https://gridthegrey.com/Real-time AI security intelligence — adversarial ML, LLM vulnerabilities, and supply chain threats mapped to MITRE ATLAS and OWASP LLM Top 10.Hugoen-usFri, 29 May 2026 15:41:08 +0530https://gridthegrey.com/posts/malicious-npm-package-targets-claude-ai-users-via-supply-chain-attack/Fri, 29 May 2026 10:10:53 +0000https://gridthegrey.com/posts/malicious-npm-package-targets-claude-ai-users-via-supply-chain-attack/Threat Level: HIGHSupply ChainLLM SecurityIndustry NewsAML.T0010 - ML Supply Chain CompromiseAML.T0057 - LLM Data LeakageAML.T0012 - Valid AccountsAML.T0047 - ML-Enabled Product or ServiceA malicious npm package named 'mouse5212-super-formatter' was discovered exfiltrating files from Anthropic's Claude AI user directory by authenticating to a threat actor-controlled GitHub repository. The package disguised itself as a legitimate archive utility while silently uploading all local workspace files during the postinstall phase. Notably, the attacker's poor operational security — including a leaked GitHub token — suggests AI-generated malware with minimal human oversight, pointing to a growing trend of low-skill threat actors leveraging AI to produce supply chain malware.https://gridthegrey.com/posts/multi-agent-llm-system-discovers-29-zero-day-vulnerabilities-in-open-source/Fri, 29 May 2026 10:10:04 +0000https://gridthegrey.com/posts/multi-agent-llm-system-discovers-29-zero-day-vulnerabilities-in-open-source/Threat Level: HIGHAgentic AIResearchLLM SecurityAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataResearchers have developed FuzzingBrain V2, a multi-agent LLM system capable of autonomously discovering and reproducing software vulnerabilities with a 90% detection rate on a competitive benchmark dataset. The system discovered 29 zero-day vulnerabilities across 12 open-source projects, all confirmed by maintainers, raising both defensive and dual-use concerns for the security community. While positioned as a defensive research tool, the automation of end-to-end vulnerability discovery at this scale represents a meaningful shift in the offensive capability landscape.https://gridthegrey.com/posts/russia-linked-greyvibe-weaponises-chatgpt-and-gemini-across-full-attack/Fri, 29 May 2026 10:09:20 +0000https://gridthegrey.com/posts/russia-linked-greyvibe-weaponises-chatgpt-and-gemini-across-full-attack/Threat Level: HIGHLLM SecurityAdversarial MLIndustry NewsResearchAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataAML.T0051 - LLM Prompt InjectionAML.T0015 - Evade ML ModelWithSecure has documented GreyVibe, a Russia-nexus threat actor systematically deploying ChatGPT, Google Gemini, and Ideogram AI across every phase of its attack chain — from phishing lure creation to custom malware development — against Ukrainian targets since August 2025. The group's LLM-assisted malware, LegionRelay, contained design flaws introduced during AI-generated development, which paradoxically allowed researchers to track the group over an extended period. The case illustrates both the operational leverage AI provides to moderately skilled threat actors and the novel forensic signatures that AI-assisted development can inadvertently introduce.https://gridthegrey.com/posts/russian-greyvibe-group-weaponises-chatgpt-and-gemini-for-cyberespionage/Fri, 29 May 2026 00:21:08 +0000https://gridthegrey.com/posts/russian-greyvibe-group-weaponises-chatgpt-and-gemini-for-cyberespionage/Threat Level: HIGHLLM SecurityIndustry NewsResearchAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataAML.T0051 - LLM Prompt InjectionA likely Russian threat group dubbed GreyVibe has been actively using commercial LLMs — including ChatGPT and Google Gemini — to generate high-quality phishing lures, malware tooling, and social-engineering content targeting Ukrainian military, government, and civilian organisations. WithSecure researchers identified LLM artefact markers embedded in campaign imagery, confirming AI-assisted content generation at scale. The case represents a concrete, documented example of adversarial LLM weaponisation in an active nation-state-adjacent cyberespionage campaign.https://gridthegrey.com/posts/sqlite-bans-agentic-code-submissions-as-ai-bug-report-floods-begin/Fri, 29 May 2026 00:17:23 +0000https://gridthegrey.com/posts/sqlite-bans-agentic-code-submissions-as-ai-bug-report-floods-begin/Threat Level: MEDIUMAgentic AIIndustry NewsResearchAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataSQLite has formally prohibited agentic code contributions and strengthened its policy language, reflecting growing concern over AI-generated submissions overwhelming open source maintainers. The project was forced to create a separate bug forum after being flooded with AI-generated reports of