LIVE FEED
LIVE THREAT FEED

AI Security Intelligence. Framework Analysis.
Structural Insight.

Every article scored, classified, and mapped to MITRE ATLAS and OWASP LLM Top 10 — so you always know what matters and why.

9 feed sources
6.0+ relevance score
daily update cadence
2 frameworks mapped
270 articles published
DEEP SIGNAL Original Analysis

July 07, 2026

SkillCloak Bypasses AI Agent Skill Scanners at 90% Rate

SkillCloak Bypasses AI Agent Skill Scanners at 90% Rate

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 The Hacker News

Researchers at Hong Kong University of Science and Technology have demonstrated that static scanners used to vet malicious AI agent 'skills' — modular add-ons for agents like Claude Code and OpenAI Codex — can be systematically bypassed using a tool called SKILLCLOAK. The technique leverages either character-substitution obfuscation or self-extracting packing into scanner-ignored directories like .git/, achieving evasion rates above 90% across all eight tested scanners. The same research team also developed SKILLDETONATE, a runtime behavioral sandbox that catches most of the threats static analysis misses.

July 05, 2026

Amazon Q Extension Credential Theft via MCP Injection

Amazon Q Extension Credential Theft via MCP Injection

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 Dark Reading

A vulnerability in the Amazon Q Visual Studio Code extension allows adversaries to plant malicious repositories that execute arbitrary code and exfiltrate cloud credentials. The flaw highlights escalating risks associated with Model Context Protocol (MCP) integrations embedded within AI-powered developer tools. This attack vector represents a growing threat surface as AI coding assistants gain privileged access to developer environments and cloud infrastructure.

July 04, 2026

Alibaba and Baidu Launch LLMs With US-Level Capabilities

Alibaba and Baidu Launch LLMs With US-Level Capabilities

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.2 Dark Reading

Two newly released large language models from Chinese AI firms have reached capability parity with leading US frontier models, expanding the global pool of powerful AI available to both commercial and adversarial users. For defenders, this development broadens the asymmetry between attackers — who gain access to capable, potentially less-restricted models — and defenders, who must now account for threats generated by a wider set of model providers. Security teams should anticipate increased use of these models for offensive tasks such as phishing content generation, vulnerability research automation, and social engineering at scale.

Langflow LLM Agents Exploited for Ransomware Delivery

Langflow LLM Agents Exploited for Ransomware Delivery

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 SecurityWeek

A documented ransomware attack leveraged agentic AI infrastructure — specifically the Langflow LLM orchestration platform — to automate multi-stage intrusion chains combining known exploitation techniques with real-time LLM reasoning. This marks a significant escalation in threat actor capability, demonstrating that agentic AI can serve as an autonomous attack coordinator rather than merely an assistant. Security teams running self-hosted AI orchestration platforms now face an expanded attack surface where the AI layer itself can be both the entry point and the execution engine.

Microsoft Copilot MCP Tool Poisoning Enables Data Exfiltration

Microsoft Copilot MCP Tool Poisoning Enables Data Exfiltration

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 9.1 The Hacker News

Microsoft researchers have demonstrated how attackers can embed hidden instructions inside MCP tool descriptions to covertly redirect AI agents into exfiltrating sensitive business data. Because each individual action the agent takes appears legitimate — using approved tools and the user's own permissions — default security controls generate no alerts. The attack exploits a fundamental design tension in MCP: tool descriptions simultaneously carry operational instructions and attacker-controlled data, collapsing a critical trust boundary.

Agentjacking: Prompt Injection via Malicious Bug Reports

Agentjacking: Prompt Injection via Malicious Bug Reports

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 Dark Reading

A technique dubbed 'agentjacking' exploits the inability of AI coding agents to distinguish between legitimate content and embedded instructions, allowing attackers to hijack agent behaviour through maliciously crafted bug reports. The attack represents a scalable, low-barrier prompt injection vector targeting developer workflows that rely on autonomous AI agents. As AI coding assistants gain broader adoption and elevated system permissions, this class of attack poses a significant risk to software supply chain integrity.

Cursor IDE DuneSlide Zero-Click Prompt Injection RCE

Cursor IDE DuneSlide Zero-Click Prompt Injection RCE

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 SecurityWeek

A set of vulnerabilities dubbed 'DuneSlide' in the Cursor AI code editor allow attackers to conduct zero-click prompt injection attacks that escape the application's sandbox and execute arbitrary code at the operating system level. The flaws represent a critical escalation of AI-native attack surface risks, targeting developers who rely on AI-assisted coding environments. Because exploitation requires no user interaction, the attack chain is particularly dangerous in supply chain and watering-hole scenarios.

Current AI Launches Open Source AI Gap Map with 421 Projects

Current AI Launches Open Source AI Gap Map with 421 Projects

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 5.5 Simon Willison

Current AI has published the Open Source AI Gap Map v0.1, a structured, MIT-licensed index of 421 open-source AI products spanning models, datasets, software tools, and hardware, backed by 1,184 YAML files and tracking over 16,000 GitHub repositories. For defenders, this comprehensive public inventory creates a dual-use intelligence resource: while it aids supply chain visibility, it simultaneously provides adversaries with a curated, machine-readable attack surface map of the open-source AI ecosystem. Security teams should treat this dataset as threat-actor recon material and cross-reference their own AI dependencies against it immediately.

