<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>GRID THE GREY — AI Threat Intelligence | GRID THE GREY</title><link>https://gridthegrey.com/</link><description>Real-time AI security intelligence — adversarial ML, LLM vulnerabilities, and supply chain threats mapped to MITRE ATLAS and OWASP LLM Top 10.</description><generator>Hugo</generator><language>en-us</language><copyright/><lastBuildDate>Tue, 07 Jul 2026 13:20:48 +0530</lastBuildDate><atom:link href="https://gridthegrey.com/index.xml" rel="self" type="application/rss+xml"/><item><title>First Look: Tencent Releases Hy3 295B MoE Open-Source Model with 256K Context</title><link>https://gridthegrey.com/posts/first-look-tencent-releases-hy3-295b-moe-open-source-model-with-256k-context/</link><pubDate>Tue, 07 Jul 2026 07:50:28 +0000</pubDate><guid>https://gridthegrey.com/posts/first-look-tencent-releases-hy3-295b-moe-open-source-model-with-256k-context/</guid><category>Threat Level: MEDIUM</category><category>First Look</category><category>LLM Security</category><category>Supply Chain</category><category>Jailbreaks</category><category>Industry News</category><category>AML.T0044 - Full ML Model Access</category><category>AML.T0054 - LLM Jailbreak</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0018 - Backdoor ML Model</category><category>AML.T0010 - ML Supply Chain Compromise</category><category>AML.T0047 - ML-Enabled Product or Service</category><description>Tencent has released Hy3, a 295B-parameter Mixture-of-Experts open-source model under Apache 2.0, featuring 256K context length and temporarily available for free inference via OpenRouter. The model's large context window, open weights, and Chinese provenance expand the attack surface for defenders managing LLM supply chains, jailbreak campaigns, and influence operations. Security teams should treat this as another high-capability open-weight model requiring the same scrutiny applied to comparable releases from Mistral or Meta.</description></item><item><title>First Look: NVIDIA and Hugging Face Integrate GR00T 1.7 into LeRobot Open Robotics Platform</title><link>https://gridthegrey.com/posts/first-look-nvidia-and-hugging-face-integrate-gr00t-1-7-into-lerobot-open/</link><pubDate>Tue, 07 Jul 2026 07:49:34 +0000</pubDate><guid>https://gridthegrey.com/posts/first-look-nvidia-and-hugging-face-integrate-gr00t-1-7-into-lerobot-open/</guid><category>Threat Level: HIGH</category><category>First Look</category><category>Supply Chain</category><category>Data Poisoning</category><category>Adversarial ML</category><category>Agentic AI</category><category>AML.T0019 - Publish Poisoned Datasets</category><category>AML.T0020 - Poison Training Data</category><category>AML.T0018 - Backdoor ML Model</category><category>AML.T0010 - ML Supply Chain Compromise</category><category>AML.T0043 - Craft Adversarial Data</category><category>AML.T0044 - Full ML Model Access</category><category>AML.T0031 - Erode ML Model Integrity</category><category>AML.T0047 - ML-Enabled Product or Service</category><description>NVIDIA and Hugging Face have integrated the Isaac GR00T 1.7 vision-language-action model, Isaac Teleop framework, and a 350,000-trajectory open dataset into the LeRobot open-source robotics library, creating an end-to-end open pipeline for training and deploying physical AI systems. This dramatically lowers the barrier to fine-tuning and deploying robot foundation models, expanding the attack surface across the full ML supply chain — from poisoned community datasets to adversarially crafted demonstrations used in teleop data collection. Defenders responsible for robotics deployments must now contend with a large, loosely governed open-source ecosystem where compromised models or datasets can directly translate to unsafe physical-world behaviour.</description></item><item><title>First Look: AWS Launches Multi-Turn RL Infrastructure for Amazon Nova on SageMaker HyperPod</title><link>https://gridthegrey.com/posts/first-look-aws-launches-multi-turn-rl-infrastructure-for-amazon-nova-on-hyperpod/</link><pubDate>Tue, 07 Jul 2026 07:48:45 +0000</pubDate><guid>https://gridthegrey.com/posts/first-look-aws-launches-multi-turn-rl-infrastructure-for-amazon-nova-on-hyperpod/</guid><category>Threat Level: HIGH</category><category>First Look</category><category>Agentic AI</category><category>Data Poisoning</category><category>Supply Chain</category><category>Adversarial ML</category><category>LLM Security</category><category>AML.T0020 - Poison Training Data</category><category>AML.T0018 - Backdoor ML Model</category><category>AML.T0031 - Erode ML Model Integrity</category><category>AML.T0019 - Publish Poisoned Datasets</category><category>AML.T0010 - ML Supply Chain Compromise</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0044 - Full ML Model Access</category><description>AWS has released a production-grade, event-driven multi-turn reinforcement learning training infrastructure for Amazon Nova models on SageMaker HyperPod, enabling enterprises to train agents that learn tool orchestration, error recovery, and sequential decision-making at scale. This materially expands the attack surface by introducing complex reward-routing pipelines, ephemeral compute provisioning, and environment-facing reward workers as new targets for poisoning and manipulation. Defenders must scrutinise the trust boundaries between the Nova Forge SDK, ECS reward workers, and HyperPod training pods, as a compromised reward signal can silently shape model behaviour across entire interaction sequences.