Aws-Bedrock | GRID THE GREY

LIVE THREATS

MEDIUM AI-Powered Honeypots Expose Blind Spots in Automated Malicious AI Agents // HIGH DPRK Actors Use Claude LLM to Inject Malware Into npm Supply Chain // CRITICAL SQL Injection in LiteLLM Proxy Exposes LLM Provider Keys Within 36 Hours // MEDIUM Agentic AI Defense Costs Spiral as Adversarial Attack Volume Surges // HIGH FIDO Alliance Launches Standards Push to Secure AI Agent Transactions // CRITICAL Pre-Auth SQLi Flaw in LiteLLM Gateway Actively Exploited to Steal AI Credentials // LOW Welcoming Llama Guard 4 on Hugging Face Hub // HIGH Frontier agentic LLMs risk industrialising cyberattacks, but may also empower defenders. // HIGH TeamPCP resumes supply chain attacks, poisoning xinference PyPI and triggering a Bitwarden … // MEDIUM Hugging Face 'Spaces' now acts as an MCP-App-Store. Anybody thinking on the security … //

1 report

All LLM Security Industry News Agentic AI Research Supply Chain Prompt Injection Regulatory Adversarial ML Model Theft Jailbreaks Data Poisoning

SQL Injection in LiteLLM Proxy Exposes LLM Provider Keys Within 36 Hours

ATLAS OWASP CRITICAL The Hacker News Apr 30, 2026 ▲ 9.2

SQL Injection in LiteLLM Proxy Exposes LLM Provider Keys Within 36 Hours

A critical SQL injection vulnerability (CVE-2026-42208, CVSS 9.3) in BerriAI's LiteLLM AI gateway was actively exploited within 36 hours of public disclosure, targeting database tables storing …

AML.T0012 - Valid Accounts AML.T0040 - ML Model Inference API Access AML.T0047 - ML-Enabled Product or Service