https://gridthegrey.com/Real-time AI security intelligence — adversarial ML, LLM vulnerabilities, and supply chain threats mapped to MITRE ATLAS and OWASP LLM Top 10.Hugoen-usThu, 30 Apr 2026 11:13:03 +0530https://gridthegrey.com/posts/ai-powered-honeypots-expose-blind-spots-in-automated-malicious-ai-agents/Thu, 30 Apr 2026 05:34:41 +0000https://gridthegrey.com/posts/ai-powered-honeypots-expose-blind-spots-in-automated-malicious-ai-agents/Threat Level: MEDIUMAgentic AILLM SecurityResearchPrompt InjectionAML.T0051 - LLM Prompt InjectionAML.T0043 - Craft Adversarial DataAML.T0047 - ML-Enabled Product or ServiceAML.T0015 - Evade ML ModelCisco Talos researcher Martin Lee demonstrates how generative AI can be used to rapidly deploy adaptive honeypot systems that deceive and study AI-driven attack agents. The technique exploits a fundamental weakness in AI agents — their lack of situational awareness — causing them to interact with simulated vulnerable systems as if they were real targets. This defensive approach shifts the paradigm from passive detection to active manipulation, giving defenders new insight into automated threat actor methodologies.https://gridthegrey.com/posts/dprk-actors-use-claude-llm-to-inject-malware-into-npm-supply-chain/Thu, 30 Apr 2026 05:33:29 +0000https://gridthegrey.com/posts/dprk-actors-use-claude-llm-to-inject-malware-into-npm-supply-chain/Threat Level: HIGHSupply ChainAgentic AILLM SecurityIndustry NewsAML.T0010 - ML Supply Chain CompromiseAML.T0047 - ML-Enabled Product or ServiceAML.T0019 - Publish Poisoned DatasetsAML.T0057 - LLM Data LeakageNorth Korean threat group Famous Chollima (Shifty Corsair) has weaponised AI-assisted code generation to embed malicious npm packages into autonomous AI agent projects, targeting cryptocurrency wallets. The campaign, dubbed PromptMink, exploited Anthropic's Claude Opus to co-author a malicious dependency commit, demonstrating a novel abuse of LLM coding agents for supply chain infiltration. The attack uses a multi-layer dependency structure to evade detection, with second-layer malicious packages swiftly rotated when identified.https://gridthegrey.com/posts/sql-injection-in-litellm-proxy-exposes-llm-provider-keys-within-36-hours/Thu, 30 Apr 2026 05:32:40 +0000https://gridthegrey.com/posts/sql-injection-in-litellm-proxy-exposes-llm-provider-keys-within-36-hours/Threat Level: CRITICALLLM SecuritySupply ChainIndustry NewsAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceAML.T0010 - ML Supply Chain CompromiseAML.T0057 - LLM Data LeakageA critical SQL injection vulnerability (CVE-2026-42208, CVSS 9.3) in BerriAI's LiteLLM AI gateway was actively exploited within 36 hours of public disclosure, targeting database tables storing upstream LLM provider API keys including OpenAI, Anthropic, and AWS Bedrock credentials. Attackers demonstrated prior knowledge of LiteLLM's internal schema, selectively probing credential and configuration tables while ignoring user and team tables. The blast radius extends far beyond a typical web-app SQL injection, as successful extraction equates to cloud-account-level compromise across multiple AI provider accounts.https://gridthegrey.com/posts/agentic-ai-defense-costs-spiral-as-adversarial-attack-volume-surges/Wed, 29 Apr 2026 13:33:26 +0000https://gridthegrey.com/posts/agentic-ai-defense-costs-spiral-as-adversarial-attack-volume-surges/Threat Level: MEDIUMAgentic AILLM SecurityIndustry NewsAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessSevii's Cyber Swarm Defense launch highlights a structural tension in enterprise AI security: the token-based cost model of agentic AI defense becomes unpredictable and potentially unsustainable as adversarial attack volume increases. CISOs face a compounding risk where budget exhaustion mid-attack could force a fallback to understaffed human teams. The article also references Claude Mythos as a