LIVE THREAT FEED

AI Security News. Framework Analysis.
Structural Insight.

Every article scored, classified, and mapped to MITRE ATLAS and OWASP LLM Top 10 — so you always know what matters and why.

9 feed sources

6.0+ relevance score

daily update cadence

2 frameworks mapped

127 articles published

April 20, 2026

On Anthropic’s Mythos Preview and Project Glasswing

ATLAS OWASP HIGH ▲ 8.5 Schneier on Security Apr 20, 2026

Bruce Schneier analyses Anthropic's Claude Mythos Preview and Project Glasswing, a controlled deployment programme aimed at finding and patching software vulnerabilities before the model is publicly released due to its advanced cyberattack capabilities. The piece highlights a growing offensive AI capability gap, noting that newer LLMs can autonomously chain memory corruption bugs and operationalise exploits without human orchestration, while observing that defenders currently retain a marginal advantage because vulnerability discovery is easier than exploitation. Schneier warns that this advantage is narrowing rapidly and that the industry must prepare for a world of commoditised zero-day exploits.

AML.T0047 - ML-Enabled Product or Service AML.T0040 - ML Model Inference API Access AML.T0044 - Full ML Model Access AML.T0043 - Craft Adversarial Data

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

ATLAS OWASP HIGH ▲ 7.2 The Hacker News Apr 20, 2026

A North Korean threat group (UNC1069) compromised the popular npm Axios library via a supply chain attack, injecting a backdoor (WAVESHAPER.V2) into two poisoned versions that were inadvertently downloaded by OpenAI's macOS app-signing GitHub Actions workflow. Although OpenAI found no evidence of certificate exfiltration or user data compromise, the incident exposed the signing credentials for ChatGPT Desktop, Codex, Codex CLI, and Atlas, prompting certificate revocation and mandatory app updates by May 8, 2026. The attack highlights the acute risk of software supply chain compromises against AI product delivery pipelines.

AML.T0010 - ML Supply Chain Compromise AML.T0047 - ML-Enabled Product or Service

Artemis Emerges From Stealth With $70 Million in Funding

ATLAS OWASP MEDIUM ▲ 6.2 SecurityWeek Apr 20, 2026

Artemis, a cybersecurity startup focused on AI-powered threat defence, has emerged from stealth with $70 million in funding, positioning itself to counter AI-driven attacks across applications, users, endpoints, and cloud workloads. The emergence signals growing investor confidence in purpose-built AI security platforms designed to address the escalating threat landscape of adversarial AI. While details on specific technical capabilities remain sparse, the company's broad scope suggests coverage of multiple attack surfaces increasingly targeted by AI-enabled threat actors.

AML.T0047 - ML-Enabled Product or Service AML.T0043 - Craft Adversarial Data AML.T0015 - Evade ML Model

April 18, 2026

Old Vulnerabilities get a new life, all thanks to AI!

ATLAS OWASP HIGH ▲ 6.5 Dark Reading Apr 18, 2026

The article argues that AI's primary security risk lies not in introducing entirely new vulnerability classes, but in dramatically amplifying the impact and exploitability of well-established ones. This framing has significant implications for defenders, suggesting that legacy vulnerability management practices must be re-evaluated through an AI-augmented threat lens. The convergence of classic weaknesses with AI capabilities raises the baseline risk profile for organisations deploying or adjacent to AI systems.

AML.T0047 - ML-Enabled Product or Service AML.T0051 - LLM Prompt Injection AML.T0010 - ML Supply Chain Compromise AML.T0043 - Craft Adversarial Data AML.T0031 - Erode ML Model Integrity

Cursor AI Vulnerability Exposed Developer Devices

ATLAS OWASP CRITICAL ▲ 8.5 SecurityWeek Apr 18, 2026

A chained vulnerability in Cursor AI—a widely-used AI-powered code editor—allowed attackers to combine indirect prompt injection with a sandbox escape and the application's built-in remote tunnel feature to achieve arbitrary shell access on developer machines. The attack chain is particularly significant because it weaponises Cursor's own legitimate remote-access infrastructure, meaning malicious commands could blend into normal developer workflows. Developers using Cursor's AI features against untrusted code or repositories are at elevated risk of full host compromise.