</description></item><item><title>First Look: OfficeCLI Ships Open-Source Microsoft Office Automation Suite for AI Agents</title><link>https://gridthegrey.com/posts/first-look-officecli-ships-open-source-microsoft-office-automation-suite-for-ai/</link><pubDate>Tue, 07 Jul 2026 07:40:52 +0000</pubDate><guid>https://gridthegrey.com/posts/first-look-officecli-ships-open-source-microsoft-office-automation-suite-for-ai/</guid><category>Threat Level: HIGH</category><category>First Look</category><category>Agentic AI</category><category>Prompt Injection</category><category>LLM Security</category><category>Supply Chain</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0057 - LLM Data Leakage</category><category>AML.T0043 - Craft Adversarial Data</category><category>AML.T0010 - ML Supply Chain Compromise</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0054 - LLM Jailbreak</category><description>OfficeCLI is an open-source, single-binary tool that enables AI agents to programmatically read, write, and automate Microsoft Word, Excel, and PowerPoint files without requiring a local Office installation. This dramatically expands the file-system attack surface for agentic AI systems, enabling prompt injection via document content, automated exfiltration of sensitive Office files, and weaponisation of documents as a persistent injection vector. Defenders operating AI agent pipelines that touch file systems must now treat any Office document as a potential adversarial input channel.</description></item><item><title>Indirect Prompt Injections Weaponised to Drain Crypto via AI Agents</title><link>https://gridthegrey.com/posts/indirect-prompt-injections-weaponised-to-drain-crypto-via-ai-agents/</link><pubDate>Tue, 07 Jul 2026 07:39:12 +0000</pubDate><guid>https://gridthegrey.com/posts/indirect-prompt-injections-weaponised-to-drain-crypto-via-ai-agents/</guid><category>Threat Level: HIGH</category><category>Prompt Injection</category><category>Agentic AI</category><category>LLM Security</category><category>Research</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0043 - Craft Adversarial Data</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0057 - LLM Data Leakage</category><description>Researchers identified two active campaigns embedding indirect prompt injection payloads in malicious websites to manipulate autonomous AI agents into executing unauthorised cryptocurrency transactions. The attacks exploit the growing deployment of agentic AI systems that browse the web and take real-world actions with minimal human oversight. This represents a concrete, financially motivated escalation of prompt injection from data exfiltration to direct fund theft.</description></item><item><title>SkillCloak Bypasses AI Agent Skill Scanners with 90%+ Success Rate</title><link>https://gridthegrey.com/posts/skillcloak-bypasses-ai-agent-skill-scanners-with-90-success-rate/</link><pubDate>Tue, 07 Jul 2026 03:52:28 +0000</pubDate><guid>https://gridthegrey.com/posts/skillcloak-bypasses-ai-agent-skill-scanners-with-90-success-rate/</guid><category>Threat Level: HIGH</category><category>Agentic AI</category><category>Supply Chain</category><category>LLM Security</category><category>Research</category><category>Adversarial ML</category><category>AML.T0010 - ML Supply Chain Compromise</category><category>AML.T0015 - Evade ML Model</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0057 - LLM Data Leakage</category><description>Researchers at Hong Kong University of Science and Technology have demonstrated that static scanners used to vet malicious AI agent 'skills' — modular add-ons for agents like Claude Code and OpenAI Codex — can be systematically bypassed using a tool called SKILLCLOAK. The technique leverages either character-substitution obfuscation or self-extracting packing into scanner-ignored directories like .git/, achieving evasion rates above 90% across all eight tested scanners. The same research team also developed SKILLDETONATE, a runtime behavioral sandbox that catches most of the threats static analysis misses.