/autojack-exploit-chain-achieves-rce-via-ai-agent-browsing-local-mcp-socket/Fri, 19 Jun 2026 07:44:15 +0000https://gridthegrey.com/posts/autojack-exploit-chain-achieves-rce-via-ai-agent-browsing-local-mcp-socket/Threat Level: HIGHAgentic AILLM SecurityResearchPrompt InjectionAML.T0051 - LLM Prompt InjectionAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageAML.T0010 - ML Supply Chain CompromiseResearchers at Microsoft identified a three-stage exploit chain in AutoGen Studio that allows a malicious web page visited by a browsing AI agent to reach the host's local Model Context Protocol (MCP) WebSocket and spawn arbitrary processes. The chain exploits a bypassable origin allowlist, authentication middleware that excluded MCP endpoints, and unsanitised URL-derived command parameters. Although the vulnerable surface was never shipped in a PyPI release, the finding exposes a systemic architectural risk in any agent framework that combines untrusted browsing with privileged localhost services.https://gridthegrey.com/posts/orphaned-ai-agents-retain-privileged-access-after-employee-departures/Fri, 19 Jun 2026 07:41:47 +0000https://gridthegrey.com/posts/orphaned-ai-agents-retain-privileged-access-after-employee-departures/Threat Level: HIGHAgentic AILLM SecurityIndustry NewsAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageEnterprises deploying internal AI agents face a growing identity accountability gap: when the employee who created an autonomous agent leaves, the agent's access tokens and credentials often remain active and unmonitored. Traditional access management tools fail to detect this risk because they treat AI agents as static software rather than identity-bearing entities capable of exfiltrating sensitive data. The problem compounds at scale as shadow AI deployments proliferate across organizations without centralised visibility or ownership tracking.https://gridthegrey.com/posts/first-look-anthropic-mythos-5-export-block-exposes-ai-supply-chain-dependency/Thu, 18 Jun 2026 04:28:40 +0000https://gridthegrey.com/posts/first-look-anthropic-mythos-5-export-block-exposes-ai-supply-chain-dependency/Threat Level: HIGHFirst LookSupply ChainRegulatoryIndustry NewsLLM SecurityAML.T0010 - ML Supply Chain CompromiseAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceAML.T0015 - Evade ML ModelAML.T0031 - Erode ML Model IntegrityThe Trump administration's overnight export block of Anthropic's Mythos 5 and Fable 5 models — triggered by reported safety guardrail bypass vulnerabilities flagged by Amazon — has exposed the fragility of international AI supply chains built on U.S.-controlled infrastructure. For defenders, this event crystallises a critical dependency risk: organisations and governments that have embedded American AI models into critical systems now face the possibility of abrupt, unexplained access revocation with no remediation path. Security teams must now treat AI vendor access continuity as a threat vector equivalent to a third-party SaaS outage, and accelerate contingency planning around model substitution and sovereign alternatives.https://gridthegrey.com/posts/first-look-aws-launches-amazon-quick-autonomous-agents-with-continuous-execution/Thu, 18 Jun 2026 04:25:14 +0000https://gridthegrey.com/posts/first-look-aws-launches-amazon-quick-autonomous-agents-with-continuous-execution/Threat Level: HIGHFirst LookAgentic AIPrompt InjectionLLM SecuritySupply ChainAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0012 - Valid AccountsAML.T0010 - ML Supply Chain CompromiseAML.T0043 - Craft Adversarial DataAML.T0031 - Erode ML Model IntegrityAWS has shipped autonomous agents in Amazon Quick, an AI assistant that continuously executes tasks — including CRM updates, email drafting, and compliance monitoring — on behalf of users while connected to dozens of enterprise data sources and applications. This dramatically expands the attack surface for business-context compromise: a single successful prompt injection or account takeover can now translate into persistent, automated actions across an organisation's entire connected app ecosystem. Defenders must treat these agents as privileged service accounts with broad, continuous write-access, requiring dedicated monitoring, least-privilege scoping, and explicit human-in-the-loop gates for sensitive actions.https://gridthegrey.com/posts/first-look-midjourney-medical-launches-ai-powered-full-body-ultrasound-scanner/Thu, 18 Jun 2026 04:22:14 +0000https://gridthegrey.com/posts/first-look-midjourney-medical-launches-ai-powered-full-body-ultrasound-scanner/Threat Level: MEDIUMFirst LookAdversarial MLSupply ChainRegulatoryIndustry NewsAML.T0043 - Craft Adversarial DataAML.T0018 - Backdoor ML ModelAML.T0010 - ML Supply Chain CompromiseAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceAML.T0031 - Erode ML Model IntegrityMidjourney Medical has announced a full-body ultrasound scanner that uses a ring of sensors and AI processing to generate MRI-comparable internal body imagery, representing a significant pivot from image generation into AI-assisted medical diagnostics hardware. The convergence of AI inference pipelines with sensitive biometric and anatomical data creates new attack surfaces around health data exfiltration, model output manipulation, and diagnostic integrity. Defenders in healthcare and enterprise wellness programmes should treat this class of device as a high-sensitivity AI-enabled medical endpoint requiring strict data governance and supply chain vetting.https://gridthegrey.com/posts/first-look-odyssey-launches-physical-world-model-platform-backed-by-amazon-at-1/Thu, 18 Jun 2026 04:21:04 +0000https://gridthegrey.com/posts/first-look-odyssey-launches-physical-world-model-platform-backed-by-amazon-at-1/Threat Level: MEDIUMFirst LookSupply ChainAdversarial MLData PoisoningIndustry NewsAML.T0020 - Poison Training DataAML.T0019 - Publish Poisoned DatasetsAML.T0010 - ML Supply Chain CompromiseAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceOdyssey has raised a $310M Series B to scale its world model platform, which ingests real-world physical environment data to generate interactive simulations, video, and training environments for robotics and gaming. The platform's reliance on large-scale physical data collection, multi-tenant simulation outputs, and deep AWS infrastructure integration introduces supply chain, data poisoning, and adversarial simulation risks defenders should assess. Organizations consuming Odyssey-generated synthetic environments for robotics training or game content pipelines are newly exposed to integrity attacks targeting the underlying world model.https://gridthegrey.com/posts/first-look-openai-tests-chatgpt-for-science-subscription-with-verified-access/Thu, 18 Jun 2026 04:16:02 +0000https://gridthegrey.com/posts/first-look-openai-tests-chatgpt-for-science-subscription-with-verified-access/Threat Level: MEDIUMFirst LookLLM SecurityIndustry NewsRegulatoryResearchAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessAML.T0051 - LLM Prompt InjectionAML.T0054 - LLM JailbreakAML.T0057 - LLM Data LeakageAML.T0056 - LLM Meta Prompt ExtractionAML.T0019 - Publish Poisoned DatasetsOpenAI is internally testing a specialised 'ChatGPT for Science' subscription tier, likely restricted to verified universities and research institutions, building on capabilities from GPT-Rosalind — a purpose-built life sciences model already deployed under a trusted-access structure with select pharma partners. The gated, domain-specific nature of this offering creates novel identity and access verification attack surfaces, as threat actors will likely probe credential and institutional verification mechanisms to gain privileged access to specialised scientific knowledge. Defenders at academic and research institutions should anticipate increased phishing campaigns targeting institutional credentials and prepare governance frameworks for AI use in sensitive research environments.https://gridthegrey.com/posts/first-look-z-ai-releases-glm-5-2-open-weights-753b-llm-under-mit-license/Thu, 18 Jun 2026 04:14:35 +0000https://gridthegrey.com/posts/first-look-z-ai-releases-glm-5-2-open-weights-753b-llm-under-mit-license/Threat Level: HIGHFirst LookLLM SecuritySupply ChainJailbreaksIndustry NewsAML.T0044 - Full ML Model AccessAML.T0054 - LLM JailbreakAML.T0051 - LLM Prompt InjectionAML.T0010 - ML Supply Chain CompromiseAML.T0018 - Backdoor ML ModelAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessZ.ai has released GLM-5.2, a 753-billion-parameter mixture-of-experts model under an MIT license, ranking as the top open-weights model on the Artificial Analysis Intelligence Index and second on the Code Arena WebDev leaderboard. For defenders, the combination of frontier-level capability, unrestricted open-weights distribution, and a 1-million-token context window materially lowers the barrier for threat actors to self-host a highly capable model outside any provider's safety controls. The model's agentic coding performance and massive context window expand the viable attack surface for automated code generation, targeted phishing, and large-scale document analysis without API-level monitoring.https://gridthegrey.com/posts/first-look-ai-agent-identity-continuity-expands-persistent-credential-abuse/Wed, 17 Jun 2026 04:25:03 +0000https://gridthegrey.com/posts/first-look-ai-agent-identity-continuity-expands-persistent-credential-abuse/Threat Level: HIGHFirst LookAgentic AILLM SecurityIndustry NewsAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageCrowdStrike's Continuous Identity for AI Agents introduces persistent, trackable