LIVE THREATS
MEDIUM AI Bills of Materials Emerge as Critical Tool for ML Supply Chain Risk // HIGH Anthropic's Claude Mythos Autonomously Uncovers 10,000 Critical Software Flaws // HIGH LLM Coding Agents Collapse Under Structural Constraints, Study Finds // MEDIUM SentinelOne Prompt Security Targets Agentic AI Trust Verification Gap // MEDIUM Google's Gemini Spark Agent Raises Prompt Injection Risks at Enterprise Scale // MEDIUM AI Agent Identity Sprawl Creates New Attack Surface in Enterprise IAM // MEDIUM AI Security Lacks Reliable Measurement: Why Benchmarks Alone Are Insufficient // HIGH Anthropic's Mythos AI Model Used to Find Exploitable macOS Kernel Vulnerability // MEDIUM Microsoft Open-Sources RAMPART and Clarity to Harden AI Agent Security // MEDIUM LLM Activation Steering Goes Local: Security Implications of Direct Model Manipulation //
LIVE THREAT FEED

AI Security News. Framework Analysis.
Structural Insight.

Every article scored, classified, and mapped to MITRE ATLAS and OWASP LLM Top 10 — so you always know what matters and why.

9 feed sources
6.0+ relevance score
daily update cadence
2 frameworks mapped
127 articles published
CISO AI SECURITY BRIEFING

Week 19, 2026 — AI Security Briefing

0:00
Subscribe via RSS ↗

May 02, 2026

Frontier LLMs Now Autonomously Breach Corporate Networks in AISI Cyber Tests

Frontier LLMs Now Autonomously Breach Corporate Networks in AISI Cyber Tests

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 Ars Technica Security

The UK's AI Security Institute (AISI) found that OpenAI's GPT-5.5 matches Anthropic's Mythos Preview on cybersecurity benchmarks, including a 32-step simulated corporate network intrusion. Both models successfully completed the 'The Last Ones' data-extraction simulation — a first for any AI system — suggesting autonomous offensive cyber capability is a general frontier-model property, not a one-vendor breakthrough. The findings raise urgent questions about responsible release practices and the pace at which LLMs can independently execute multi-stage attacks.

AML.T0047 - ML-Enabled Product or Service AML.T0040 - ML Model Inference API Access AML.T0043 - Craft Adversarial Data
Premature AI Agent Deployments Expose Production Systems to Destructive Actions

Premature AI Agent Deployments Expose Production Systems to Destructive Actions

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.5 Dark Reading

Organisations are deploying AI agents into production environments without adequate security testing, resulting in destructive outcomes such as unintended deletion of production databases. The core risk is excessive agency granted to AI systems before trust boundaries and guardrails are established. This represents a systemic industry failure to apply basic security principles before integrating autonomous AI tooling into critical infrastructure.

AML.T0047 - ML-Enabled Product or Service AML.T0051 - LLM Prompt Injection AML.T0057 - LLM Data Leakage

May 01, 2026

Anthropic Launches Claude Security to Close AI-Accelerated Exploit Window

Anthropic Launches Claude Security to Close AI-Accelerated Exploit Window

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 SecurityWeek

Anthropic has released Claude Security in public beta, a dedicated vulnerability scanning product aimed at countering the accelerating threat of AI-powered exploitation exemplified by its own Mythos model. The tool integrates directly into Claude Enterprise, scanning repositories for vulnerabilities, providing confidence-rated findings, and generating targeted patches — compressing the security team-to-engineer remediation cycle from days to a single session. The launch reflects a broader industry acknowledgment that frontier AI models in adversarial hands are fundamentally shortening time-to-exploit, forcing defenders to adopt equivalent AI-native tooling.

AML.T0047 - ML-Enabled Product or Service AML.T0040 - ML Model Inference API Access AML.T0043 - Craft Adversarial Data
CVSS 10 Gemini CLI Flaw Turns CI/CD Pipelines Into RCE Attack Vectors

CVSS 10 Gemini CLI Flaw Turns CI/CD Pipelines Into RCE Attack Vectors

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 The Hacker News

Google has patched a maximum-severity (CVSS 10.0) vulnerability in its Gemini CLI tooling that allowed unauthenticated attackers to achieve remote code execution by planting malicious configuration files in workspace directories automatically trusted by the agent in headless/CI mode. The flaw effectively weaponised CI/CD pipelines as supply chain attack paths, bypassing sandbox protections entirely before they could initialise. A secondary issue in '--yolo' mode further enabled prompt injection to trigger unrestricted shell command execution.

