LIVE THREATS
MEDIUM AI Bills of Materials Emerge as Critical Tool for ML Supply Chain Risk // HIGH Anthropic's Claude Mythos Autonomously Uncovers 10,000 Critical Software Flaws // HIGH LLM Coding Agents Collapse Under Structural Constraints, Study Finds // MEDIUM SentinelOne Prompt Security Targets Agentic AI Trust Verification Gap // MEDIUM Google's Gemini Spark Agent Raises Prompt Injection Risks at Enterprise Scale // MEDIUM AI Agent Identity Sprawl Creates New Attack Surface in Enterprise IAM // MEDIUM AI Security Lacks Reliable Measurement: Why Benchmarks Alone Are Insufficient // HIGH Anthropic's Mythos AI Model Used to Find Exploitable macOS Kernel Vulnerability // MEDIUM Microsoft Open-Sources RAMPART and Clarity to Harden AI Agent Security // MEDIUM LLM Activation Steering Goes Local: Security Implications of Direct Model Manipulation //
LIVE THREAT FEED

AI Security News. Framework Analysis.
Structural Insight.

Every article scored, classified, and mapped to MITRE ATLAS and OWASP LLM Top 10 — so you always know what matters and why.

9 feed sources
6.0+ relevance score
daily update cadence
2 frameworks mapped
127 articles published
CISO AI SECURITY BRIEFING

Week 19, 2026 — AI Security Briefing

0:00
Subscribe via RSS ↗

May 15, 2026

TanStack Supply Chain Attack Compromises OpenAI Developer Devices and Signing Certificates

TanStack Supply Chain Attack Compromises OpenAI Developer Devices and Signing Certificates

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 The Hacker News

A supply chain attack targeting TanStack via the Mini Shai-Hulud malware compromised two OpenAI employee devices, exposing internal source code repositories and code-signing certificates for macOS, iOS, and Windows apps. While no user data or production systems were breached, OpenAI was forced to revoke and reissue signing certificates, requiring macOS users to update ChatGPT Desktop, Codex, and Atlas apps before June 12, 2026. The incident marks OpenAI's second certificate rotation in two months and is part of a broader campaign by threat actor TeamPCP targeting major AI and open-source ecosystems.

AML.T0010 - ML Supply Chain Compromise AML.T0012 - Valid Accounts AML.T0047 - ML-Enabled Product or Service
TeamPCP Steals 5GB of Mistral AI Source Code via Supply Chain Attack

TeamPCP Steals 5GB of Mistral AI Source Code via Supply Chain Attack

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 BleepingComputer

The TeamPCP threat group has compromised Mistral AI's codebase management system via the Shai-Hulud software supply chain attack, stealing approximately 5GB of internal repositories covering training, fine-tuning, benchmarking, and inference pipelines. The hackers are demanding $25,000 for nearly 450 repositories or threatening to leak them publicly within a week. Mistral AI confirmed the breach but stated that core repositories, hosted services, managed user data, and research environments were not affected.

AML.T0010 - ML Supply Chain Compromise AML.T0044 - Full ML Model Access AML.T0057 - LLM Data Leakage AML.T0012 - Valid Accounts

May 14, 2026

Agentic AI Red Teaming Emerges as Defence Against AI-Speed Attack Chains

Agentic AI Red Teaming Emerges as Defence Against AI-Speed Attack Chains

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 7.2 SecurityWeek

Sweet Security has launched 'Sweet Attack', a continuous agentic AI red teaming platform designed to counter the growing asymmetry between AI-assisted attackers and human defenders — a tipping point the industry has termed the 'Mythos Moment'. The platform differentiates itself by grounding frontier model reasoning in live runtime telemetry from each customer's own environment, including topology, identity paths, and unencrypted Layer 7 exposure, to identify genuinely exploitable attack chains rather than theoretical ones. The development signals a broader industry shift toward autonomous, environment-aware AI agents as a necessary component of modern security operations.

AML.T0047 - ML-Enabled Product or Service AML.T0040 - ML Model Inference API Access AML.T0043 - Craft Adversarial Data
AI Agents Weaponised to Generate Custom Attack Tools in LatAm Campaigns

AI Agents Weaponised to Generate Custom Attack Tools in LatAm Campaigns

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 Dark Reading

Two threat campaigns targeting organisations in Mexico and Brazil have leveraged AI agents to dynamically generate customised hacking tools, marking a notable escalation in automated, AI-assisted cyberattacks. The use of AI agents for on-the-fly tool generation lowers the technical barrier for attackers and accelerates the attack cycle. This represents a concrete, in-the-wild demonstration of agentic AI being exploited as an offensive capability.