identity primitives for agentic workflows — but persistent identities are also persistent targets. Attackers who compromise an agent identity gain a durable, trusted foothold that can persist across sessions and tool invocations without the natural expiry of human session tokens. The feature's integration into the Falcon platform means agent identity tokens, if stolen or forged, may carry elevated detection-suppression trust within the same security toolchain defending the environment.https://gridthegrey.com/posts/first-look-dual-use-ai-exploit-models-create-unavoidable-offensive-capability/Wed, 17 Jun 2026 04:24:13 +0000https://gridthegrey.com/posts/first-look-dual-use-ai-exploit-models-create-unavoidable-offensive-capability/Threat Level: CRITICALFirst LookLLM SecurityJailbreaksRegulatoryIndustry NewsAML.T0054 - LLM JailbreakAML.T0051 - LLM Prompt InjectionAML.T0047 - ML-Enabled Product or ServiceAML.T0044 - Full ML Model AccessAML.T0040 - ML Model Inference API AccessAML.T0015 - Evade ML ModelAnthropic's Mythos 5 and Claude Fable 5 represent the arrival of frontier AI models with demonstrated, advanced vulnerability discovery and exploit-development capabilities — a capability class that will rapidly proliferate across multiple vendors and open-weight releases. The core attack surface is not model-specific: guardrail bypass of the consumer-facing Fable 5 exposes full Mythos-grade offensive capability to any actor who can defeat the content filters, while the broader proliferation trajectory means defenders must assume adversary access to equivalent capabilities within months. The regulatory response addresses a single vendor while doing nothing to raise the floor for the broader ecosystem of competitive and open-weight models following close behind.https://gridthegrey.com/posts/first-look-gemini-omni-deep-os-integration-expands-ambient-ai-attack-surface-on/Wed, 17 Jun 2026 04:23:19 +0000https://gridthegrey.com/posts/first-look-gemini-omni-deep-os-integration-expands-ambient-ai-attack-surface-on/Threat Level: HIGHFirst LookLLM SecurityPrompt InjectionAgentic AIIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0043 - Craft Adversarial DataAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0015 - Evade ML ModelAML.T0056 - LLM Meta Prompt ExtractionAndroid 17 embeds Gemini Omni and multiple AI models (Lyria 3, AudioLM) directly into OS-level functions including video editing, call handling, screen recording, and emergency detection, dramatically expanding the attack surface for AI-assisted exploitation on mobile endpoints. The deep integration of conversational AI with device sensors, media pipelines, and inter-app communication creates novel prompt injection and data exfiltration vectors that existing mobile threat defences were not designed to address. The simultaneous AirDrop interoperability expansion and cross-device Pixel Watch mirroring further widen the lateral movement surface across the Google hardware ecosystem.https://gridthegrey.com/posts/first-look-nvidia-xr-ai-embeds-persistent-agents-into-physical-world-sensor/Wed, 17 Jun 2026 04:21:59 +0000https://gridthegrey.com/posts/first-look-nvidia-xr-ai-embeds-persistent-agents-into-physical-world-sensor/Threat Level: HIGHFirst LookAgentic AIPrompt InjectionLLM SecuritySupply ChainAML.T0051 - LLM Prompt InjectionAML.T0043 - Craft Adversarial DataAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0010 - ML Supply Chain CompromiseAML.T0056 - LLM Meta Prompt ExtractionAML.T0040 - ML Model Inference API AccessAML.T0054 - LLM JailbreakNVIDIA XR AI puts multimodal agentic systems directly into AR glasses, fusing continuous video, audio, depth, and pose data with enterprise knowledge retrieval and tool execution — creating a persistent, always-on sensor exfiltration and prompt injection surface that sits inches from a worker's face. The framework connects to industrial systems, digital twins, and enterprise RAG backends, meaning a compromised agent can pivot from perceptual data into operational technology networks. Because the inputs are environmental and largely uncontrolled, adversarial content placed in the physical world (signage, screens, spoken commands) becomes a viable injection vector against enterprise infrastructure.https://gridthegrey.com/posts/bucket-squatting-flaw-in-vertex-ai-sdk-enabled-model-hijack-and-rce/Wed, 17 Jun 2026 04:20:26 +0000https://gridthegrey.com/posts/bucket-squatting-flaw-in-vertex-ai-sdk-enabled-model-hijack-and-rce/Threat Level: HIGHSupply ChainAdversarial MLResearchLLM SecurityAML.T0010 - ML Supply Chain CompromiseAML.T0018 - Backdoor ML ModelAML.T0031 - Erode ML Model IntegrityAML.T0044 - Full ML Model AccessA vulnerability in the Google Cloud Vertex AI Python SDK allowed unauthenticated attackers to intercept model uploads by pre-registering predictable