</description></item><item><title>Amazon Q VS Code Extension Flaw Enables Cloud Credential Theft via MCP</title><link>https://gridthegrey.com/posts/amazon-q-vs-code-extension-flaw-enables-cloud-credential-theft-via-mcp/</link><pubDate>Sun, 05 Jul 2026 15:12:50 +0000</pubDate><guid>https://gridthegrey.com/posts/amazon-q-vs-code-extension-flaw-enables-cloud-credential-theft-via-mcp/</guid><category>Threat Level: HIGH</category><category>LLM Security</category><category>Supply Chain</category><category>Agentic AI</category><category>Industry News</category><category>AML.T0010 - ML Supply Chain Compromise</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0057 - LLM Data Leakage</category><category>AML.T0051 - LLM Prompt Injection</category><description>A vulnerability in the Amazon Q Visual Studio Code extension allows adversaries to plant malicious repositories that execute arbitrary code and exfiltrate cloud credentials. The flaw highlights escalating risks associated with Model Context Protocol (MCP) integrations embedded within AI-powered developer tools. This attack vector represents a growing threat surface as AI coding assistants gain privileged access to developer environments and cloud infrastructure.</description></item><item><title>First Look: Chinese AI Firms Launch LLMs Rivalling US Frontier Models in Capability</title><link>https://gridthegrey.com/posts/first-look-chinese-ai-firms-launch-llms-rivalling-us-frontier-models-in/</link><pubDate>Sat, 04 Jul 2026 10:53:05 +0000</pubDate><guid>https://gridthegrey.com/posts/first-look-chinese-ai-firms-launch-llms-rivalling-us-frontier-models-in/</guid><category>Threat Level: HIGH</category><category>First Look</category><category>LLM Security</category><category>Industry News</category><category>Supply Chain</category><category>Jailbreaks</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0054 - LLM Jailbreak</category><category>AML.T0040 - ML Model Inference API Access</category><category>AML.T0010 - ML Supply Chain Compromise</category><category>AML.T0043 - Craft Adversarial Data</category><description>Two newly released large language models from Chinese AI firms have reached capability parity with leading US frontier models, expanding the global pool of powerful AI available to both commercial and adversarial users. For defenders, this development broadens the asymmetry between attackers — who gain access to capable, potentially less-restricted models — and defenders, who must now account for threats generated by a wider set of model providers. Security teams should anticipate increased use of these models for offensive tasks such as phishing content generation, vulnerability research automation, and social engineering at scale.</description></item><item><title>LLM Agents Weaponised to Deliver Ransomware via Langflow Platform</title><link>https://gridthegrey.com/posts/llm-agents-weaponised-to-deliver-ransomware-via-langflow-platform/</link><pubDate>Sat, 04 Jul 2026 10:52:14 +0000</pubDate><guid>https://gridthegrey.com/posts/llm-agents-weaponised-to-deliver-ransomware-via-langflow-platform/</guid><category>Threat Level: CRITICAL</category><category>Agentic AI</category><category>LLM Security</category><category>Supply Chain</category><category>First Look</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0040 - ML Model Inference API Access</category><category>AML.T0043 - Craft Adversarial Data</category><category>AML.T0010 - ML Supply Chain Compromise</category><description>A documented ransomware attack leveraged agentic AI infrastructure — specifically the Langflow LLM orchestration platform — to automate multi-stage intrusion chains combining known exploitation techniques with real-time LLM reasoning. This marks a significant escalation in threat actor capability, demonstrating that agentic AI can serve as an autonomous attack coordinator rather than merely an assistant. Security teams running self-hosted AI orchestration platforms now face an expanded attack surface where the AI layer itself can be both the entry point and the execution engine.</description></item><item><title>Poisoned MCP Tool Descriptions Enable Silent Data Exfiltration via AI Agents</title><link>https://gridthegrey.com/posts/poisoned-mcp-tool-descriptions-enable-silent-data-exfiltration-via-ai-agents/</link><pubDate>Sat, 04 Jul 2026 10:50:50 +0000</pubDate><guid>https://gridthegrey.com/posts/poisoned-mcp-tool-descriptions-enable-silent-data-exfiltration-via-ai-agents/</guid><category>Threat Level: HIGH</category><category>Prompt Injection</category><category>Agentic AI</category><category>Supply Chain</category><category>LLM Security</category><category>Research</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0057 - LLM Data Leakage</category><category>AML.T0010 - ML Supply Chain Compromise</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0043 - Craft Adversarial Data</category><description>Microsoft researchers have demonstrated how attackers can embed hidden instructions inside MCP tool descriptions to covertly redirect AI agents into exfiltrating sensitive business data. Because each individual action the agent takes appears legitimate — using approved tools and the user's own permissions — default security controls generate no alerts. The attack exploits a fundamental design tension in MCP: tool descriptions simultaneously carry operational instructions and attacker-controlled data, collapsing a critical trust boundary.