LIVE FEED
ChatGPT Sharing Links Abused for Malware Delivery

ChatGPT Sharing Links Abused for Malware Delivery

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 BleepingComputer

Threat actors are exploiting ChatGPT's legitimate content-sharing infrastructure to host convincing fake outage pages that trick users into downloading malware disguised as a ChatGPT desktop application. The 'LLMShare' campaign abuses chatgpt.com/s/ shared links to render attacker-crafted HTML within a trusted OpenAI domain, bypassing traditional phishing detection that relies on suspicious URL analysis. The attack chain combines Google ad abuse, domain cloaking, and AI platform misuse to deliver what are likely infostealer payloads.

CogCAPTCHA30 Fingerprints AI Agents via Behavioral Analysis

CogCAPTCHA30 Fingerprints AI Agents via Behavioral Analysis

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 HN AI Security

Researchers have developed CogCAPTCHA30, a 30-task cognitive battery demonstrating that AI agents (GPT, Claude, Gemini) solve CAPTCHAs with statistically distinguishable behavioural patterns despite matching human accuracy. The study introduces a 'Process Turing Test' concept, showing output equivalence and process equivalence are uncorrelated — meaning AI agents can be detected not by what they answer, but by how they answer. This has direct implications for bot detection, anti-automation defences, and the arms race between AI-driven agents and human-verification systems.

Robinhood Prompt Injection Enables Autonomous Trade Attacks

Robinhood Prompt Injection Enables Autonomous Trade Attacks

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 HN AI Security

Robinhood has launched agentic trading and a virtual credit card that allow third-party AI agents to autonomously execute stock trades and payments on behalf of users via a Model Context Protocol (MCP) integration. This architecture introduces significant attack surface through prompt injection, excessive agency, and insecure plugin design risks inherent to LLM-driven autonomous financial action. The delegation of real financial authority to AI agents with limited human-in-the-loop controls represents a systemic risk to retail investors if agent pipelines are compromised or manipulated.

mouse5212-super-formatter npm Malware Steals Claude Files

mouse5212-super-formatter npm Malware Steals Claude Files

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 The Hacker News

A malicious npm package named 'mouse5212-super-formatter' was discovered exfiltrating files from Anthropic's Claude AI user directory by authenticating to a threat actor-controlled GitHub repository. The package disguised itself as a legitimate archive utility while silently uploading all local workspace files during the postinstall phase. Notably, the attacker's poor operational security — including a leaked GitHub token — suggests AI-generated malware with minimal human oversight, pointing to a growing trend of low-skill threat actors leveraging AI to produce supply chain malware.

FuzzingBrain V2 Discovers 29 Zero-Day Vulnerabilities

FuzzingBrain V2 Discovers 29 Zero-Day Vulnerabilities

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.8 HN AI Security

Researchers have developed FuzzingBrain V2, a multi-agent LLM system capable of autonomously discovering and reproducing software vulnerabilities with a 90% detection rate on a competitive benchmark dataset. The system discovered 29 zero-day vulnerabilities across 12 open-source projects, all confirmed by maintainers, raising both defensive and dual-use concerns for the security community. While positioned as a defensive research tool, the automation of end-to-end vulnerability discovery at this scale represents a meaningful shift in the offensive capability landscape.

GreyVibe Deploys ChatGPT and Gemini in LLM Attack Chain

GreyVibe Deploys ChatGPT and Gemini in LLM Attack Chain

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 SecurityWeek

WithSecure has documented GreyVibe, a Russia-nexus threat actor systematically deploying ChatGPT, Google Gemini, and Ideogram AI across every phase of its attack chain — from phishing lure creation to custom malware development — against Ukrainian targets since August 2025. The group's LLM-assisted malware, LegionRelay, contained design flaws introduced during AI-generated development, which paradoxically allowed researchers to track the group over an extended period. The case illustrates both the operational leverage AI provides to moderately skilled threat actors and the novel forensic signatures that AI-assisted development can inadvertently introduce.

GreyVibe Uses ChatGPT and Gemini for Ukraine Cyberespionage

GreyVibe Uses ChatGPT and Gemini for Ukraine Cyberespionage

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 BleepingComputer

A likely Russian threat group dubbed GreyVibe has been actively using commercial LLMs — including ChatGPT and Google Gemini — to generate high-quality phishing lures, malware tooling, and social-engineering content targeting Ukrainian military, government, and civilian organisations. WithSecure researchers identified LLM artefact markers embedded in campaign imagery, confirming AI-assisted content generation at scale. The case represents a concrete, documented example of adversarial LLM weaponisation in an active nation-state-adjacent cyberespionage campaign.

