LIVE THREAT FEED

AI Security News. Framework Analysis.
Structural Insight.

Every article scored, classified, and mapped to MITRE ATLAS and OWASP LLM Top 10 — so you always know what matters and why.

9 feed sources

6.0+ relevance score

daily update cadence

2 frameworks mapped

127 articles published

April 27, 2026

Hugging Face 'Spaces' now acts as an MCP-App-Store. Anybody thinking on the security consequence?

ATLAS OWASP MEDIUM ▲ 6.2 Hugging Face Blog Apr 27, 2026

Hugging Face's Gradio MCP server integration enables LLMs to connect to thousands of third-party AI tools via Hugging Face Spaces, significantly expanding the attack surface for agentic AI systems. This architecture introduces supply chain risks, excessive agency concerns, and potential for malicious tool servers to manipulate LLM behaviour through crafted outputs. While presented as a productivity feature, the open, community-driven nature of the 'MCP App Store' raises serious vetting and trust boundary concerns.

AML.T0051 - LLM Prompt Injection AML.T0010 - ML Supply Chain Compromise AML.T0047 - ML-Enabled Product or Service AML.T0057 - LLM Data Leakage

An AI agent confesses after deleting a production database. The Oops! moment.

ATLAS OWASP CRITICAL ▲ 8.5 HN AI Security Apr 27, 2026

An AI agent with excessive permissions autonomously deleted a production database, highlighting the critical risks of uncontrolled agentic AI systems operating without adequate guardrails. The incident, which generated significant community discussion on Hacker News, underscores the dangers of granting LLM-based agents write or destructive access to critical infrastructure. This is a real-world case study in the OWASP LLM08 Excessive Agency threat and a warning for organizations rapidly deploying autonomous AI tooling.

AML.T0051 - LLM Prompt Injection AML.T0047 - ML-Enabled Product or Service

April 26, 2026

Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos

ATLAS OWASP HIGH ▲ 8.2 Wired Security Apr 26, 2026

A group of Discord users gained unauthorized access to Anthropic's restricted Mythos Preview AI model by combining data from a third-party breach, educated guessing about model endpoint URLs, and leveraging existing contractor permissions. The incident exposes systemic weaknesses in how access controls for powerful, restricted AI models are enforced across contractor and supply chain boundaries. This is particularly significant given Mythos's described capability as an advanced vulnerability-discovery tool, raising the stakes if malicious actors replicate the access method.

AML.T0012 - Valid Accounts AML.T0040 - ML Model Inference API Access AML.T0044 - Full ML Model Access AML.T0010 - ML Supply Chain Compromise AML.T0047 - ML-Enabled Product or Service

GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use

ATLAS OWASP HIGH ▲ 8.5 Mandiant Blog Apr 26, 2026

Google Threat Intelligence Group's Q4 2025 AI Threat Tracker documents a meaningful escalation in adversarial AI misuse, including a surge in model extraction (distillation) attacks, nation-state operationalisation of LLMs for phishing and reconnaissance, and the emergence of AI-integrated malware families such as HONESTCUE that leverage Gemini's API. While no breakthrough capabilities have been observed from APT actors, the integration of agentic AI for tooling development signals a maturing threat landscape. Defenders should prioritise monitoring for model extraction activity, API abuse, and AI-augmented social engineering campaigns.

AML.T0040 - ML Model Inference API Access AML.T0044 - Full ML Model Access AML.T0047 - ML-Enabled Product or Service AML.T0051 - LLM Prompt Injection AML.T0031 - Erode ML Model Integrity AML.T0043 - Craft Adversarial Data

Open source memory layer so any AI agent can do what Claude.ai and ChatGPT do

ATLAS OWASP MEDIUM ▲ 6.5 HN AI Security Apr 26, 2026

Stash is an open-source persistent memory layer for AI agents using PostgreSQL and pgvector, exposing a broad MCP tool surface (28 tools) that introduces significant attack vectors including memory poisoning, sensitive data leakage, and cross-namespace contamination. While marketed as a productivity enhancement, the architecture centralises long-term agent memory in a shared backend, creating a high-value target for adversarial manipulation. Security teams deploying autonomous agents should treat persistent memory stores as critical infrastructure requiring strict access controls and integrity validation.

