https://gridthegrey.com/Real-time AI security intelligence — adversarial ML, LLM vulnerabilities, and supply chain threats mapped to MITRE ATLAS and OWASP LLM Top 10.Hugoen-usThu, 04 Jun 2026 11:11:56 +0530https://gridthegrey.com/posts/microsoft-scout-autonomous-agent-expands-attack-surface-across-microsoft-365/Thu, 04 Jun 2026 05:41:41 +0000https://gridthegrey.com/posts/microsoft-scout-autonomous-agent-expands-attack-surface-across-microsoft-365/Threat Level: MEDIUMAgentic AILLM SecurityIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessMicrosoft has launched Scout, an always-on autonomous AI agent built on the OpenClaw framework that operates across Microsoft 365 apps including Teams, Outlook, OneDrive, and SharePoint with its own Entra identity. The agent's persistent, unsupervised access to email, calendar, chat, and external systems via MCP creates a broad new attack surface for prompt injection, privilege abuse, and data exfiltration. As an experimental release with limited deployment controls, security teams should treat Scout as a high-risk agentic surface requiring careful governance before broad adoption.https://gridthegrey.com/posts/high-autonomy-ai-agents-with-broad-permissions-pose-enterprise-security-crisis/Thu, 04 Jun 2026 05:40:36 +0000https://gridthegrey.com/posts/high-autonomy-ai-agents-with-broad-permissions-pose-enterprise-security-crisis/Threat Level: HIGHAgentic AILLM SecurityIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0047 - ML-Enabled Product or ServiceAML.T0012 - Valid AccountsAML.T0057 - LLM Data LeakageEnterprises deploying AI agents with elevated permissions and minimal oversight face compounding security risks as agentic systems gain the ability to take real-world actions with limited human intervention. The attack surface expands dramatically when agents can access APIs, execute code, and chain decisions autonomously, making containment of a compromise significantly harder. Security teams must implement least-privilege principles and robust monitoring before agentic deployments scale beyond their ability to govern.https://gridthegrey.com/posts/indirect-prompt-injection-via-notifications-hijacks-google-gemini-on-android/Thu, 04 Jun 2026 05:39:55 +0000https://gridthegrey.com/posts/indirect-prompt-injection-via-notifications-hijacks-google-gemini-on-android/Threat Level: HIGHLLM SecurityPrompt InjectionAgentic AIResearchAML.T0051 - LLM Prompt InjectionAML.T0043 - Craft Adversarial DataAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageSafeBreach researcher Or Yair demonstrated that malicious text embedded in WhatsApp, Slack, SMS, or Signal notifications could trigger indirect prompt injection against Google Gemini's Android Utilities feature, causing the assistant to execute real device actions without user awareness. A novel bypass technique called 'Fake Context Alignment' defeated Google's post-patch authorization checks by exploiting multilingual obfuscation and muted hyperlinks to trick victims into authorising sensitive actions. Google has patched the issue, but the research exposes a fundamentally large attack surface where any app capable of pushing a notification becomes a potential injection vector.https://gridthegrey.com/posts/only-11-of-100-ai-agents-pass-security-and-capability-benchmarks/Thu, 04 Jun 2026 05:38:21 +0000https://gridthegrey.com/posts/only-11-of-100-ai-agents-pass-security-and-capability-benchmarks/Threat Level: HIGHAgentic AILLM SecurityPrompt InjectionResearchIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0054 - LLM JailbreakAdversa AI's AI Risk Quadrant report evaluated 100 AI agents across ten categories, finding that only 11 qualify as both capable and well-defended. The research identifies a structural 'power-protection inversion' where the most capable agents also present the widest attack surface, driven by a 'lethal trifecta' of private data access, exposure to untrusted content, and outbound action capability. Computer and coding agents showed the most severe exposure, raising urgent concerns about autonomous agent deployment in enterprise environments.https://gridthegrey.com/posts/prompt-injection-flaw-in-gemini-voice-assistant-enables-notification-based/Thu, 04 Jun 2026 05:37:37 +0000https://gridthegrey.com/posts/prompt-injection-flaw-in-gemini-voice-assistant-enables-notification-based/Threat Level: HIGHLLM SecurityPrompt InjectionAgentic AIAML.T0051 - LLM Prompt InjectionAML.T0043 - Craft Adversarial DataAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceA prompt injection vulnerability in Google Gemini's voice assistant allows attackers to embed malicious instructions within device notifications, which the assistant then processes as legitimate commands. This attack vector enables social engineering, unauthorized actions, and potential data exfiltration without direct user interaction with the malicious payload. The