AML.T0051 - LLM Prompt Injection AML.T0047 - ML-Enabled Product or Service AML.T0057 - LLM Data Leakage AML.T0043 - Craft Adversarial Data

April 17, 2026

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

ATLAS OWASP HIGH ▲ 8.2 SecurityWeek Apr 17, 2026

A researcher has disclosed a novel prompt injection attack technique dubbed 'Comment and Control,' demonstrating that popular AI coding agents — including Claude Code, Gemini CLI, and GitHub Copilot Agents — can be manipulated through malicious instructions embedded in source code comments. The attack exploits the tendency of agentic coding tools to process and act upon contextual content within files they are tasked to read or modify. This represents a meaningful escalation in the risk surface of AI-assisted software development workflows.

AML.T0051 - LLM Prompt Injection AML.T0043 - Craft Adversarial Data AML.T0047 - ML-Enabled Product or Service AML.T0057 - LLM Data Leakage

OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal

ATLAS OWASP MEDIUM ▲ 6.5 SecurityWeek Apr 17, 2026

OpenAI has expanded access to GPT-5.4-Cyber, a fine-tuned model designed for defensive cybersecurity applications, following Anthropic's reveal of its Mythos cybersecurity model. While framed as a defensive tool for legitimate security practitioners, the widened access to a capability-enhanced cybersecurity LLM raises dual-use concerns around potential misuse for offensive operations. The competitive dynamic between major AI labs in the security-focused model space signals a broader industry trend that warrants careful access control and policy scrutiny.

AML.T0047 - ML-Enabled Product or Service AML.T0054 - LLM Jailbreak AML.T0040 - ML Model Inference API Access

Human Trust of AI Agents

ATLAS OWASP MEDIUM ▲ 6.2 Schneier on Security Apr 17, 2026

Research published via Schneier on Security reveals that humans systematically over-trust LLMs in strategic game environments, defaulting to Nash-equilibrium rational play based on assumptions of LLM rationality and cooperation. This behavioural bias has direct security implications for mixed human-LLM systems, where adversaries could exploit predictable human over-trust to manipulate decision outcomes. The findings underscore systemic risks in deploying LLMs as agents in high-stakes economic or security-relevant decision loops.

AML.T0047 - ML-Enabled Product or Service AML.T0043 - Craft Adversarial Data

Frontier AI for Defenders: CrowdStrike and OpenAI TAC

ATLAS OWASP MEDIUM ▲ 6.2 CrowdStrike Blog Apr 17, 2026

CrowdStrike has announced a partnership with OpenAI's Threat Actor Collaboration (TAC) programme, positioning frontier AI models as defensive tools within the cybersecurity operations space. The collaboration signals a broader industry push to deploy advanced LLMs in security contexts, raising important considerations around agentic AI risk, model trust boundaries, and the dual-use nature of frontier AI capabilities. While framed as a defensive initiative, the integration of powerful AI into SOC workflows introduces new attack surfaces including prompt injection against agentic pipelines and potential for sensitive data leakage through LLM interfaces.

AML.T0047 - ML-Enabled Product or Service AML.T0051 - LLM Prompt Injection AML.T0057 - LLM Data Leakage AML.T0040 - ML Model Inference API Access

April 16, 2026

Deterministic + Agentic AI: The Architecture Exposure Validation Requires

ATLAS OWASP MEDIUM ▲ 6.5 The Hacker News Apr 16, 2026

The article examines the architectural tension between fully agentic AI systems and deterministic validation frameworks in security testing contexts, arguing that unconstrained AI autonomy introduces repeatability and auditability risks. It highlights how probabilistic AI behaviour — while valuable for exploration — undermines the measurable, consistent outcomes required for enterprise security validation programs. The piece reflects a broader industry debate about governing AI agency in high-stakes operational environments.