inconsistent quality. This represents an emerging operational security challenge for critical infrastructure software projects targeted by autonomous AI coding agents.https://gridthegrey.com/posts/ai-bills-of-materials-emerge-as-critical-tool-for-ml-supply-chain-risk/Mon, 25 May 2026 15:44:14 +0000https://gridthegrey.com/posts/ai-bills-of-materials-emerge-as-critical-tool-for-ml-supply-chain-risk/Threat Level: MEDIUMSupply ChainRegulatoryIndustry NewsResearchAML.T0010 - ML Supply Chain CompromiseAML.T0020 - Poison Training DataAML.T0031 - Erode ML Model IntegrityAML.T0047 - ML-Enabled Product or ServiceAs AI systems proliferate across enterprise environments, the lack of standardised AI Bills of Materials (AI BOMs) leaves organisations blind to the components, training data, and dependencies embedded in deployed models. The article examines whether 2026 marks a turning point for AI BOM adoption as a risk management practice. Without visibility into AI supply chains, organisations remain exposed to hidden vulnerabilities including poisoned models, compromised dependencies, and undisclosed third-party components.https://gridthegrey.com/posts/anthropic-s-claude-mythos-autonomously-uncovers-10000-critical-software-flaws/Mon, 25 May 2026 15:43:34 +0000https://gridthegrey.com/posts/anthropic-s-claude-mythos-autonomously-uncovers-10000-critical-software-flaws/Threat Level: HIGHAgentic AIResearchIndustry NewsLLM SecurityAML.T0047 - ML-Enabled Product or ServiceAML.T0040 - ML Model Inference API AccessAML.T0043 - Craft Adversarial DataAnthropic's Project Glasswing has deployed Claude Mythos Preview — a frontier AI model — to autonomously discover over 10,000 high- and critical-severity vulnerabilities across widely used open-source software, with 1,094 confirmed as valid high/critical flaws. The initiative highlights a growing asymmetry: AI is accelerating vulnerability discovery far faster than the security community can remediate, compressing patch windows and raising the stakes for defenders. Anthropic is now urging shorter patch cycles and hardened defaults, warning that comparable offensive capabilities could soon be broadly accessible to threat actors.https://gridthegrey.com/posts/llm-coding-agents-collapse-under-structural-constraints-study-finds/Mon, 25 May 2026 15:42:13 +0000https://gridthegrey.com/posts/llm-coding-agents-collapse-under-structural-constraints-study-finds/Threat Level: HIGHLLM SecurityAgentic AIResearchAML.T0047 - ML-Enabled Product or ServiceAML.T0031 - Erode ML Model IntegrityAML.T0051 - LLM Prompt InjectionA systematic study of LLM agents performing backend code generation reveals a 'constraint decay' phenomenon where agents lose up to 30 assertion pass-rate points as structural requirements accumulate, approaching complete failure in some configurations. This fragility has direct security implications: production deployments relying on LLM-generated code may silently violate architectural constraints such as ORM patterns, database access controls, and API contracts. The findings expose a critical gap between functional correctness and structural safety in agentic coding systems.https://gridthegrey.com/posts/sentinelone-prompt-security-targets-agentic-ai-trust-verification-gap/Mon, 25 May 2026 15:42:13 +0000https://gridthegrey.com/posts/sentinelone-prompt-security-targets-agentic-ai-trust-verification-gap/Threat Level: MEDIUMAgentic AILLM SecurityPrompt InjectionIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0056 - LLM Meta Prompt ExtractionSentinelOne has published guidance on securing agentic AI systems, framing unverified trust in AI agents as a core enterprise risk. The piece promotes their Prompt Security product as a control layer for AI tools, agents, and pipelines deployed across the enterprise. While primarily a product-focused announcement, it highlights the genuine security challenge of blind trust in autonomous AI agents executing actions on behalf of users and systems.https://gridthegrey.com/posts/google-s-gemini-spark-agent-raises-prompt-injection-risks-at-enterprise-scale/Fri, 22 May 2026 02:23:05 +0000https://gridthegrey.com/posts/google-s-gemini-spark-agent-raises-prompt-injection-risks-at-enterprise-scale/Threat Level: MEDIUMPrompt InjectionAgentic AILLM SecuritySupply ChainIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0010 - ML Supply Chain CompromiseGoogle's newly announced Gemini Spark personal AI agent, integrated with Gmail, Drive, Calendar, and other sensitive Google services, presents a significant prompt injection attack surface as it processes user data at scale. The article highlights that Google's published security mitigations — ephemeral VMs, Agent Gateway, and DLP policies — address infrastructure isolation but do not directly address