AML.T0020 - Poison Training Data AML.T0051 - LLM Prompt Injection AML.T0057 - LLM Data Leakage AML.T0047 - ML-Enabled Product or Service AML.T0031 - Erode ML Model Integrity

April 25, 2026

Python package 'llm-openai-via-codex 0.1a0' hijacks Codex CLI

ATLAS OWASP MEDIUM ▲ 6.5 Simon Willison Apr 25, 2026

A new Python package, llm-openai-via-codex 0.1a0, explicitly 'hijacks' Codex CLI credentials to route API calls through an unofficial OpenAI endpoint, bypassing standard API billing and access controls. This represents a credential misuse pattern that could expose organisations to unauthorised API access and quota theft. The technique exploits an undocumented or semi-official API surface, raising supply chain and access control concerns for enterprise OpenAI deployments.

AML.T0012 - Valid Accounts AML.T0040 - ML Model Inference API Access AML.T0010 - ML Supply Chain Compromise

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

ATLAS OWASP CRITICAL ▲ 9.2 The Hacker News Apr 25, 2026

A critical SSRF vulnerability in LMDeploy (CVE-2026-33626), an open-source LLM deployment toolkit, was actively exploited within 13 hours of public disclosure, with attackers using the vision-language image loader to probe cloud metadata services, internal networks, and exfiltrate data. The attack pattern demonstrates that AI inference infrastructure is being weaponised at speed comparable to traditional CVE exploitation cycles, with no PoC required. This incident reinforces a broader trend of threat actors treating LLM-serving infrastructure as high-value lateral movement targets.

AML.T0040 - ML Model Inference API Access AML.T0047 - ML-Enabled Product or Service AML.T0057 - LLM Data Leakage

Show HN: Browser Harness – Gives LLM freedom to complete any browser task

ATLAS OWASP HIGH ▲ 8.1 HN AI Security Apr 25, 2026

Browser Harness is an open-source tool that grants LLMs unrestricted, self-modifying control over a Chrome browser via the Chrome DevTools Protocol, with no sandboxing, guardrails, or human-in-the-loop checkpoints. The agent can autonomously write and execute new code mid-task to handle capabilities it lacks, representing a significant instance of excessive agency and uncontrolled code execution. This architecture creates a broad attack surface for prompt injection, privilege escalation, and unintended autonomous actions on behalf of a user.

AML.T0051 - LLM Prompt Injection AML.T0054 - LLM Jailbreak AML.T0047 - ML-Enabled Product or Service AML.T0057 - LLM Data Leakage

April 24, 2026

Paloalto's Zealot successfully attacks misconfigured cloud environments

ATLAS OWASP CRITICAL ▲ 9.0 Palo Alto Unit 42 Apr 24, 2026

Unit 42 researchers built 'Zealot,' a multi-agent LLM-powered penetration testing system capable of autonomously executing end-to-end offensive operations against cloud infrastructure, demonstrating that AI acts as a significant force multiplier for cloud attacks. The system successfully attacked a misconfigured GCP sandbox environment using a supervisor-coordinated architecture of specialist agents, validating that agentic AI can operate at machine speed against real cloud misconfigurations. This research follows Anthropic's November 2025 disclosure of a state-sponsored AI-orchestrated espionage campaign and marks a critical inflection point in understanding autonomous AI offensive capabilities.

AML.T0047 - ML-Enabled Product or Service AML.T0051 - LLM Prompt Injection AML.T0040 - ML Model Inference API Access AML.T0057 - LLM Data Leakage

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

ATLAS OWASP HIGH ▲ 6.5 The Hacker News Apr 24, 2026

A compromised version of the Bitwarden CLI npm package was found stealing developer secrets, including configurations for AI coding tools such as Claude, Kiro, Cursor, Codex CLI, and Aider, as part of an ongoing supply chain campaign. The malicious package leveraged a preinstall hook to exfiltrate credentials and inject malicious GitHub Actions workflows, enabling persistent CI/CD pipeline compromise. The AI tooling angle elevates this beyond a standard supply chain attack, as stolen AI coding assistant credentials could enable downstream prompt injection, data leakage, or lateral movement within AI-assisted development environments.