AML.T0051 - LLM Prompt Injection AML.T0010 - ML Supply Chain Compromise AML.T0047 - ML-Enabled Product or Service
OpenAI Launches Phishing-Resistant Security Mode for High-Risk ChatGPT Accounts

OpenAI Launches Phishing-Resistant Security Mode for High-Risk ChatGPT Accounts

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 Wired Security

OpenAI has introduced Advanced Account Security, an optional hardened authentication mode for ChatGPT and Codex users who face elevated risk of account takeover, including journalists, dissidents, and researchers. The feature enforces passkey or physical security key authentication, eliminates SMS/email recovery routes, and removes OpenAI support team access to recovery options to block social engineering attacks. Members of OpenAI's Trusted Access for Cyber programme will be mandated to enable it or provide equivalent enterprise SSO attestation by June 1.

AML.T0012 - Valid Accounts AML.T0040 - ML Model Inference API Access AML.T0047 - ML-Enabled Product or Service
UK AI Security Institute Finds GPT-5.5 Matches Claude Mythos in Cyber Capabilities

UK AI Security Institute Finds GPT-5.5 Matches Claude Mythos in Cyber Capabilities

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 Simon Willison

The UK's AI Security Institute has evaluated OpenAI's GPT-5.5 for offensive cybersecurity capabilities, finding it comparable to Anthropic's Claude Mythos model in identifying security vulnerabilities. Unlike Mythos, GPT-5.5 is generally available, meaning its vulnerability-discovery capabilities are accessible to a broad population including malicious actors. This raises significant concerns about the proliferation of AI-assisted exploitation tools at scale.

AML.T0047 - ML-Enabled Product or Service AML.T0040 - ML Model Inference API Access AML.T0043 - Craft Adversarial Data

April 30, 2026

AI-Powered Honeypots Expose Blind Spots in Automated Malicious AI Agents

AI-Powered Honeypots Expose Blind Spots in Automated Malicious AI Agents

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 7.2 Cisco Talos

Cisco Talos researcher Martin Lee demonstrates how generative AI can be used to rapidly deploy adaptive honeypot systems that deceive and study AI-driven attack agents. The technique exploits a fundamental weakness in AI agents — their lack of situational awareness — causing them to interact with simulated vulnerable systems as if they were real targets. This defensive approach shifts the paradigm from passive detection to active manipulation, giving defenders new insight into automated threat actor methodologies.

AML.T0051 - LLM Prompt Injection AML.T0043 - Craft Adversarial Data AML.T0047 - ML-Enabled Product or Service AML.T0015 - Evade ML Model
DPRK Actors Use Claude LLM to Inject Malware Into npm Supply Chain

DPRK Actors Use Claude LLM to Inject Malware Into npm Supply Chain

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 The Hacker News

North Korean threat group Famous Chollima (Shifty Corsair) has weaponised AI-assisted code generation to embed malicious npm packages into autonomous AI agent projects, targeting cryptocurrency wallets. The campaign, dubbed PromptMink, exploited Anthropic's Claude Opus to co-author a malicious dependency commit, demonstrating a novel abuse of LLM coding agents for supply chain infiltration. The attack uses a multi-layer dependency structure to evade detection, with second-layer malicious packages swiftly rotated when identified.

AML.T0010 - ML Supply Chain Compromise AML.T0047 - ML-Enabled Product or Service AML.T0019 - Publish Poisoned Datasets AML.T0057 - LLM Data Leakage
SQL Injection in LiteLLM Proxy Exposes LLM Provider Keys Within 36 Hours

SQL Injection in LiteLLM Proxy Exposes LLM Provider Keys Within 36 Hours

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 The Hacker News

A critical SQL injection vulnerability (CVE-2026-42208, CVSS 9.3) in BerriAI's LiteLLM AI gateway was actively exploited within 36 hours of public disclosure, targeting database tables storing upstream LLM provider API keys including OpenAI, Anthropic, and AWS Bedrock credentials. Attackers demonstrated prior knowledge of LiteLLM's internal schema, selectively probing credential and configuration tables while ignoring user and team tables. The blast radius extends far beyond a typical web-app SQL injection, as successful extraction equates to cloud-account-level compromise across multiple AI provider accounts.

AML.T0012 - Valid Accounts AML.T0040 - ML Model Inference API Access AML.T0047 - ML-Enabled Product or Service AML.T0010 - ML Supply Chain Compromise AML.T0057 - LLM Data Leakage

April 29, 2026

Agentic AI Defense Costs Spiral as Adversarial Attack Volume Surges

Agentic AI Defense Costs Spiral as Adversarial Attack Volume Surges

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 SecurityWeek

Sevii's Cyber Swarm Defense launch highlights a structural tension in enterprise AI security: the token-based cost model of agentic AI defense becomes unpredictable and potentially unsustainable as adversarial attack volume increases. CISOs face a compounding risk where budget exhaustion mid-attack could force a fallback to understaffed human teams. The article also references Claude Mythos as a frontier model enabling higher-volume adversarial campaigns, underscoring the asymmetric cost burden between attackers and defenders.