flaw highlights the growing risk of indirect prompt injection in ambient AI assistants that consume untrusted content from the surrounding environment.https://gridthegrey.com/posts/2000-ai-built-apps-expose-corporate-data-via-misconfigured-vibe-coding-platforms/Sun, 31 May 2026 01:44:50 +0000https://gridthegrey.com/posts/2000-ai-built-apps-expose-corporate-data-via-misconfigured-vibe-coding-platforms/Threat Level: HIGHAgentic AILLM SecuritySupply ChainIndustry NewsAML.T0047 - ML-Enabled Product or ServiceAML.T0057 - LLM Data LeakageAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessA Red Access investigation found over 2,000 corporate applications built on AI-assisted 'vibe-coding' platforms publicly accessible on the open internet, many containing sensitive business data with no access controls. These shadow-built apps connect directly to production systems — CRMs, ERPs, BI tools — creating a new class of unaudited attack surface invisible to conventional security stacks. Traditional controls such as CASB, DLP, and EDR are structurally blind to this threat because the risk originates at the application layer, not the identity or network layer.https://gridthegrey.com/posts/anthropic-documents-sandbox-escape-risks-and-credential-exfiltration-vectors-in/Sun, 31 May 2026 01:34:23 +0000https://gridthegrey.com/posts/anthropic-documents-sandbox-escape-risks-and-credential-exfiltration-vectors-in/Threat Level: MEDIUMLLM SecurityAgentic AIResearchIndustry NewsAML.T0057 - LLM Data LeakageAML.T0051 - LLM Prompt InjectionAML.T0047 - ML-Enabled Product or ServiceAML.T0012 - Valid AccountsAnthropic has published detailed documentation of its sandboxing architecture across Claude.ai, Claude Code, and Claude Cowork, including disclosure of a previously identified credential exfiltration vector via the api.anthropic.com/v1/files endpoint. The writeup covers process-level isolation technologies including gVisor, Seatbelt, Bubblewrap, and full VM approaches, and candidly acknowledges security gaps that were missed. This transparency is notable for the agentic AI space, where sandbox documentation is typically sparse and trust is difficult to calibrate.https://gridthegrey.com/posts/chatgphish-exploit-turns-chatgpt-summarisation-into-a-live-phishing-surface/Sun, 31 May 2026 01:33:33 +0000https://gridthegrey.com/posts/chatgphish-exploit-turns-chatgpt-summarisation-into-a-live-phishing-surface/Threat Level: HIGHLLM SecurityPrompt InjectionAgentic AIResearchAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0043 - Craft Adversarial DataAML.T0047 - ML-Enabled Product or ServicePermiso Security has disclosed ChatGPhish, a vulnerability in ChatGPT's web summarisation feature that allows attacker-controlled Markdown payloads embedded in third-party pages to render phishing links, spoofed alerts, and QR codes directly within ChatGPT's trusted UI. The attack requires no user interaction beyond asking ChatGPT to summarise a malicious page, and can exfiltrate IP addresses, User-Agent strings, and Referer headers via auto-fetched remote images. The technique significantly expands the phishing attack surface beyond email into everyday AI-assisted browsing workflows, posing a particular risk in enterprise environments.https://gridthegrey.com/posts/llmshare-campaign-weaponises-chatgpt-sharing-feature-to-distribute-malware/Sun, 31 May 2026 01:32:53 +0000https://gridthegrey.com/posts/llmshare-campaign-weaponises-chatgpt-sharing-feature-to-distribute-malware/Threat Level: HIGHLLM SecuritySupply ChainIndustry NewsAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataAML.T0015 - Evade ML ModelThreat actors are exploiting ChatGPT's legitimate content-sharing infrastructure to host convincing fake outage pages that trick users into downloading malware disguised as a ChatGPT desktop application. The 'LLMShare' campaign abuses chatgpt.com/s/ shared links to render attacker-crafted HTML within a trusted OpenAI domain, bypassing traditional phishing detection that relies on suspicious URL analysis. The attack chain combines Google ad abuse, domain cloaking, and AI platform misuse to deliver what are likely infostealer payloads.https://gridthegrey.com/posts/process-level-captcha-analysis-exposes-behavioural-fingerprints-of-ai-agents/Sun, 31 May 2026 01:32:12 +0000https://gridthegrey.com/posts/process-level-captcha-analysis-exposes-behavioural-fingerprints-of-ai-agents/Threat Level: MEDIUMAdversarial MLAgentic AIResearchAML.T0015 - Evade ML ModelAML.T0043 - Craft Adversarial DataAML.T0047 - ML-Enabled Product or ServiceResearchers have developed CogCAPTCHA30, a 30-task cognitive battery demonstrating that AI agents (GPT, Claude, Gemini) solve CAPTCHAs with statistically distinguishable behavioural patterns despite matching human accuracy. The study introduces a 'Process Turing Test' concept, showing output equivalence and process equivalence