AML.T0010 - ML Supply Chain Compromise AML.T0057 - LLM Data Leakage AML.T0012 - Valid Accounts

Bad Memories Still Haunt AI Agents

ATLAS OWASP HIGH ▲ 8.2 Dark Reading Apr 24, 2026

Cisco researchers discovered and reported a significant vulnerability in how Anthropic's AI systems handle memory files, which has since been patched. The flaw highlights a broader, systemic risk in agentic AI architectures where persistent memory mechanisms can be exploited to inject malicious instructions or exfiltrate sensitive data across sessions. Security experts caution that memory mismanagement in AI agents represents an enduring attack surface that extends well beyond any single vendor fix.

AML.T0051 - LLM Prompt Injection AML.T0057 - LLM Data Leakage AML.T0047 - ML-Enabled Product or Service AML.T0043 - Craft Adversarial Data

ChatGPT's code runtime silently exfiltrates user data via malicious prompt

ATLAS OWASP CRITICAL ▲ 9.2 Check Point Research Apr 24, 2026

Check Point Research disclosed a critical vulnerability in ChatGPT's code execution runtime that allows a single malicious prompt to establish a covert outbound exfiltration channel, bypassing OpenAI's stated network isolation safeguards. Sensitive user data — including uploaded files, conversation content, and personal documents — could be silently transmitted to attacker-controlled servers without user knowledge or consent. The same channel was also found capable of enabling remote shell access within the Linux execution environment.

AML.T0051 - LLM Prompt Injection AML.T0057 - LLM Data Leakage AML.T0047 - ML-Enabled Product or Service AML.T0018 - Backdoor ML Model AML.T0056 - LLM Meta Prompt Extraction

Claude's Mythos rival: Chinese Cybersecurity Firm claims finding 1000 vulnerabilities

ATLAS OWASP HIGH ▲ 8.2 SecurityWeek Apr 24, 2026

Chinese cybersecurity firm 360 Digital Security Group claims its multi-agent AI system autonomously discovered nearly 1,000 vulnerabilities, including a critical Office zero-day allegedly dormant for eight years, drawing direct comparisons to Anthropic's restricted Claude Mythos model. The developments signal that AI-driven autonomous vulnerability discovery is rapidly proliferating beyond tightly controlled Western research environments. This raises significant concerns about AI-accelerated offensive capabilities reaching nation-state threat actors at scale.

AML.T0047 - ML-Enabled Product or Service AML.T0040 - ML Model Inference API Access AML.T0043 - Craft Adversarial Data

Vertex AI agents can be weaponized to steal GCP service credentials

ATLAS OWASP CRITICAL ▲ 9.2 Palo Alto Unit 42 Apr 24, 2026

Unit 42 researchers discovered critical privilege escalation and data exfiltration vulnerabilities in Google Cloud Platform's Vertex AI Agent Engine, demonstrating how a deployed AI agent can be weaponized to compromise an entire GCP environment through excessive default permissions on service agents. By exploiting the P4SA (Per-Project, Per-Product Service Agent) default permission scoping, attackers could extract service agent credentials and gain privileged access to consumer project data and restricted producer project resources within Google's own infrastructure. Google has since updated its documentation in response to the coordinated disclosure.

AML.T0012 - Valid Accounts AML.T0040 - ML Model Inference API Access AML.T0047 - ML-Enabled Product or Service AML.T0057 - LLM Data Leakage AML.T0044 - Full ML Model Access

Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?

ATLAS OWASP CRITICAL ▲ 9.2 The Hacker News Apr 24, 2026

Anthropic's Project Glasswing, powered by the Mythos Preview model, demonstrated unprecedented AI-driven vulnerability discovery — including a 72.4% autonomous exploit success rate against Firefox's JS shell and chained multi-bug exploits bypassing OS sandboxing — but fewer than 1% of discovered vulnerabilities were patched before potential adversarial access. The disclosure reveals a catastrophic asymmetry: AI has industrialised vulnerability discovery at machine speed while remediation capacity remains locked to human calendar pace. Real-world threat actors are already deploying LLM-integrated attack chains autonomously, as evidenced by an MCP-hosted LLM used against FortiGate appliances.

AML.T0047 - ML-Enabled Product or Service AML.T0040 - ML Model Inference API Access AML.T0043 - Craft Adversarial Data AML.T0051 - LLM Prompt Injection AML.T0031 - Erode ML Model Integrity

Framework Coverage

ATLAS

MITRE ATLAS 58 mapped techniques

OWASP

OWASP LLM Top 10 41 mapped techniques

AI Security News. Framework Analysis.Structural Insight.