AML.T0047 - ML-Enabled Product or Service AML.T0040 - ML Model Inference API Access
FIDO Alliance Launches Standards Push to Secure AI Agent Transactions

FIDO Alliance Launches Standards Push to Secure AI Agent Transactions

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 Wired Security

The FIDO Alliance, backed by Google and Mastercard, is forming working groups to establish cryptographic standards for authenticating AI agent-initiated transactions, addressing risks like agent hijacking, prompt injection, and unauthorised financial actions. The initiative responds to a growing attack surface where agentic AI systems act on behalf of users without adequate authentication frameworks. Google's Agent Payments Protocol (AP2) and Mastercard's Verifiable Intent framework are being contributed as open-source foundations for the effort.

AML.T0051 - LLM Prompt Injection AML.T0047 - ML-Enabled Product or Service AML.T0012 - Valid Accounts AML.T0057 - LLM Data Leakage
Pre-Auth SQLi Flaw in LiteLLM Gateway Actively Exploited to Steal AI Credentials

Pre-Auth SQLi Flaw in LiteLLM Gateway Actively Exploited to Steal AI Credentials

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 BleepingComputer

A critical unauthenticated SQL injection vulnerability (CVE-2026-42208) in LiteLLM, a widely-used LLM proxy and SDK middleware, is being actively exploited to extract API keys, provider credentials, and configuration secrets from the proxy database. Exploitation began within 36 hours of public disclosure, with attackers demonstrating precise targeting of sensitive tables containing OpenAI, Anthropic, and Bedrock credentials. The stolen credentials could enable downstream attacks against AI infrastructure at scale, given LiteLLM's broad adoption across LLM application ecosystems.

AML.T0040 - ML Model Inference API Access AML.T0012 - Valid Accounts AML.T0047 - ML-Enabled Product or Service AML.T0057 - LLM Data Leakage AML.T0010 - ML Supply Chain Compromise

April 28, 2026

Welcoming Llama Guard 4 on Hugging Face Hub

Welcoming Llama Guard 4 on Hugging Face Hub

ATLAS OWASP LOW Limited impact · Standard review ▲ 7.2 Hugging Face Blog

Meta has released Llama Guard 4, a 12B multimodal safety classifier designed to detect and filter unsafe content in both image and text inputs/outputs for production LLM deployments. The model addresses jailbreak attempts and harmful content generation across 14 hazard categories defined by the MLCommons taxonomy. Alongside it, two lightweight Llama Prompt Guard 2 classifiers (86M and 22M parameters) target prompt injection and prompt attack detection.

AML.T0054 - LLM Jailbreak AML.T0051 - LLM Prompt Injection AML.T0043 - Craft Adversarial Data AML.T0047 - ML-Enabled Product or Service
Frontier agentic LLMs risk industrialising cyberattacks, but may also empower defenders.

Frontier agentic LLMs risk industrialising cyberattacks, but may also empower defenders.

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.5 Dark Reading

The article examines the emerging threat landscape posed by agentic AI systems in offensive security contexts, suggesting that frontier LLMs could enable industrialised exploitation at scale. Commentator Ari Herbert-Voss reframes the narrative, arguing this moment also presents a strategic opportunity for defenders. The piece surfaces tensions around autonomous AI-driven cyberattacks and their potential to outpace traditional security postures.

AML.T0047 - ML-Enabled Product or Service AML.T0051 - LLM Prompt Injection AML.T0054 - LLM Jailbreak AML.T0043 - Craft Adversarial Data
TeamPCP resumes supply chain attacks, poisoning xinference PyPI and triggering a Bitwarden CLI cascade via compromised Docker image.

TeamPCP resumes supply chain attacks, poisoning xinference PyPI and triggering a Bitwarden CLI cascade via compromised Docker image.

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.5 SANS Internet Storm Center

The TeamPCP supply chain campaign resumed after a 26-day pause with three concurrent compromises targeting Checkmarx KICS (Docker Hub), xinference (a popular AI inference PyPI package), and a cascading compromise of Bitwarden CLI via poisoned CI/CD dependencies. The xinference poisoning is directly AI-security relevant as it targets a widely used LLM/ML model serving framework, while the broader campaign demonstrates sophisticated supply chain attack methodologies that increasingly intersect with AI tooling. The CanisterSprawl npm worm adds credential-harvesting infrastructure that could further compromise AI development pipelines.

AML.T0010 - ML Supply Chain Compromise AML.T0019 - Publish Poisoned Datasets AML.T0047 - ML-Enabled Product or Service AML.T0012 - Valid Accounts

Framework Coverage

ATLAS
MITRE ATLAS 58 mapped techniques
OWASP
OWASP LLM Top 10 41 mapped techniques