July 03, 2026

Browser Ransomware via File System Access API: DeepSeek

Browser Ransomware via File System Access API: DeepSeek

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 Check Point Research

Check Point Research demonstrates how DeepSeek's lower refusal rates allowed researchers to transform an LLM-hallucinated malware concept into a practical browser-native ransomware technique targeting Android photo directories via the File System Access API. The attack requires no native payload, APK installation, or root access — only social engineering to obtain a legitimate browser permission prompt. This research highlights how frontier AI models with weaker safety controls can independently design novel attack paths not yet seen in real-world campaigns.

CVE-2026-50548: Cursor IDE Prompt Injection RCE

CVE-2026-50548: Cursor IDE Prompt Injection RCE

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 The Hacker News

Two critical vulnerabilities (CVE-2026-50548 and CVE-2026-50549) in the Cursor AI code editor allow prompt injection attacks delivered via MCP services or web search results to escape the editor's terminal sandbox and execute arbitrary commands on a developer's machine without any user interaction. Both flaws abuse the sandbox's write-permission logic — one through a misconfigured working directory parameter, the other through a symlink-resolution fallback — ultimately allowing overwrite of the sandbox helper binary itself. The attack surface is significant given Cursor's reported adoption across more than half of Fortune 500 companies; all versions prior to 3.0 remain vulnerable.

Anthropic Releases Claude-Real-Video for Local Video Analysis

Anthropic Releases Claude-Real-Video for Local Video Analysis

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.8 HN AI Security

claude-real-video is an open-source, MIT-licensed Python library that extracts scene-change frames, deduplicates images, and transcribes audio from any video URL or local file, then packages the result as a folder any LLM can consume — all processed locally without cloud upload. For defenders, this dramatically expands the multimodal prompt injection surface by enabling adversaries to embed malicious instructions inside video content that LLM pipelines will now ingest and act upon. Security teams building or deploying LLM agents with video-processing capabilities must treat video content as an untrusted, potentially adversarial input channel.

IGA Platforms Add AI Agent Governance and Access Control

IGA Platforms Add AI Agent Governance and Access Control

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.8 The Hacker News

A new analysis published via The Hacker News details how traditional Identity Governance and Administration (IGA) frameworks — built around HR-driven, human-centric lifecycle events — are fundamentally unequipped to govern AI agents acting as autonomous principals in enterprise environments. Security teams face a growing blind spot: AI agents acquire, retain, and exercise entitlements without triggering the joiner-mover-leaver workflows, manager attestations, or termination events that IGA tooling depends on. Defenders must now treat AI agent identities as a separate governance tier, requiring purpose-built provisioning, audit, and deprovisioning logic that existing platforms like Workday, SailPoint, and Azure AD connectors were never designed to provide.

Claude Opus Discovers API Flaw Enabling Ticket Fraud

Claude Opus Discovers API Flaw Enabling Ticket Fraud

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 Wired Security

Security researcher Ian Carroll leveraged Anthropic's Claude Opus 4.7 to identify a critical vulnerability in Front Gate Tickets—a Live Nation subsidiary handling ticketing for major US festivals—that granted super-administrator access and the ability to freely issue tickets of any value. The case demonstrates LLM-assisted autonomous vulnerability discovery at scale, with Carroll noting the AI could likely have completed the full exploit chain without human intervention. Front Gate patched the flaw within 24 hours of disclosure, confirming no evidence of prior exploitation.

Anthropic Ships Mythos for AI-Driven Bug Discovery

Anthropic Ships Mythos for AI-Driven Bug Discovery

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.8 Dark Reading

Anthropic's Mythos capability, combined with IBM and Red Hat's Project Lightwell service backed by 20,000 engineers and $5B, introduces an AI-driven pipeline for discovering and remediating bugs in open-source software at industrial scale. This creates a dual-edged attack surface: adversaries who can influence Mythos's findings, its training data, or the remediation pipeline gain a privileged position to inject subtle vulnerabilities into widely-deployed open-source components. Defenders must treat the AI vulnerability-finding and patch-generation pipeline itself as a high-value, high-risk supply chain asset requiring rigorous integrity controls.

AGENTIC AIThe Hacker NewsCRITICALCVE-2025-3248: Langflow RCE Enables AutonomousRansomware Attack

CVE-2025-3248: Langflow RCE Enables Autonomous Ransomware Attack

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.8 The Hacker News

Sysdig has documented what it claims is the first end-to-end ransomware attack orchestrated autonomously by an AI agent, attributed to a threat actor tracked as JADEPUFFER. The agent exploited a known remote code execution flaw in Langflow (CVE-2025-3248) to gain initial access, harvest credentials, pivot laterally, and ultimately encrypt and destroy a production database — all without human intervention at the keyboard. The incident demonstrates that AI agents can now lower the skill floor for complex, multi-stage attacks to near zero, representing a qualitative shift in the ransomware threat landscape.

Framework Coverage

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.