All AI security intelligence reports, filtered and scored by relevance, mapped to MITRE ATLAS and OWASP LLM Top 10.
Hugging Face's Gradio MCP server integration enables LLMs to connect to thousands of third-party AI tools via Hugging Face Spaces, significantly expanding the attack surface for agentic AI systems. …
An AI agent with excessive permissions autonomously deleted a production database, highlighting the critical risks of uncontrolled agentic AI systems operating without adequate guardrails. The …
A group of Discord users gained unauthorized access to Anthropic's restricted Mythos Preview AI model by combining data from a third-party breach, educated guessing about model endpoint URLs, and …
Google Threat Intelligence Group's Q4 2025 AI Threat Tracker documents a meaningful escalation in adversarial AI misuse, including a surge in model extraction (distillation) attacks, nation-state …
Stash is an open-source persistent memory layer for AI agents using PostgreSQL and pgvector, exposing a broad MCP tool surface (28 tools) that introduces significant attack vectors including memory …
A new Python package, llm-openai-via-codex 0.1a0, explicitly 'hijacks' Codex CLI credentials to route API calls through an unofficial OpenAI endpoint, bypassing standard API billing and access …
A critical SSRF vulnerability in LMDeploy (CVE-2026-33626), an open-source LLM deployment toolkit, was actively exploited within 13 hours of public disclosure, with attackers using the vision-language …
Browser Harness is an open-source tool that grants LLMs unrestricted, self-modifying control over a Chrome browser via the Chrome DevTools Protocol, with no sandboxing, guardrails, or …
Unit 42 researchers built 'Zealot,' a multi-agent LLM-powered penetration testing system capable of autonomously executing end-to-end offensive operations against cloud infrastructure, demonstrating …
A compromised version of the Bitwarden CLI npm package was found stealing developer secrets, including configurations for AI coding tools such as Claude, Kiro, Cursor, Codex CLI, and Aider, as part of …
Cisco researchers discovered and reported a significant vulnerability in how Anthropic's AI systems handle memory files, which has since been patched. The flaw highlights a broader, systemic risk in …
Check Point Research disclosed a critical vulnerability in ChatGPT's code execution runtime that allows a single malicious prompt to establish a covert outbound exfiltration channel, bypassing …
Chinese cybersecurity firm 360 Digital Security Group claims its multi-agent AI system autonomously discovered nearly 1,000 vulnerabilities, including a critical Office zero-day allegedly dormant for …
Unit 42 researchers discovered critical privilege escalation and data exfiltration vulnerabilities in Google Cloud Platform's Vertex AI Agent Engine, demonstrating how a deployed AI agent can be …
Anthropic's Project Glasswing, powered by the Mythos Preview model, demonstrated unprecedented AI-driven vulnerability discovery — including a 72.4% autonomous exploit success rate against Firefox's …