the prompt injection vector inherent to LLM-powered agents processing untrusted content. Additionally, the transition from open-source Gemini CLI to a closed-source Antigravity CLI raises supply chain transparency concerns.https://gridthegrey.com/posts/ai-agent-identity-sprawl-creates-new-attack-surface-in-enterprise-iam/Fri, 22 May 2026 02:22:18 +0000https://gridthegrey.com/posts/ai-agent-identity-sprawl-creates-new-attack-surface-in-enterprise-iam/Threat Level: MEDIUMAgentic AIIndustry NewsRegulatoryAML.T0012 - Valid AccountsAML.T0040 - ML Model Inference API AccessAML.T0047 - ML-Enabled Product or ServiceAs AI agents proliferate across enterprise environments, their associated non-human identities are introducing governance and security gaps that traditional IAM frameworks were not designed to handle. New Omdia research highlights that AI agent identity management demands distinct budget allocations and security controls separate from conventional IAM programs. The failure to properly secure and govern these machine identities exposes organisations to credential abuse, privilege escalation, and lateral movement risks.https://gridthegrey.com/posts/ai-security-lacks-reliable-measurement-why-benchmarks-alone-are-insufficient/Fri, 22 May 2026 02:21:32 +0000https://gridthegrey.com/posts/ai-security-lacks-reliable-measurement-why-benchmarks-alone-are-insufficient/Threat Level: MEDIUMLLM SecurityResearchRegulatoryIndustry NewsAML.T0031 - Erode ML Model IntegrityAML.T0047 - ML-Enabled Product or ServiceAML.T0044 - Full ML Model AccessA report highlighted by Bruce Schneier argues that AI security cannot be reliably measured through benchmarks alone, drawing parallels to the decades-long evolution of software security engineering. The core finding is that LLM weight spaces encode continuous spectrums that resist meaningful quantitative measurement, making trust in model outputs structurally difficult to establish. The practical implication is that organisations must rely on assurance processes rather than scorecards to manage AI security risk.https://gridthegrey.com/posts/anthropic-s-mythos-ai-model-used-to-find-exploitable-macos-kernel-vulnerability/Fri, 22 May 2026 02:20:55 +0000https://gridthegrey.com/posts/anthropic-s-mythos-ai-model-used-to-find-exploitable-macos-kernel-vulnerability/Threat Level: HIGHLLM SecurityAgentic AIResearchIndustry NewsAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataAML.T0040 - ML Model Inference API AccessA threat group leveraged Anthropic's Mythos AI model to identify and exploit a kernel memory corruption vulnerability in Apple's M5 chip running macOS. This represents a concrete, reported instance of AI-assisted vulnerability research being used offensively to discover low-level hardware-adjacent exploits. The incident underscores the dual-use danger of increasingly capable AI coding and reasoning models in the hands of adversarial actors.https://gridthegrey.com/posts/microsoft-open-sources-rampart-and-clarity-to-harden-ai-agent-security/Fri, 22 May 2026 02:18:06 +0000https://gridthegrey.com/posts/microsoft-open-sources-rampart-and-clarity-to-harden-ai-agent-security/Threat Level: MEDIUMLLM SecurityPrompt InjectionAgentic AIResearchIndustry NewsAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataMicrosoft has released two open-source tools, RAMPART and Clarity, aimed at embedding security testing into AI agent development workflows. RAMPART extends the existing PyRIT framework with a Pytest-native harness for running adversarial and safety tests against AI agents, explicitly covering cross-prompt injection, data exfiltration, and behavioural regression scenarios. Clarity operates as a pre-code design analysis tool, helping teams surface and challenge unsafe assumptions before an agentic system is built.https://gridthegrey.com/posts/llm-activation-steering-goes-local-security-implications-of-direct-model/Sun, 17 May 2026 02:17:55 +0000https://gridthegrey.com/posts/llm-activation-steering-goes-local-security-implications-of-direct-model/Threat Level: MEDIUMLLM SecurityAdversarial MLJailbreaksResearchAML.T0044 - Full ML Model AccessAML.T0054 - LLM JailbreakAML.T0031 - Erode ML Model IntegrityAML.T0015 - Evade ML ModelActivation steering — the technique of directly manipulating LLM internal representations mid-inference to alter model behaviour — is becoming more accessible to non-lab engineers via local models like DeepSeek-V4-Flash. This democratisation lowers the barrier for adversaries to craft targeted behavioural overrides that bypass prompt-level safety controls. The emergence of first-class steering support in tools like DwarfStar 4 signals that model-internal manipulation is transitioning from academic curiosity to practical attack