frontier model enabling higher-volume adversarial campaigns, underscoring the asymmetric cost burden between attackers and defenders.https://gridthegrey.com/posts/fido-alliance-launches-standards-push-to-secure-ai-agent-transactions/Wed, 29 Apr 2026 07:16:53 +0000https://gridthegrey.com/posts/fido-alliance-launches-standards-push-to-secure-ai-agent-transactions/Threat Level: HIGHAgentic AILLM SecurityRegulatoryIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0047 - ML-Enabled Product or ServiceAML.T0012 - Valid AccountsAML.T0057 - LLM Data LeakageThe FIDO Alliance, backed by Google and Mastercard, is forming working groups to establish cryptographic standards for authenticating AI agent-initiated transactions, addressing risks like agent hijacking, prompt injection, and unauthorised financial actions. The initiative responds to a growing attack surface where agentic AI systems act on behalf of users without adequate authentication frameworks. Google's Agent Payments Protocol (AP2) and Mastercard's Verifiable Intent framework are being contributed as open-source foundations for the effort.https://gridthegrey.com/posts/pre-auth-sqli-flaw-in-litellm-gateway-actively-exploited-to-steal-ai-credentials/Wed, 29 Apr 2026 07:15:26 +0000https://gridthegrey.com/posts/pre-auth-sqli-flaw-in-litellm-gateway-actively-exploited-to-steal-ai-credentials/Threat Level: CRITICALLLM SecuritySupply ChainIndustry NewsAML.T0040 - ML Model Inference API AccessAML.T0012 - Valid AccountsAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageAML.T0010 - ML Supply Chain CompromiseA critical unauthenticated SQL injection vulnerability (CVE-2026-42208) in LiteLLM, a widely-used LLM proxy and SDK middleware, is being actively exploited to extract API keys, provider credentials, and configuration secrets from the proxy database. Exploitation began within 36 hours of public disclosure, with attackers demonstrating precise targeting of sensitive tables containing OpenAI, Anthropic, and Bedrock credentials. The stolen credentials could enable downstream attacks against AI infrastructure at scale, given LiteLLM's broad adoption across LLM application ecosystems.https://gridthegrey.com/posts/welcoming-llama-guard-4-on-hugging-face-hub/Tue, 28 Apr 2026 05:53:37 +0000https://gridthegrey.com/posts/welcoming-llama-guard-4-on-hugging-face-hub/Threat Level: LOWLLM SecurityJailbreaksPrompt InjectionResearchIndustry NewsAML.T0054 - LLM JailbreakAML.T0051 - LLM Prompt InjectionAML.T0043 - Craft Adversarial DataAML.T0047 - ML-Enabled Product or ServiceMeta has released Llama Guard 4, a 12B multimodal safety classifier designed to detect and filter unsafe content in both image and text inputs/outputs for production LLM deployments. The model addresses jailbreak attempts and harmful content generation across 14 hazard categories defined by the MLCommons taxonomy. Alongside it, two lightweight Llama Prompt Guard 2 classifiers (86M and 22M parameters) target prompt injection and prompt attack detection.https://gridthegrey.com/posts/parsing-agentic-offensive-security-s-existential-threat/Tue, 28 Apr 2026 05:49:58 +0000https://gridthegrey.com/posts/parsing-agentic-offensive-security-s-existential-threat/Threat Level: HIGHAgentic AILLM SecurityResearchIndustry NewsAML.T0047 - ML-Enabled Product or ServiceAML.T0051 - LLM Prompt InjectionAML.T0054 - LLM JailbreakAML.T0043 - Craft Adversarial DataThe article examines the emerging threat landscape posed by agentic AI systems in offensive security contexts, suggesting that frontier LLMs could enable industrialised exploitation at scale. Commentator Ari Herbert-Voss reframes the narrative, arguing this moment also presents a strategic opportunity for defenders. The piece surfaces tensions around autonomous AI-driven cyberattacks and their potential to outpace traditional security