are uncorrelated — meaning AI agents can be detected not by what they answer, but by how they answer. This has direct implications for bot detection, anti-automation defences, and the arms race between AI-driven agents and human-verification systems.https://gridthegrey.com/posts/robinhood-mcp-integration-grants-ai-agents-autonomous-financial-trading-powers/Sun, 31 May 2026 01:31:37 +0000https://gridthegrey.com/posts/robinhood-mcp-integration-grants-ai-agents-autonomous-financial-trading-powers/Threat Level: HIGHAgentic AILLM SecurityPrompt InjectionIndustry NewsRegulatoryAML.T0051 - LLM Prompt InjectionAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0057 - LLM Data LeakageAML.T0012 - Valid AccountsRobinhood has launched agentic trading and a virtual credit card that allow third-party AI agents to autonomously execute stock trades and payments on behalf of users via a Model Context Protocol (MCP) integration. This architecture introduces significant attack surface through prompt injection, excessive agency, and insecure plugin design risks inherent to LLM-driven autonomous financial action. The delegation of real financial authority to AI agents with limited human-in-the-loop controls represents a systemic risk to retail investors if agent pipelines are compromised or manipulated.https://gridthegrey.com/posts/malicious-npm-package-targets-claude-ai-users-via-supply-chain-attack/Fri, 29 May 2026 10:10:53 +0000https://gridthegrey.com/posts/malicious-npm-package-targets-claude-ai-users-via-supply-chain-attack/Threat Level: HIGHSupply ChainLLM SecurityIndustry NewsAML.T0010 - ML Supply Chain CompromiseAML.T0057 - LLM Data LeakageAML.T0012 - Valid AccountsAML.T0047 - ML-Enabled Product or ServiceA malicious npm package named 'mouse5212-super-formatter' was discovered exfiltrating files from Anthropic's Claude AI user directory by authenticating to a threat actor-controlled GitHub repository. The package disguised itself as a legitimate archive utility while silently uploading all local workspace files during the postinstall phase. Notably, the attacker's poor operational security — including a leaked GitHub token — suggests AI-generated malware with minimal human oversight, pointing to a growing trend of low-skill threat actors leveraging AI to produce supply chain malware.https://gridthegrey.com/posts/multi-agent-llm-system-discovers-29-zero-day-vulnerabilities-in-open-source/Fri, 29 May 2026 10:10:04 +0000https://gridthegrey.com/posts/multi-agent-llm-system-discovers-29-zero-day-vulnerabilities-in-open-source/Threat Level: HIGHAgentic AIResearchLLM SecurityAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataResearchers have developed FuzzingBrain V2, a multi-agent LLM system capable of autonomously discovering and reproducing software vulnerabilities with a 90% detection rate on a competitive benchmark dataset. The system discovered 29 zero-day vulnerabilities across 12 open-source projects, all confirmed by maintainers, raising both defensive and dual-use concerns for the security community. While positioned as a defensive research tool, the automation of end-to-end vulnerability discovery at this scale represents a meaningful shift in the offensive capability landscape.https://gridthegrey.com/posts/russia-linked-greyvibe-weaponises-chatgpt-and-gemini-across-full-attack/Fri, 29 May 2026 10:09:20 +0000https://gridthegrey.com/posts/russia-linked-greyvibe-weaponises-chatgpt-and-gemini-across-full-attack/Threat Level: HIGHLLM SecurityAdversarial MLIndustry NewsResearchAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataAML.T0051 - LLM Prompt InjectionAML.T0015 - Evade ML ModelWithSecure has documented GreyVibe, a Russia-nexus threat actor systematically deploying ChatGPT, Google Gemini, and Ideogram AI across every phase of its attack chain — from phishing lure creation to custom malware development — against Ukrainian targets since August 2025. The group's LLM-assisted malware, LegionRelay, contained design flaws introduced during AI-generated development, which paradoxically allowed researchers to track the group over an extended period. The case illustrates both the operational leverage AI provides to moderately skilled threat actors and the novel forensic signatures that AI-assisted development can inadvertently introduce.https://gridthegrey.com/posts/russian-greyvibe-group-weaponises-chatgpt-and-gemini-for-cyberespionage/Fri, 29 May 2026 00:21:08 +0000https://gridthegrey.com/posts/russian-greyvibe-group-weaponises-chatgpt-and-gemini-for-cyberespionage/Threat Level: HIGHLLM SecurityIndustry NewsResearchAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataAML.T0051 - LLM Prompt InjectionA likely Russian threat group dubbed GreyVibe has been actively using commercial LLMs — including ChatGPT and Google Gemini — to generate high-quality phishing lures, malware tooling, and social-engineering