AML.T0047 - ML-Enabled Product or Service AML.T0051 - LLM Prompt Injection AML.T0054 - LLM Jailbreak AML.T0043 - Craft Adversarial Data
GPT-5.5 Matches Specialist Models in Vulnerability Discovery, Democratising Cyber Offence

GPT-5.5 Matches Specialist Models in Vulnerability Discovery, Democratising Cyber Offence

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 Schneier on Security

The UK AI Security Institute has evaluated GPT-5.5 and found it comparable to Claude Mythos in identifying security vulnerabilities, with both models now generally available to the public. This parity raises serious concerns about the lowered barrier to entry for offensive cyber operations, as adversaries can leverage widely accessible models for vulnerability research. Commentary from security experts highlights that LLM-based vulnerability discovery is constrained to known attack patterns, but the existence of jailbreaks means guardrails provide only partial mitigation.

AML.T0047 - ML-Enabled Product or Service AML.T0054 - LLM Jailbreak AML.T0040 - ML Model Inference API Access AML.T0043 - Craft Adversarial Data
Microsoft MDASH Agentic AI System Discovers 16 Critical Windows Vulnerabilities

Microsoft MDASH Agentic AI System Discovers 16 Critical Windows Vulnerabilities

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.8 The Hacker News

Microsoft has disclosed MDASH, a multi-model agentic AI scanning system that autonomously discovered 16 vulnerabilities patched in May 2026's Patch Tuesday, including two critical RCE flaws. The system orchestrates over 100 specialised AI agents in a structured pipeline covering auditing, debating, and proof-of-exploitability stages. MDASH represents a significant shift in how AI is being deployed offensively and defensively within the vulnerability research lifecycle, with direct implications for how agentic AI systems are trusted, scoped, and governed.

AML.T0047 - ML-Enabled Product or Service AML.T0040 - ML Model Inference API Access AML.T0043 - Craft Adversarial Data

May 13, 2026

OpenAI Daybreak Deploys Agentic AI Models for Vulnerability Detection and Patching

OpenAI Daybreak Deploys Agentic AI Models for Vulnerability Detection and Patching

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 7.2 The Hacker News

OpenAI has launched Daybreak, an AI-powered cybersecurity platform combining GPT-5.5 variants and Codex Security to automate vulnerability detection, threat modelling, and patch validation for enterprise codebases. The initiative introduces a tiered model access structure — including a permissive 'GPT-5.5-Cyber' for red teaming — raising questions about dual-use risk and model misuse if access controls are circumvented. The rollout also contextualises a broader industry tension: AI is accelerating vulnerability discovery faster than defenders can remediate, contributing to triage fatigue and hallucinated bug reports.

AML.T0047 - ML-Enabled Product or Service AML.T0040 - ML Model Inference API Access AML.T0054 - LLM Jailbreak AML.T0051 - LLM Prompt Injection
State Machine Guardrails Proposed to Rein In Uncontrolled AI Agent Tool Access

State Machine Guardrails Proposed to Rein In Uncontrolled AI Agent Tool Access

ATLAS OWASP LOW Limited impact · Standard review ▲ 6.2 HN AI Security

Statewright is an open-source framework that enforces state machine constraints on AI agents, restricting which tools agents can invoke during each phase of a workflow. The project directly addresses the Excessive Agency problem, where AI agents operating with broad, unconstrained tool access can take unintended or harmful actions. While a defensive development rather than a threat disclosure, it signals growing practitioner awareness of agentic AI risk and offers a concrete mitigation pattern for teams deploying coding agents like Claude Code, Codex, or Cursor.

AML.T0051 - LLM Prompt Injection AML.T0047 - ML-Enabled Product or Service
Mini Shai-Hulud Supply Chain Worm Compromises Mistral AI, Guardrails AI and TanStack Packages

Mini Shai-Hulud Supply Chain Worm Compromises Mistral AI, Guardrails AI and TanStack Packages

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 The Hacker News

The TeamPCP threat actor has executed a broad supply chain campaign dubbed Mini Shai-Hulud, injecting credential-stealing malware into npm and PyPI packages from major AI and developer tooling ecosystems including Mistral AI, Guardrails AI, and TanStack. The malware profiles execution environments, exfiltrates cloud, CI, and AI tool credentials, and establishes persistence inside Claude Code and VS Code IDEs. The TanStack compromise alone affected 42 packages and 84 versions, exploiting a chained GitHub Actions attack to inject malicious payloads without stealing npm tokens directly.

AML.T0010 - ML Supply Chain Compromise AML.T0047 - ML-Enabled Product or Service AML.T0018 - Backdoor ML Model AML.T0057 - LLM Data Leakage

May 12, 2026

Adversaries Leverage LLMs to Accelerate Exploit Development and Attack Automation

Adversaries Leverage LLMs to Accelerate Exploit Development and Attack Automation

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 Dark Reading

Threat actors are now actively deploying large language models to accelerate exploit development and automate complex cyberattack workflows, marking a significant evolution in adversarial tooling. This shift lowers the technical barrier for sophisticated attack execution, enabling less-skilled actors to produce functional exploits at scale. The trend signals a structural change in the offensive threat landscape, with AI acting as a force multiplier for adversaries.