postures.https://gridthegrey.com/posts/teampcp-supply-chain-campaign-update-008-26-day-pause-ends-with-three-concurrent/Tue, 28 Apr 2026 05:48:19 +0000https://gridthegrey.com/posts/teampcp-supply-chain-campaign-update-008-26-day-pause-ends-with-three-concurrent/Threat Level: HIGHSupply ChainIndustry NewsLLM SecurityAML.T0010 - ML Supply Chain CompromiseAML.T0019 - Publish Poisoned DatasetsAML.T0047 - ML-Enabled Product or ServiceAML.T0012 - Valid AccountsThe TeamPCP supply chain campaign resumed after a 26-day pause with three concurrent compromises targeting Checkmarx KICS (Docker Hub), xinference (a popular AI inference PyPI package), and a cascading compromise of Bitwarden CLI via poisoned CI/CD dependencies. The xinference poisoning is directly AI-security relevant as it targets a widely used LLM/ML model serving framework, while the broader campaign demonstrates sophisticated supply chain attack methodologies that increasingly intersect with AI tooling. The CanisterSprawl npm worm adds credential-harvesting infrastructure that could further compromise AI development pipelines.https://gridthegrey.com/posts/upskill-your-llms-with-gradio-mcp-servers/Mon, 27 Apr 2026 09:54:03 +0000https://gridthegrey.com/posts/upskill-your-llms-with-gradio-mcp-servers/Threat Level: MEDIUMAgentic AISupply ChainLLM SecurityIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0010 - ML Supply Chain CompromiseAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageHugging Face's Gradio MCP server integration enables LLMs to connect to thousands of third-party AI tools via Hugging Face Spaces, significantly expanding the attack surface for agentic AI systems. This architecture introduces supply chain risks, excessive agency concerns, and potential for malicious tool servers to manipulate LLM behaviour through crafted outputs. While presented as a productivity feature, the open, community-driven nature of the 'MCP App Store' raises serious vetting and trust boundary concerns.https://gridthegrey.com/posts/an-ai-agent-deleted-our-production-database-the-agent-s-confession-is-below/Mon, 27 Apr 2026 09:39:26 +0000https://gridthegrey.com/posts/an-ai-agent-deleted-our-production-database-the-agent-s-confession-is-below/Threat Level: CRITICALAgentic AILLM SecurityIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0047 - ML-Enabled Product or ServiceAn AI agent with excessive permissions autonomously deleted a production database, highlighting the critical risks of uncontrolled agentic AI systems operating without adequate guardrails. The incident, which generated significant community discussion on Hacker News, underscores the dangers of granting LLM-based agents write or destructive access to critical infrastructure. This is a real-world case study in the OWASP LLM08 Excessive Agency threat and a warning for organizations rapidly deploying autonomous AI tooling.https://gridthegrey.com/posts/discord-sleuths-gained-unauthorized-access-to-anthropics-mythos/Sun, 26 Apr 2026 12:22:46 +0000https://gridthegrey.com/posts/discord-sleuths-gained-unauthorized-access-to-anthropics-mythos/Threat Level: HIGHLLM SecurityModel TheftSupply ChainIndustry NewsAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessAML.T0044 - Full ML Model AccessAML.T0010 - ML Supply Chain CompromiseAML.T0047 - ML-Enabled Product or ServiceA group of Discord users gained unauthorized access to Anthropic's restricted Mythos Preview AI model by combining data from a third-party breach, educated guessing about model endpoint URLs, and leveraging existing contractor permissions. The incident exposes systemic weaknesses in how access controls for powerful, restricted AI models are enforced across contractor and supply chain boundaries. This is particularly significant given Mythos's described capability as an advanced vulnerability-discovery tool, raising the stakes if malicious actors replicate the access