staging bucket names — a technique Unit 42 calls 'Pickle in the Middle'. Once a malicious model replaced the legitimate upload, arbitrary code executed inside Google's serving infrastructure via pickle deserialization. Google patched the flaw in v1.148.0 after disclosure in March 2026, but the incident highlights systemic risks in ML pipeline supply chains.https://gridthegrey.com/posts/china-linked-group-suspected-of-accessing-anthropic-s-restricted-mythos-model/Tue, 16 Jun 2026 16:07:11 +0000https://gridthegrey.com/posts/china-linked-group-suspected-of-accessing-anthropic-s-restricted-mythos-model/Threat Level: CRITICALLLM SecurityModel TheftJailbreaksRegulatoryIndustry NewsAML.T0044 - Full ML Model AccessAML.T0040 - ML Model Inference API AccessAML.T0054 - LLM JailbreakAML.T0010 - ML Supply Chain CompromiseAML.T0012 - Valid AccountsThe White House reportedly believes a China-linked group accessed Anthropic's Mythos AI model, prompting export restrictions on the technology. If confirmed, the breach represents a significant national security threat, as adversaries could exploit the model directly or use knowledge distillation to replicate its capabilities. Separately, reports of jailbreak vulnerabilities in Mythos and Fable compound concerns about unauthorised access to frontier AI systems.https://gridthegrey.com/posts/first-look-agentcore-rag-agent-exposes-multi-layer-injection-and-data-poisoning/Tue, 16 Jun 2026 01:47:22 +0000https://gridthegrey.com/posts/first-look-agentcore-rag-agent-exposes-multi-layer-injection-and-data-poisoning/Threat Level: HIGHFirst LookAgentic AIPrompt InjectionData PoisoningLLM SecurityAML.T0051 - LLM Prompt InjectionAML.T0019 - Publish Poisoned DatasetsAML.T0020 - Poison Training DataAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0056 - LLM Meta Prompt ExtractionAML.T0040 - ML Model Inference API AccessAmazon Bedrock AgentCore now enables production-grade agentic systems that combine RAG retrieval, persistent cross-session memory, and direct user-facing endpoints authenticated only via Cognito Bearer tokens — all surfaced through a single /invocations endpoint. This architecture creates compounded attack surfaces where adversarially crafted content in S3-backed knowledge bases can propagate through the retrieve_and_generate pipeline directly into technician workflows. The persistent AgentCore Memory layer introduces a new cross-session context poisoning vector that does not exist in stateless LLM deployments.https://gridthegrey.com/posts/first-look-agent-evalkit-embeds-llm-judges-into-dev-pipelines-expanding-test/Tue, 16 Jun 2026 01:45:50 +0000https://gridthegrey.com/posts/first-look-agent-evalkit-embeds-llm-judges-into-dev-pipelines-expanding-test/Threat Level: MEDIUMFirst LookAgentic AISupply ChainLLM SecurityPrompt InjectionAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0010 - ML Supply Chain CompromiseAML.T0019 - Publish Poisoned DatasetsAML.T0043 - Craft Adversarial DataAML.T0018 - Backdoor ML ModelAgent-EvalKit introduces an open-source evaluation pipeline that integrates LLM-as-judge evaluators and AI coding assistants directly into agent development workflows, creating new attack surfaces where poisoned test cases, manipulated ground-truth datasets, and adversarial evaluation prompts could corrupt agent quality signals. The toolkit's deep code-reading access via Claude Code, Kiro CLI, and Kilo Code means a compromised evaluation run could exfiltrate source code or inject malicious recommendations into the development pipeline. Because evaluation outputs drive concrete code changes, adversarial manipulation of the eval layer has downstream consequences for production agent behaviour.https://gridthegrey.com/posts/first-look-agentic-incident-triage-assistant-bridges-observability-data-and-task/Tue, 16 Jun 2026 01:43:14 +0000https://gridthegrey.com/posts/first-look-agentic-incident-triage-assistant-bridges-observability-data-and-task/Threat Level: HIGHFirst LookAgentic AIPrompt InjectionLLM SecurityAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0056 - LLM Meta Prompt ExtractionAML.T0012 - Valid AccountsAmazon Quick's new agentic incident triage assistant integrates New Relic's observability platform and Asana via MCP, creating a single conversational interface that can query production telemetry, surface error logs, and create tracked tasks autonomously. This multi-tool agent architecture dramatically expands the prompt injection attack surface, as malicious data embedded in production logs, alert payloads, or transaction traces can now influence agent actions — including task creation and RCA narrative generation. The convergence of observability data (high-trust, machine-generated) with autonomous task orchestration creates a novel indirect prompt injection pathway through operational telemetry.