SQLite Blocks AI-Generated Code Contributions

SQLite Blocks AI-Generated Code Contributions

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 Simon Willison

SQLite has formally prohibited agentic code contributions and strengthened its policy language, reflecting growing concern over AI-generated submissions overwhelming open source maintainers. The project was forced to create a separate bug forum after being flooded with AI-generated reports of inconsistent quality. This represents an emerging operational security challenge for critical infrastructure software projects targeted by autonomous AI coding agents.

AI Supply Chain Compromise: Models Lack Bill of Materials

AI Supply Chain Compromise: Models Lack Bill of Materials

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 Dark Reading

As AI systems proliferate across enterprise environments, the lack of standardised AI Bills of Materials (AI BOMs) leaves organisations blind to the components, training data, and dependencies embedded in deployed models. The article examines whether 2026 marks a turning point for AI BOM adoption as a risk management practice. Without visibility into AI supply chains, organisations remain exposed to hidden vulnerabilities including poisoned models, compromised dependencies, and undisclosed third-party components.

CVE-2026-5194: Anthropic Claude Discovers 10,000+ Flaws

CVE-2026-5194: Anthropic Claude Discovers 10,000+ Flaws

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 The Hacker News

Anthropic's Project Glasswing has deployed Claude Mythos Preview — a frontier AI model — to autonomously discover over 10,000 high- and critical-severity vulnerabilities across widely used open-source software, with 1,094 confirmed as valid high/critical flaws. The initiative highlights a growing asymmetry: AI is accelerating vulnerability discovery far faster than the security community can remediate, compressing patch windows and raising the stakes for defenders. Anthropic is now urging shorter patch cycles and hardened defaults, warning that comparable offensive capabilities could soon be broadly accessible to threat actors.

Constraint Decay: LLM Code Agents Fail at Scale

Constraint Decay: LLM Code Agents Fail at Scale

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 HN AI Security

A systematic study of LLM agents performing backend code generation reveals a 'constraint decay' phenomenon where agents lose up to 30 assertion pass-rate points as structural requirements accumulate, approaching complete failure in some configurations. This fragility has direct security implications: production deployments relying on LLM-generated code may silently violate architectural constraints such as ORM patterns, database access controls, and API contracts. The findings expose a critical gap between functional correctness and structural safety in agentic coding systems.

SentinelOne Warns on Prompt Injection Risks in AI Agents

SentinelOne Warns on Prompt Injection Risks in AI Agents

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 SentinelOne Blog

SentinelOne has published guidance on securing agentic AI systems, framing unverified trust in AI agents as a core enterprise risk. The piece promotes their Prompt Security product as a control layer for AI tools, agents, and pipelines deployed across the enterprise. While primarily a product-focused announcement, it highlights the genuine security challenge of blind trust in autonomous AI agents executing actions on behalf of users and systems.

Gemini Spark Prompt Injection Exposes Enterprise Gmail Data

Gemini Spark Prompt Injection Exposes Enterprise Gmail Data

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 Simon Willison

Google's newly announced Gemini Spark personal AI agent, integrated with Gmail, Drive, Calendar, and other sensitive Google services, presents a significant prompt injection attack surface as it processes user data at scale. The article highlights that Google's published security mitigations — ephemeral VMs, Agent Gateway, and DLP policies — address infrastructure isolation but do not directly address the prompt injection vector inherent to LLM-powered agents processing untrusted content. Additionally, the transition from open-source Gemini CLI to a closed-source Antigravity CLI raises supply chain transparency concerns.

AI Agent Identity Sprawl Bypasses Enterprise IAM Systems

AI Agent Identity Sprawl Bypasses Enterprise IAM Systems

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 Dark Reading

As AI agents proliferate across enterprise environments, their associated non-human identities are introducing governance and security gaps that traditional IAM frameworks were not designed to handle. New Omdia research highlights that AI agent identity management demands distinct budget allocations and security controls separate from conventional IAM programs. The failure to properly secure and govern these machine identities exposes organisations to credential abuse, privilege escalation, and lateral movement risks.

LLM Safety Benchmarks Fail to Reliably Measure Security

LLM Safety Benchmarks Fail to Reliably Measure Security

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 Schneier on Security

A report highlighted by Bruce Schneier argues that AI security cannot be reliably measured through benchmarks alone, drawing parallels to the decades-long evolution of software security engineering. The core finding is that LLM weight spaces encode continuous spectrums that resist meaningful quantitative measurement, making trust in model outputs structurally difficult to establish. The practical implication is that organisations must rely on assurance processes rather than scorecards to manage AI security risk.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.