LIVE FEED
LLM Agents Exploit Human Over-Trust in Strategic Games

LLM Agents Exploit Human Over-Trust in Strategic Games

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 Schneier on Security

Research published via Schneier on Security reveals that humans systematically over-trust LLMs in strategic game environments, defaulting to Nash-equilibrium rational play based on assumptions of LLM rationality and cooperation. This behavioural bias has direct security implications for mixed human-LLM systems, where adversaries could exploit predictable human over-trust to manipulate decision outcomes. The findings underscore systemic risks in deploying LLMs as agents in high-stakes economic or security-relevant decision loops.

CrowdStrike OpenAI LLM Integration Raises Prompt Injection Risks

CrowdStrike OpenAI LLM Integration Raises Prompt Injection Risks

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 CrowdStrike Blog

CrowdStrike has announced a partnership with OpenAI's Threat Actor Collaboration (TAC) programme, positioning frontier AI models as defensive tools within the cybersecurity operations space. The collaboration signals a broader industry push to deploy advanced LLMs in security contexts, raising important considerations around agentic AI risk, model trust boundaries, and the dual-use nature of frontier AI capabilities. While framed as a defensive initiative, the integration of powerful AI into SOC workflows introduces new attack surfaces including prompt injection against agentic pipelines and potential for sensitive data leakage through LLM interfaces.

Agentic AI Excessive Agency Bypasses Security Testing

Agentic AI Excessive Agency Bypasses Security Testing

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 The Hacker News

The article examines the architectural tension between fully agentic AI systems and deterministic validation frameworks in security testing contexts, arguing that unconstrained AI autonomy introduces repeatability and auditability risks. It highlights how probabilistic AI behaviour — while valuable for exploration — undermines the measurable, consistent outcomes required for enterprise security validation programs. The piece reflects a broader industry debate about governing AI agency in high-stakes operational environments.

SUPPLY CHAINSecurityWeekCRITICALAnthropic MCP Supply Chain Flaw EnablesCommand Injection

Anthropic MCP Supply Chain Flaw Enables Command Injection

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.1 SecurityWeek

A structural vulnerability in Anthropic's Model Context Protocol (MCP) allows unsanitized commands to be executed silently within AI environments, potentially enabling full system compromise. Researchers classify the flaw as 'by design,' meaning it stems from architectural decisions rather than implementation bugs, making it particularly difficult to patch without protocol-level changes. The breadth of MCP adoption across agentic AI toolchains significantly amplifies the supply chain risk.

AGENTIC AISecurityWeekMEDIUMAI Agent Prompt Injection and Data LeakageThreats Rise

AI Agent Prompt Injection and Data Leakage Threats Rise

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 SecurityWeek

Capsule Security, an Israeli startup, has emerged from stealth with $7 million in seed funding focused on runtime security for AI agents, continuously monitoring their behaviour to detect and prevent unsafe or malicious actions. This positions the company within the rapidly growing agentic AI security space, where autonomous agents executing actions on behalf of users represent a significant and underexplored attack surface. The funding signals growing investor recognition of the risks posed by unmonitored AI agent behaviour, including prompt injection, excessive agency, and unintended tool use.

Gas Town Supply Chain Attack Hijacks LLM Credits

Gas Town Supply Chain Attack Hijacks LLM Credits

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 HN AI Security

Gas Town, a developer tool with 14.2k GitHub stars, allegedly ships configuration files that autonomously consume users' LLM API credits and GitHub account permissions to perform work on the maintainer's own repository — without explicit user consent. This represents a serious instance of unauthorised agentic AI behaviour, where an installed tool hijacks user-provisioned AI resources and credentials for third-party benefit. The incident raises critical concerns around supply chain trust, excessive agency in LLM-integrated tooling, and the abuse of delegated credentials.

0x4F0x3A0xFF0x0D0x7B0xC20xA10x550x0D0x7B0xC20xA10x550xE80x120x9F0xA10x550xE80x120x9F0xD40x2E0x880x120x9F0xD40x2E0x880x610xB30x4F0x2E0x880x610xB30x4F0x3A0xFF0x0D0xB30x4F0x3A0xFF0x0D0x7B0xC20xA10xFF0x0D0x7B0xC20xA10x550xE80x12LLM SECURITYDark ReadingHIGHPrompt Injection Flaws in Salesforce and AIMicrosoft

Prompt Injection Flaws in Salesforce and Microsoft AI

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 Dark Reading

Prompt injection vulnerabilities in Salesforce Agentforce and Microsoft Copilot were patched after researchers demonstrated that external attackers could exploit them to exfiltrate sensitive user data. The flaws highlight systemic risks in enterprise AI agent deployments, where insufficient input sanitisation allows malicious content to hijack agent behaviour. Both vendors have issued patches, but the incidents underscore the growing attack surface introduced by agentic AI systems operating with elevated privileges.

Claude Code Source Leak Exposes 512K Lines of Code

Claude Code Source Leak Exposes 512K Lines of Code

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 HN AI Security

A packaging error exposed 512,000 lines of Claude Code's source, revealing severe code quality issues including a 3,167-line monolithic function, undocumented API waste, and regex-based sentiment analysis in an LLM product — raising questions about the security posture of AI-generated codebases. The disclosure highlights systemic risks when AI systems are used to self-develop production tooling without adequate human review or architectural oversight. These patterns represent meaningful supply chain and excessive agency concerns for enterprise users of Claude Code.