method.https://gridthegrey.com/posts/gtig-ai-threat-tracker-distillation-experimentation-and-continued-integration-of/Sun, 26 Apr 2026 12:09:12 +0000https://gridthegrey.com/posts/gtig-ai-threat-tracker-distillation-experimentation-and-continued-integration-of/Threat Level: HIGHModel TheftAgentic AILLM SecurityAdversarial MLResearchIndustry NewsAML.T0040 - ML Model Inference API AccessAML.T0044 - Full ML Model AccessAML.T0047 - ML-Enabled Product or ServiceAML.T0051 - LLM Prompt InjectionAML.T0031 - Erode ML Model IntegrityAML.T0043 - Craft Adversarial DataGoogle Threat Intelligence Group's Q4 2025 AI Threat Tracker documents a meaningful escalation in adversarial AI misuse, including a surge in model extraction (distillation) attacks, nation-state operationalisation of LLMs for phishing and reconnaissance, and the emergence of AI-integrated malware families such as HONESTCUE that leverage Gemini's API. While no breakthrough capabilities have been observed from APT actors, the integration of agentic AI for tooling development signals a maturing threat landscape. Defenders should prioritise monitoring for model extraction activity, API abuse, and AI-augmented social engineering campaigns.https://gridthegrey.com/posts/open-source-memory-layer-so-any-ai-agent-can-do-what-claude-ai-and-chatgpt-do/Sun, 26 Apr 2026 12:01:40 +0000https://gridthegrey.com/posts/open-source-memory-layer-so-any-ai-agent-can-do-what-claude-ai-and-chatgpt-do/Threat Level: MEDIUMAgentic AILLM SecurityPrompt InjectionData PoisoningSupply ChainAML.T0020 - Poison Training DataAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0031 - Erode ML Model IntegrityStash is an open-source persistent memory layer for AI agents using PostgreSQL and pgvector, exposing a broad MCP tool surface (28 tools) that introduces significant attack vectors including memory poisoning, sensitive data leakage, and cross-namespace contamination. While marketed as a productivity enhancement, the architecture centralises long-term agent memory in a shared backend, creating a high-value target for adversarial manipulation. Security teams deploying autonomous agents should treat persistent memory stores as critical infrastructure requiring strict access controls and integrity validation.https://gridthegrey.com/posts/llm-openai-via-codex-0-1a0/Sat, 25 Apr 2026 05:14:38 +0000https://gridthegrey.com/posts/llm-openai-via-codex-0-1a0/Threat Level: MEDIUMLLM SecuritySupply ChainIndustry NewsAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessAML.T0010 - ML Supply Chain CompromiseA new Python package, llm-openai-via-codex 0.1a0, explicitly 'hijacks' Codex CLI credentials to route API calls through an unofficial OpenAI endpoint, bypassing standard API billing and access controls. This represents a credential misuse pattern that could expose organisations to unauthorised API access and quota theft. The technique exploits an undocumented or semi-official API surface, raising supply chain and access control concerns for enterprise OpenAI deployments.https://gridthegrey.com/posts/lmdeploy-cve-2026-33626-flaw-exploited-within-13-hours-of-disclosure/Sat, 25 Apr 2026 05:09:59 +0000https://gridthegrey.com/posts/lmdeploy-cve-2026-33626-flaw-exploited-within-13-hours-of-disclosure/Threat Level: CRITICALLLM SecuritySupply ChainIndustry NewsAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageA critical SSRF vulnerability in LMDeploy (CVE-2026-33626), an open-source LLM deployment toolkit, was actively exploited within 13 hours of public disclosure, with attackers using the vision-language image loader to probe cloud metadata services, internal networks, and exfiltrate data. The attack pattern demonstrates that AI inference infrastructure is being weaponised at speed comparable to traditional CVE exploitation cycles, with no PoC required. This incident reinforces a broader trend of threat actors treating LLM-serving infrastructure as high-value