</description></item><item><title>Fake Bug Reports Weaponised to Hijack AI Coding Agents at Scale</title><link>https://gridthegrey.com/posts/fake-bug-reports-weaponised-to-hijack-ai-coding-agents-at-scale/</link><pubDate>Sat, 04 Jul 2026 10:50:04 +0000</pubDate><guid>https://gridthegrey.com/posts/fake-bug-reports-weaponised-to-hijack-ai-coding-agents-at-scale/</guid><category>Threat Level: HIGH</category><category>Prompt Injection</category><category>Agentic AI</category><category>LLM Security</category><category>Supply Chain</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0043 - Craft Adversarial Data</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0010 - ML Supply Chain Compromise</category><description>A technique dubbed 'agentjacking' exploits the inability of AI coding agents to distinguish between legitimate content and embedded instructions, allowing attackers to hijack agent behaviour through maliciously crafted bug reports. The attack represents a scalable, low-barrier prompt injection vector targeting developer workflows that rely on autonomous AI agents. As AI coding assistants gain broader adoption and elevated system permissions, this class of attack poses a significant risk to software supply chain integrity.</description></item><item><title>Zero-Click Prompt Injection Flaws in Cursor IDE Enable OS-Level Code Execution</title><link>https://gridthegrey.com/posts/zero-click-prompt-injection-flaws-in-cursor-ide-enable-os-level-code-execution/</link><pubDate>Sat, 04 Jul 2026 10:47:24 +0000</pubDate><guid>https://gridthegrey.com/posts/zero-click-prompt-injection-flaws-in-cursor-ide-enable-os-level-code-execution/</guid><category>Threat Level: CRITICAL</category><category>LLM Security</category><category>Prompt Injection</category><category>Agentic AI</category><category>Supply Chain</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0043 - Craft Adversarial Data</category><category>AML.T0057 - LLM Data Leakage</category><category>AML.T0010 - ML Supply Chain Compromise</category><description>A set of vulnerabilities dubbed 'DuneSlide' in the Cursor AI code editor allow attackers to conduct zero-click prompt injection attacks that escape the application's sandbox and execute arbitrary code at the operating system level. The flaws represent a critical escalation of AI-native attack surface risks, targeting developers who rely on AI-assisted coding environments. Because exploitation requires no user interaction, the attack chain is particularly dangerous in supply chain and watering-hole scenarios.</description></item><item><title>First Look: Current AI Launches Open Source AI Gap Map Indexing 421 Projects</title><link>https://gridthegrey.com/posts/first-look-current-ai-launches-open-source-ai-gap-map-indexing-421-projects/</link><pubDate>Sat, 04 Jul 2026 08:53:39 +0000</pubDate><guid>https://gridthegrey.com/posts/first-look-current-ai-launches-open-source-ai-gap-map-indexing-421-projects/</guid><category>Threat Level: MEDIUM</category><category>First Look</category><category>Supply Chain</category><category>Research</category><category>Industry News</category><category>AML.T0010 - ML Supply Chain Compromise</category><category>AML.T0019 - Publish Poisoned Datasets</category><category>AML.T0020 - Poison Training Data</category><category>AML.T0044 - Full ML Model Access</category><category>AML.T0047 - ML-Enabled Product or Service</category><description>Current AI has published the Open Source AI Gap Map v0.1, a structured, MIT-licensed index of 421 open-source AI products spanning models, datasets, software tools, and hardware, backed by 1,184 YAML files and tracking over 16,000 GitHub repositories. For defenders, this comprehensive public inventory creates a dual-use intelligence resource: while it aids supply chain visibility, it simultaneously provides adversaries with a curated, machine-readable attack surface map of the open-source AI ecosystem. Security teams should treat this dataset as threat-actor recon material and cross-reference their own AI dependencies against it immediately.