content targeting Ukrainian military, government, and civilian organisations. WithSecure researchers identified LLM artefact markers embedded in campaign imagery, confirming AI-assisted content generation at scale. The case represents a concrete, documented example of adversarial LLM weaponisation in an active nation-state-adjacent cyberespionage campaign.https://gridthegrey.com/posts/sqlite-bans-agentic-code-submissions-as-ai-bug-report-floods-begin/Fri, 29 May 2026 00:17:23 +0000https://gridthegrey.com/posts/sqlite-bans-agentic-code-submissions-as-ai-bug-report-floods-begin/Threat Level: MEDIUMAgentic AIIndustry NewsResearchAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataSQLite has formally prohibited agentic code contributions and strengthened its policy language, reflecting growing concern over AI-generated submissions overwhelming open source maintainers. The project was forced to create a separate bug forum after being flooded with AI-generated reports of inconsistent quality. This represents an emerging operational security challenge for critical infrastructure software projects targeted by autonomous AI coding agents.https://gridthegrey.com/posts/ai-bills-of-materials-emerge-as-critical-tool-for-ml-supply-chain-risk/Mon, 25 May 2026 15:44:14 +0000https://gridthegrey.com/posts/ai-bills-of-materials-emerge-as-critical-tool-for-ml-supply-chain-risk/Threat Level: MEDIUMSupply ChainRegulatoryIndustry NewsResearchAML.T0010 - ML Supply Chain CompromiseAML.T0020 - Poison Training DataAML.T0031 - Erode ML Model IntegrityAML.T0047 - ML-Enabled Product or ServiceAs AI systems proliferate across enterprise environments, the lack of standardised AI Bills of Materials (AI BOMs) leaves organisations blind to the components, training data, and dependencies embedded in deployed models. The article examines whether 2026 marks a turning point for AI BOM adoption as a risk management practice. Without visibility into AI supply chains, organisations remain exposed to hidden vulnerabilities including poisoned models, compromised dependencies, and undisclosed third-party components.https://gridthegrey.com/posts/anthropic-s-claude-mythos-autonomously-uncovers-10000-critical-software-flaws/Mon, 25 May 2026 15:43:34 +0000https://gridthegrey.com/posts/anthropic-s-claude-mythos-autonomously-uncovers-10000-critical-software-flaws/Threat Level: HIGHAgentic AIResearchIndustry NewsLLM SecurityAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataAnthropic's Project Glasswing has deployed Claude Mythos Preview — a frontier AI model — to autonomously discover over 10,000 high- and critical-severity vulnerabilities across widely used open-source software, with 1,094 confirmed as valid high/critical flaws. The initiative highlights a growing asymmetry: AI is accelerating vulnerability discovery far faster than the security community can remediate, compressing patch windows and raising the stakes for defenders. Anthropic is now urging shorter patch cycles and hardened defaults, warning that comparable offensive capabilities could soon be broadly accessible to threat actors.https://gridthegrey.com/posts/llm-coding-agents-collapse-under-structural-constraints-study-finds/Mon, 25 May 2026 15:42:13 +0000https://gridthegrey.com/posts/llm-coding-agents-collapse-under-structural-constraints-study-finds/Threat Level: HIGHLLM SecurityAgentic AIResearchAML.T0047 - ML-Enabled Product or ServiceAML.T0031 - Erode ML Model IntegrityAML.T0051 - LLM Prompt InjectionA systematic study of LLM agents performing backend code generation reveals a 'constraint decay' phenomenon where agents lose up to 30 assertion pass-rate points as structural requirements accumulate, approaching complete failure in some configurations. This fragility has direct security implications: production deployments relying on LLM-generated code may silently violate architectural constraints such as ORM patterns, database access controls, and API contracts. The findings expose a critical gap between functional correctness and structural safety in agentic coding systems.https://gridthegrey.com/posts/sentinelone-prompt-security-targets-agentic-ai-trust-verification-gap/Mon, 25 May 2026 15:42:13 +0000https://gridthegrey.com/posts/sentinelone-prompt-security-targets-agentic-ai-trust-verification-gap/Threat Level: MEDIUMAgentic AILLM SecurityPrompt InjectionIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0056 - LLM Meta Prompt ExtractionSentinelOne has published guidance on securing agentic AI systems, framing unverified trust in AI agents as a core enterprise risk. The piece promotes their Prompt Security product as a control layer for AI tools, agents, and pipelines deployed across the enterprise. While primarily a product-focused announcement, it highlights the genuine security challenge of blind trust in autonomous AI agents executing actions on behalf of users and systems.