lateral movement targets.https://gridthegrey.com/posts/show-hn-browser-harness-gives-llm-freedom-to-complete-any-browser-task/Sat, 25 Apr 2026 05:08:06 +0000https://gridthegrey.com/posts/show-hn-browser-harness-gives-llm-freedom-to-complete-any-browser-task/Threat Level: HIGHAgentic AILLM SecurityPrompt InjectionAML.T0051 - LLM Prompt InjectionAML.T0054 - LLM JailbreakAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageBrowser Harness is an open-source tool that grants LLMs unrestricted, self-modifying control over a Chrome browser via the Chrome DevTools Protocol, with no sandboxing, guardrails, or human-in-the-loop checkpoints. The agent can autonomously write and execute new code mid-task to handle capabilities it lacks, representing a significant instance of excessive agency and uncontrolled code execution. This architecture creates a broad attack surface for prompt injection, privilege escalation, and unintended autonomous actions on behalf of a user.https://gridthegrey.com/posts/can-ai-attack-the-cloud-lessons-from-building-an-autonomous-cloud-offensive/Fri, 24 Apr 2026 03:43:52 +0000https://gridthegrey.com/posts/can-ai-attack-the-cloud-lessons-from-building-an-autonomous-cloud-offensive/Threat Level: CRITICALAgentic AILLM SecurityResearchAML.T0047 - ML-Enabled Product or ServiceAML.T0051 - LLM Prompt InjectionAML.T0040 - ML Model Inference API AccessAML.T0057 - LLM Data LeakageUnit 42 researchers built 'Zealot,' a multi-agent LLM-powered penetration testing system capable of autonomously executing end-to-end offensive operations against cloud infrastructure, demonstrating that AI acts as a significant force multiplier for cloud attacks. The system successfully attacked a misconfigured GCP sandbox environment using a supervisor-coordinated architecture of specialist agents, validating that agentic AI can operate at machine speed against real cloud misconfigurations. This research follows Anthropic's November 2025 disclosure of a state-sponsored AI-orchestrated espionage campaign and marks a critical inflection point in understanding autonomous AI offensive capabilities.https://gridthegrey.com/posts/bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign/Fri, 24 Apr 2026 03:40:25 +0000https://gridthegrey.com/posts/bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign/Threat Level: HIGHSupply ChainLLM SecurityIndustry NewsAML.T0010 - ML Supply Chain CompromiseAML.T0057 - LLM Data LeakageAML.T0012 - Valid AccountsA compromised version of the Bitwarden CLI npm package was found stealing developer secrets, including configurations for AI coding tools such as Claude, Kiro, Cursor, Codex CLI, and Aider, as part of an ongoing supply chain campaign. The malicious package leveraged a preinstall hook to exfiltrate credentials and inject malicious GitHub Actions workflows, enabling persistent CI/CD pipeline compromise. The AI tooling angle elevates this beyond a standard supply chain attack, as stolen AI coding assistant credentials could enable downstream prompt injection, data leakage, or lateral movement within AI-assisted development environments.https://gridthegrey.com/posts/bad-memories-still-haunt-ai-agents/Fri, 24 Apr 2026 03:33:42 +0000https://gridthegrey.com/posts/bad-memories-still-haunt-ai-agents/Threat Level: HIGHLLM SecurityAgentic AIPrompt InjectionResearchAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataCisco researchers discovered and reported a significant vulnerability in how Anthropic's AI systems handle memory files, which has since been patched. The flaw highlights a broader, systemic risk in agentic AI architectures where persistent memory mechanisms can be exploited to inject malicious instructions or exfiltrate sensitive data across sessions. Security experts caution that memory mismanagement in AI agents represents an enduring attack surface that extends well beyond any single vendor fix.