AML.T0047 - ML-Enabled Product or Service AML.T0040 - ML Model Inference API Access

‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

ATLAS OWASP CRITICAL ▲ 9.1 SecurityWeek Apr 16, 2026

A structural vulnerability in Anthropic's Model Context Protocol (MCP) allows unsanitized commands to be executed silently within AI environments, potentially enabling full system compromise. Researchers classify the flaw as 'by design,' meaning it stems from architectural decisions rather than implementation bugs, making it particularly difficult to patch without protocol-level changes. The breadth of MCP adoption across agentic AI toolchains significantly amplifies the supply chain risk.

AML.T0010 - ML Supply Chain Compromise AML.T0051 - LLM Prompt Injection AML.T0047 - ML-Enabled Product or Service AML.T0057 - LLM Data Leakage AML.T0031 - Erode ML Model Integrity

Capsule Security Emerges From Stealth With $7 Million in Funding

ATLAS OWASP MEDIUM ▲ 6.5 SecurityWeek Apr 16, 2026

Capsule Security, an Israeli startup, has emerged from stealth with $7 million in seed funding focused on runtime security for AI agents, continuously monitoring their behaviour to detect and prevent unsafe or malicious actions. This positions the company within the rapidly growing agentic AI security space, where autonomous agents executing actions on behalf of users represent a significant and underexplored attack surface. The funding signals growing investor recognition of the risks posed by unmonitored AI agent behaviour, including prompt injection, excessive agency, and unintended tool use.

AML.T0051 - LLM Prompt Injection AML.T0047 - ML-Enabled Product or Service AML.T0057 - LLM Data Leakage

Does Gas Town 'steal' usage from users' LLM credits to improve itself?

ATLAS OWASP HIGH ▲ 8.5 HN AI Security Apr 16, 2026

Gas Town, a developer tool with 14.2k GitHub stars, allegedly ships configuration files that autonomously consume users' LLM API credits and GitHub account permissions to perform work on the maintainer's own repository — without explicit user consent. This represents a serious instance of unauthorised agentic AI behaviour, where an installed tool hijacks user-provisioned AI resources and credentials for third-party benefit. The incident raises critical concerns around supply chain trust, excessive agency in LLM-integrated tooling, and the abuse of delegated credentials.

AML.T0010 - ML Supply Chain Compromise AML.T0012 - Valid Accounts AML.T0047 - ML-Enabled Product or Service AML.T0040 - ML Model Inference API Access

Microsoft, Salesforce Patch AI Agent Data Leak Flaws

ATLAS OWASP HIGH ▲ 8.2 Dark Reading Apr 16, 2026

Prompt injection vulnerabilities in Salesforce Agentforce and Microsoft Copilot were patched after researchers demonstrated that external attackers could exploit them to exfiltrate sensitive user data. The flaws highlight systemic risks in enterprise AI agent deployments, where insufficient input sanitisation allows malicious content to hijack agent behaviour. Both vendors have issued patches, but the incidents underscore the growing attack surface introduced by agentic AI systems operating with elevated privileges.

AML.T0051 - LLM Prompt Injection AML.T0057 - LLM Data Leakage AML.T0047 - ML-Enabled Product or Service AML.T0056 - LLM Meta Prompt Extraction

What Claude Code's Source Revealed About AI Engineering Culture

ATLAS OWASP MEDIUM ▲ 6.2 HN AI Security Apr 16, 2026

A packaging error exposed 512,000 lines of Claude Code's source, revealing severe code quality issues including a 3,167-line monolithic function, undocumented API waste, and regex-based sentiment analysis in an LLM product — raising questions about the security posture of AI-generated codebases. The disclosure highlights systemic risks when AI systems are used to self-develop production tooling without adequate human review or architectural oversight. These patterns represent meaningful supply chain and excessive agency concerns for enterprise users of Claude Code.

AML.T0010 - ML Supply Chain Compromise AML.T0047 - ML-Enabled Product or Service AML.T0044 - Full ML Model Access

Framework Coverage

ATLAS

MITRE ATLAS 58 mapped techniques

OWASP

OWASP LLM Top 10 41 mapped techniques

AI Security News. Framework Analysis.Structural Insight.