GPT-5.4-Cyber Jailbreak and Prompt Injection Risks

GPT-5.4-Cyber Jailbreak and Prompt Injection Risks

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 The Hacker News

OpenAI has launched GPT-5.4-Cyber, a cybersecurity-optimised model variant, alongside an expanded Trusted Access for Cyber (TAC) programme targeting authenticated defenders and security teams. While the initiative is framed as a defensive measure, the dual-use nature of a vulnerability-detection model introduces significant risk of adversarial inversion — where threat actors could exploit the same capabilities to discover and weaponise unpatched vulnerabilities at scale. OpenAI acknowledges this risk and states it is iteratively strengthening safeguards against jailbreaks and adversarial prompt injection as access broadens.

Pushpaganda: AI-Generated Scareware Hits Google Discover

Pushpaganda: AI-Generated Scareware Hits Google Discover

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.2 The Hacker News

A large-scale ad fraud and scareware campaign dubbed 'Pushpaganda' has been uncovered exploiting Google Discover by using AI-generated content to poison search discovery surfaces and lure users into enabling malicious push notifications. At its peak the operation generated 240 million bid requests across 113 domains in a single week, demonstrating how AI-generated disinformation can be weaponised as an automated delivery mechanism for financial fraud. The campaign highlights the growing abuse of generative AI to scale deceptive content operations against trusted platform surfaces.

Scanning for AI Models, (Tue, Apr 14th)

Scanning for AI Models, (Tue, Apr 14th)

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.8 SANS Internet Storm Center

A single threat actor (IP 81.168.83.103) has been systematically scanning internet-facing systems since at least January 2026, specifically targeting credential files, API tokens, and configuration data associated with popular AI platforms including OpenAI, Anthropic Claude, HuggingFace, and the Openclaw/Clawdbot tools. The campaign focuses on harvesting AI API credentials and secrets stored in predictable file paths, representing a targeted reconnaissance effort against AI model deployments. If successful, these probes could enable API key theft, model access abuse, and broader compromise of AI-integrated systems.

0x4F0x3A0xFF0x0D0x7B0xC20xA10x550x0D0x7B0xC20xA10x550xE80x120x9F0xA10x550xE80x120x9F0xD40x2E0x880x120x9F0xD40x2E0x880x610xB30x4F0x2E0x880x610xB30x4F0x3A0xFF0x0D0xB30x4F0x3A0xFF0x0D0x7B0xC20xA10xFF0x0D0x7B0xC20xA10x550xE80x12RESEARCHSchneier on SecurityMEDIUMLLM Jailbreak Adoption Surges Across 160+Cybercrime Forums

LLM Jailbreak Adoption Surges Across 160+ Cybercrime Forums

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 Schneier on Security

A new academic paper analysed over 160 cybercrime forum conversations to understand how threat actors are discussing and adopting AI tools for criminal purposes. The research documents both misuse of legitimate AI platforms and attempts to build bespoke criminal AI models, revealing early-stage diffusion of AI capabilities within cybercriminal communities. The findings carry practical implications for law enforcement and security practitioners monitoring the evolving AI-enabled threat landscape.

Anthropic Model Exploits Zero-Days Faster Than SOC Response

Anthropic Model Exploits Zero-Days Faster Than SOC Response

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 The Hacker News

The article highlights a critical operational gap in SOC environments where AI-accelerated adversarial capabilities — including an Anthropic model restricted after autonomously exploiting zero-day vulnerabilities — are outpacing defender response workflows. While detection times (MTTD) have improved, the post-alert investigation window remains the primary exposure point, with breakout times of 29 minutes and adversary hand-off times collapsing to 22 seconds. The piece argues that AI-driven investigation tooling is the necessary counter to compress this post-alert gap.

Anthropic Claude Mythos Sparks AI Vulnerability Storm Warning

Anthropic Claude Mythos Sparks AI Vulnerability Storm Warning

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 Dark Reading

The Cloud Security Alliance has issued a warning about an anticipated 'AI vulnerability storm' following the release of Anthropic's Claude Mythos model, urging CISOs to prepare defensive postures in advance of expected exploit activity. The advisory signals growing institutional concern that major LLM releases create systemic risk windows as adversaries probe new model capabilities and attack surfaces. Security leaders are being advised to treat post-release periods of frontier AI models as high-alert intervals requiring elevated monitoring and response readiness.

GenAI Security Risks: OWASP Updates LLM Top 10 Framework

GenAI Security Risks: OWASP Updates LLM Top 10 Framework

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 7.2 Dark Reading

OWASP has updated its GenAI Security Project to formally recognise 21 generative AI risks, releasing a new tools matrix to help organisations structure their defences. The update notably distinguishes between securing traditional GenAI systems and the emerging attack surface presented by agentic AI architectures. This guidance represents a significant standards-level acknowledgement that agentic AI requires its own dedicated security posture.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.