All AI security intelligence reports, filtered and scored by relevance, mapped to MITRE ATLAS and OWASP LLM Top 10.
A vulnerability dubbed ClaudeBleed in Anthropic's Claude Chrome extension allows any browser extension to inject arbitrary prompts into the Claude AI agent by exploiting lax permission checks and …
Mozilla used early access to Anthropic's Claude Mythos model to systematically discover and patch hundreds of previously unknown vulnerabilities in Firefox, including bugs over 15–20 years old. The …
Threat actors created a convincing fake website impersonating Anthropic's Claude AI to trick developers into downloading a trojanized installer that deploys the new 'Beagle' backdoor alongside a PlugX …
A vulnerability class dubbed 'TrustFall' demonstrates that malicious code repositories can trigger arbitrary code execution in AI-assisted developer tools including Claude Code, Cursor CLI, Gemini …
Mitiga Labs has disclosed a stealthy attack chain targeting Claude Code's MCP infrastructure, allowing adversaries to silently intercept OAuth tokens by redirecting MCP traffic through …
Cisco's AI Threat Intelligence team has demonstrated that bounded pixel-level perturbations can recover the attack effectiveness of degraded typographic images against vision-language models (VLMs), …
Microsoft's Defender Security Research Team disclosed two CVEs in Semantic Kernel — a widely-used AI agent orchestration framework — demonstrating how prompt injection can escalate to remote code …
Enterprises are deploying AI agents faster than governance frameworks can track them, creating a shadow identity layer that operates outside traditional IAM visibility. These agents run continuously, …
A critical heap out-of-bounds read vulnerability (CVE-2026-7482, CVSS 9.3) in Ollama's GGUF model loader allows unauthenticated remote attackers to exfiltrate sensitive heap memory — including API …
Joey Melo, Principal Security Researcher at CrowdStrike, outlines his methodology for AI red teaming, focusing on manipulating LLM guardrails through jailbreaking and data poisoning without altering …
A scan of over one million exposed AI services found pervasive security failures including absent authentication, leaked API keys, and exposed business logic across self-hosted LLM deployments. Agent …
A malicious version of PyTorch Lightning (v2.6.3) was published to PyPI, embedding a hidden execution chain that silently downloads a JavaScript runtime and executes a heavily obfuscated …
The US Department of Defense has formalised agreements with seven major technology companies — including Google, Microsoft, OpenAI, and Amazon Web Services — to integrate AI into classified military …
Loopsy is an open-source tool enabling cross-machine communication between AI coding agents (Claude Code, Cursor, Codex) and mobile devices via a self-hosted Cloudflare Workers relay. While designed …
agent-desktop is an open-source Rust CLI tool that exposes full OS accessibility trees to AI agents, enabling programmatic control of any desktop application without screenshots or browser sandboxing. …