surface.https://gridthegrey.com/posts/ai-agents-weaponise-vulnerability-discovery-as-ai-generated-code-expands-attack/Sun, 17 May 2026 02:16:12 +0000https://gridthegrey.com/posts/ai-agents-weaponise-vulnerability-discovery-as-ai-generated-code-expands-attack/Threat Level: HIGHAgentic AILLM SecuritySupply ChainIndustry NewsAML.T0047 - ML-Enabled Product or ServiceAML.T0043 - Craft Adversarial DataAML.T0010 - ML Supply Chain CompromiseAML.T0051 - LLM Prompt InjectionAI agents are now capable of autonomously discovering and exploiting obscure software vulnerabilities, raising the stakes for defenders already struggling with the volume of potentially insecure AI-generated code flooding codebases. The convergence of agentic exploitation capabilities and mass AI-assisted development creates a compounding risk: more vulnerabilities introduced at scale, and more capable automated systems to find and abuse them. Security teams must adapt their tooling, processes, and threat models to account for both sides of this AI-driven equation.https://gridthegrey.com/posts/four-openclaw-flaws-chain-together-for-full-ai-agent-compromise/Fri, 15 May 2026 21:24:57 +0000https://gridthegrey.com/posts/four-openclaw-flaws-chain-together-for-full-ai-agent-compromise/Threat Level: CRITICALAgentic AILLM SecurityPrompt InjectionResearchAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0018 - Backdoor ML ModelAML.T0047 - ML-Enabled Product or ServiceAML.T0012 - Valid AccountsResearchers at Cyera disclosed four vulnerabilities in OpenClaw, an AI agent runtime platform, that can be chained to achieve credential theft, privilege escalation, and persistent backdoor access. The attack chain, dubbed 'Claw Chain', exploits sandbox escapes, allowlist bypasses, and a spoofable ownership flag in the MCP loopback runtime to weaponise the agent's own privileges against the host environment. All four CVEs have been patched in OpenClaw version 2026.4.22 and users should update immediately.https://gridthegrey.com/posts/malicious-node-ipc-versions-target-cloud-ai-tool-credentials-via-supply-chain/Fri, 15 May 2026 21:24:13 +0000https://gridthegrey.com/posts/malicious-node-ipc-versions-target-cloud-ai-tool-credentials-via-supply-chain/Threat Level: CRITICALSupply ChainLLM SecurityIndustry NewsAML.T0010 - ML Supply Chain CompromiseAML.T0012 - Valid AccountsAML.T0057 - LLM Data LeakageThree versions of the widely-used node-ipc npm package were found to contain obfuscated stealer/backdoor payloads published by an unauthorised maintainer account. The malware harvests 90 categories of developer secrets — including Claude AI and Kiro IDE configurations, AWS, Azure, and GCP credentials — and exfiltrates them via HTTPS and DNS tunnelling to an attacker-controlled domain. The compromise is notable for bypassing npm lifecycle hooks entirely and, in one version, targeting a specific developer via pre-computed SHA-256 fingerprinting.https://gridthegrey.com/posts/microsoft-outlines-defense-in-depth-framework-for-autonomous-ai-agents/Fri, 15 May 2026 21:22:59 +0000https://gridthegrey.com/posts/microsoft-outlines-defense-in-depth-framework-for-autonomous-ai-agents/Threat Level: MEDIUMAgentic AILLM SecurityPrompt InjectionSupply ChainResearchAML.T0051 - LLM Prompt InjectionAML.T0057 - LLM Data LeakageAML.T0010 - ML Supply Chain CompromiseAML.T0047 - ML-Enabled Product or ServiceAML.T0054 - LLM JailbreakMicrosoft's Security Blog introduces a layered defense-in-depth model specifically designed for autonomous AI agents, which now invoke tools, modify data, and trigger workflows with minimal human oversight. The framework identifies novel threat classes — including agent hijacking, intent breaking, and supply chain compromise — that are amplified by agentic autonomy. The guidance positions application-layer architecture, permissions, and governance as the most critical controls as agent autonomy scales.https://gridthegrey.com/posts/rust-compiler-project-drafts-formal-llm-contribution-policy/Fri, 15 May 2026 21:18:40 +0000https://gridthegrey.com/posts/rust-compiler-project-drafts-formal-llm-contribution-policy/Threat Level: MEDIUMSupply ChainRegulatoryIndustry NewsLLM SecurityAML.T0010 - ML Supply Chain CompromiseAML.T0020 - Poison Training DataAML.T0031 - Erode ML Model IntegrityThe Rust compiler project (rust-lang/rust) is formalising a policy governing LLM use in contributions, signalling growing institutional recognition of AI-generated code risks in critical infrastructure. The policy, proposed via pull request on rust-forge, is scoped to the core compiler repository and will be linked from contribution guidelines. This represents a significant governance precedent for open-source security-critical projects managing supply chain integrity amid widespread LLM-assisted development.