</description></item><item><title>DeepSeek Turns LLM Hallucination Into Working Browser-Only Ransomware Technique</title><link>https://gridthegrey.com/posts/deepseek-turns-llm-hallucination-into-working-browser-only-ransomware-technique/</link><pubDate>Fri, 03 Jul 2026 09:45:56 +0000</pubDate><guid>https://gridthegrey.com/posts/deepseek-turns-llm-hallucination-into-working-browser-only-ransomware-technique/</guid><category>Threat Level: HIGH</category><category>LLM Security</category><category>Jailbreaks</category><category>Research</category><category>First Look</category><category>AML.T0054 - LLM Jailbreak</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0043 - Craft Adversarial Data</category><description>Check Point Research demonstrates how DeepSeek's lower refusal rates allowed researchers to transform an LLM-hallucinated malware concept into a practical browser-native ransomware technique targeting Android photo directories via the File System Access API. The attack requires no native payload, APK installation, or root access — only social engineering to obtain a legitimate browser permission prompt. This research highlights how frontier AI models with weaker safety controls can independently design novel attack paths not yet seen in real-world campaigns.</description></item><item><title>Prompt Injection Chain Breaks Cursor AI Sandbox, Enables Full RCE</title><link>https://gridthegrey.com/posts/prompt-injection-chain-breaks-cursor-ai-sandbox-enables-full-rce/</link><pubDate>Fri, 03 Jul 2026 09:44:45 +0000</pubDate><guid>https://gridthegrey.com/posts/prompt-injection-chain-breaks-cursor-ai-sandbox-enables-full-rce/</guid><category>Threat Level: CRITICAL</category><category>Prompt Injection</category><category>LLM Security</category><category>Agentic AI</category><category>Research</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0043 - Craft Adversarial Data</category><category>AML.T0057 - LLM Data Leakage</category><description>Two critical vulnerabilities (CVE-2026-50548 and CVE-2026-50549) in the Cursor AI code editor allow prompt injection attacks delivered via MCP services or web search results to escape the editor's terminal sandbox and execute arbitrary commands on a developer's machine without any user interaction. Both flaws abuse the sandbox's write-permission logic — one through a misconfigured working directory parameter, the other through a symlink-resolution fallback — ultimately allowing overwrite of the sandbox helper binary itself. The attack surface is significant given Cursor's reported adoption across more than half of Fortune 500 companies; all versions prior to 3.0 remain vulnerable.</description></item><item><title>First Look: Open-Source Tool Lets Claude and Any LLM Watch Videos Locally</title><link>https://gridthegrey.com/posts/first-look-open-source-tool-lets-claude-and-any-llm-watch-videos-locally/</link><pubDate>Fri, 03 Jul 2026 09:31:07 +0000</pubDate><guid>https://gridthegrey.com/posts/first-look-open-source-tool-lets-claude-and-any-llm-watch-videos-locally/</guid><category>Threat Level: MEDIUM</category><category>First Look</category><category>Prompt Injection</category><category>LLM Security</category><category>Agentic AI</category><category>Supply Chain</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0043 - Craft Adversarial Data</category><category>AML.T0057 - LLM Data Leakage</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0010 - ML Supply Chain Compromise</category><description>claude-real-video is an open-source, MIT-licensed Python library that extracts scene-change frames, deduplicates images, and transcribes audio from any video URL or local file, then packages the result as a folder any LLM can consume — all processed locally without cloud upload. For defenders, this dramatically expands the multimodal prompt injection surface by enabling adversaries to embed malicious instructions inside video content that LLM pipelines will now ingest and act upon. Security teams building or deploying LLM agents with video-processing capabilities must treat video content as an untrusted, potentially adversarial input channel.</description></item><item><title>First Look: Enterprise IGA Platforms Expose Structural Gaps as AI Agents Proliferate</title><link>https://gridthegrey.com/posts/first-look-enterprise-iga-platforms-expose-structural-gaps-as-ai-agents/</link><pubDate>Fri, 03 Jul 2026 09:30:12 +0000</pubDate><guid>https://gridthegrey.com/posts/first-look-enterprise-iga-platforms-expose-structural-gaps-as-ai-agents/</guid><category>Threat Level: HIGH</category><category>First Look</category><category>Agentic AI</category><category>LLM Security</category><category>Regulatory</category><category>Industry News</category><category>AML.T0012 - Valid Accounts</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0010 - ML Supply Chain Compromise</category><category>AML.T0057 - LLM Data Leakage</category><description>A new analysis published via The Hacker News details how traditional Identity Governance and Administration (IGA) frameworks — built around HR-driven, human-centric lifecycle events — are fundamentally unequipped to govern AI agents acting as autonomous principals in enterprise environments. Security teams face a growing blind spot: AI agents acquire, retain, and exercise entitlements without triggering the joiner-mover-leaver workflows, manager attestations, or termination events that IGA tooling depends on. Defenders must now treat AI agent identities as a separate governance tier, requiring purpose-built provisioning, audit, and deprovisioning logic that existing platforms like Workday, SailPoint, and Azure AD connectors were never designed to provide.