AML.T0047 - ML-Enabled Product or Service AML.T0051 - LLM Prompt Injection AML.T0054 - LLM Jailbreak AML.T0043 - Craft Adversarial Data
AI-Developed Zero-Day Exploit Used in Mass Exploitation Attempt, Mandiant Warns

AI-Developed Zero-Day Exploit Used in Mass Exploitation Attempt, Mandiant Warns

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 Mandiant Blog

Google's Threat Intelligence Group (GTIG) has identified, for the first time, a criminal threat actor using a zero-day exploit believed to have been AI-generated, intended for mass exploitation before proactive counter-discovery intervened. The report also documents AI-augmented malware development, autonomous attack orchestration via AI-enabled malware (PROMPTSPY), and obfuscated LLM access pipelines used by adversaries to bypass usage controls. Nation-state actors from China and North Korea are actively pursuing AI-assisted vulnerability discovery, marking a significant escalation in adversarial AI capability.

AML.T0047 - ML-Enabled Product or Service AML.T0051 - LLM Prompt Injection AML.T0043 - Craft Adversarial Data AML.T0015 - Evade ML Model AML.T0040 - ML Model Inference API Access AML.T0054 - LLM Jailbreak
AI-Generated Zero-Day Exploit Bypasses 2FA in First Confirmed Wild Use

AI-Generated Zero-Day Exploit Bypasses 2FA in First Confirmed Wild Use

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 The Hacker News

Google's Threat Intelligence Group has confirmed the first known instance of a threat actor using an AI model to discover and weaponize a zero-day vulnerability — a 2FA bypass in a popular open-source web administration tool. The exploit, delivered via a Python script bearing hallmarks of LLM-generated code (including hallucinated CVSS scores and structured docstrings), was designed for mass exploitation. This marks a significant inflection point in the offensive AI threat landscape, demonstrating that AI-assisted vulnerability discovery and weaponization has moved from theoretical risk to confirmed operational reality.

AML.T0047 - ML-Enabled Product or Service AML.T0043 - Craft Adversarial Data AML.T0040 - ML Model Inference API Access AML.T0012 - Valid Accounts
LLMs Demonstrate Strong Capability for Covert Text Steganography

LLMs Demonstrate Strong Capability for Covert Text Steganography

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 Schneier on Security

Research highlighted by Bruce Schneier confirms that LLMs are highly effective at embedding hidden messages within seemingly normal text, a technique known as text-in-text steganography. This capability raises significant concerns for covert communications, data exfiltration, and the evasion of AI content moderation systems. Even small models with ~4 billion parameters demonstrate robust encoding and decoding of obfuscated language, lowering the barrier for adversarial misuse.

AML.T0015 - Evade ML Model AML.T0043 - Craft Adversarial Data AML.T0057 - LLM Data Leakage

May 11, 2026

Typosquatted OpenAI Repo on Hugging Face Delivered Rust Infostealer to 244K Users

Typosquatted OpenAI Repo on Hugging Face Delivered Rust Infostealer to 244K Users

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 8.5 The Hacker News

A malicious Hugging Face repository impersonated OpenAI's legitimate Privacy Filter model, cloning its description verbatim to gain credibility and reach the platform's trending list with 244,000 downloads. The repository delivered a multi-stage attack chain culminating in a Rust-based information stealer targeting browser credentials, cryptocurrency wallets, and Discord data on Windows machines. The attack leveraged a dead-drop resolver pattern via a public JSON paste service, allowing operators to swap payloads without modifying the repository itself.

AML.T0010 - ML Supply Chain Compromise AML.T0019 - Publish Poisoned Datasets AML.T0047 - ML-Enabled Product or Service

May 10, 2026

Fake OpenAI Repository on Hugging Face Delivers Rust-Based Infostealer

Fake OpenAI Repository on Hugging Face Delivers Rust-Based Infostealer

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 BleepingComputer

A malicious Hugging Face repository impersonating OpenAI's 'Privacy Filter' project reached #1 on the platform's trending list and accumulated 244,000 downloads before removal, delivering a multi-stage infostealer to Windows users. The attack chain used a disguised Python loader to execute PowerShell commands, ultimately deploying a Rust-based payload capable of harvesting browser credentials, crypto wallets, SSH/VPN configs, and screenshots. The campaign highlights the growing risk of AI/ML supply chain attacks through trusted model-sharing platforms.

AML.T0010 - ML Supply Chain Compromise AML.T0019 - Publish Poisoned Datasets AML.T0047 - ML-Enabled Product or Service

Framework Coverage

ATLAS
MITRE ATLAS 58 mapped techniques
OWASP
OWASP LLM Top 10 41 mapped techniques