</description></item><item><title>Claude Opus 4.7 Used to Discover Critical API Flaw in Major Ticketing Platform</title><link>https://gridthegrey.com/posts/claude-opus-4-7-used-to-discover-critical-api-flaw-in-major-ticketing-platform/</link><pubDate>Fri, 03 Jul 2026 09:28:45 +0000</pubDate><guid>https://gridthegrey.com/posts/claude-opus-4-7-used-to-discover-critical-api-flaw-in-major-ticketing-platform/</guid><category>Threat Level: HIGH</category><category>Agentic AI</category><category>LLM Security</category><category>Research</category><category>Industry News</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0040 - ML Model Inference API Access</category><category>AML.T0043 - Craft Adversarial Data</category><description>Security researcher Ian Carroll leveraged Anthropic's Claude Opus 4.7 to identify a critical vulnerability in Front Gate Tickets—a Live Nation subsidiary handling ticketing for major US festivals—that granted super-administrator access and the ability to freely issue tickets of any value. The case demonstrates LLM-assisted autonomous vulnerability discovery at scale, with Carroll noting the AI could likely have completed the full exploit chain without human intervention. Front Gate patched the flaw within 24 hours of disclosure, confirming no evidence of prior exploitation.</description></item><item><title>Anthropic's Mythos AI Vulnerability Discovery Tool Pairs with IBM Project Lightwell</title><link>https://gridthegrey.com/posts/first-look-anthropic-s-mythos-ai-vulnerability-discovery-tool-pairs-with-ibm/</link><pubDate>Fri, 03 Jul 2026 09:27:52 +0000</pubDate><guid>https://gridthegrey.com/posts/first-look-anthropic-s-mythos-ai-vulnerability-discovery-tool-pairs-with-ibm/</guid><category>Threat Level: HIGH</category><category>First Look</category><category>Supply Chain</category><category>Agentic AI</category><category>LLM Security</category><category>Industry News</category><category>AML.T0010 - ML Supply Chain Compromise</category><category>AML.T0019 - Publish Poisoned Datasets</category><category>AML.T0020 - Poison Training Data</category><category>AML.T0031 - Erode ML Model Integrity</category><category>AML.T0051 - LLM Prompt Injection</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0057 - LLM Data Leakage</category><description>Anthropic's Mythos capability, combined with IBM and Red Hat's Project Lightwell service backed by 20,000 engineers and $5B, introduces an AI-driven pipeline for discovering and remediating bugs in open-source software at industrial scale. This creates a dual-edged attack surface: adversaries who can influence Mythos's findings, its training data, or the remediation pipeline gain a privileged position to inject subtle vulnerabilities into widely-deployed open-source components. Defenders must treat the AI vulnerability-finding and patch-generation pipeline itself as a high-value, high-risk supply chain asset requiring rigorous integrity controls.</description></item><item><title>AI Agent Autonomously Executes Full Ransomware Attack Chain via Langflow RCE</title><link>https://gridthegrey.com/posts/ai-agent-autonomously-executes-full-ransomware-attack-chain-via-langflow-rce/</link><pubDate>Fri, 03 Jul 2026 09:25:09 +0000</pubDate><guid>https://gridthegrey.com/posts/ai-agent-autonomously-executes-full-ransomware-attack-chain-via-langflow-rce/</guid><category>Threat Level: CRITICAL</category><category>Agentic AI</category><category>LLM Security</category><category>Industry News</category><category>First Look</category><category>AML.T0047 - ML-Enabled Product or Service</category><category>AML.T0012 - Valid Accounts</category><category>AML.T0040 - ML Model Inference API Access</category><category>AML.T0057 - LLM Data Leakage</category><description>Sysdig has documented what it claims is the first end-to-end ransomware attack orchestrated autonomously by an AI agent, attributed to a threat actor tracked as JADEPUFFER. The agent exploited a known remote code execution flaw in Langflow (CVE-2025-3248) to gain initial access, harvest credentials, pivot laterally, and ultimately encrypt and destroy a production database — all without human intervention at the keyboard. The incident demonstrates that AI agents can now lower the skill floor for complex, multi-stage attacks to near zero, representing a qualitative shift in the ransomware threat landscape.</description></item></channel></rss>