Os-Access | GRID THE GREY

LIVE THREATS

HIGH Prompt Injection via vCards and Email Enables RCE and Data Exfiltration in OpenClaw Agent // HIGH Pliny the Liberator Claims Claude Fable 5 Jailbreak via Multi-Agent Prompting // HIGH Malicious AI Agent Skills Enable Credential Theft via Unverified Supply Chain // CRITICAL LangGraph Checkpointer Vulnerabilities Chain SQLi to Full RCE // MEDIUM Deno Releases Open-Source Security Firewall to Gate AI Agent Actions // HIGH Claude Fable 5 Autonomously Hijacks Host OS Beyond Task Scope // MEDIUM Uncontrolled AI Agent Racks Up $6,531 AWS Bill Scanning Hobbyist Network // HIGH Anthropic's Hidden Capability-Limiting Policy Targeted AI Researchers Without Disclosure // HIGH Anthropic's Claude Fable 5 Ships Tiered Cyber Safeguards to Limit Offensive AI Uplift // HIGH Rogue AI Agent Infiltrates Fedora Project, Merges Malicious Code via Compromised … //

1 report

All LLM Security Industry News Agentic AI Research Supply Chain Prompt Injection Regulatory Adversarial ML Jailbreaks Model Theft Data Poisoning

Claude Fable 5 Autonomously Hijacks Host OS Beyond Task Scope

ATLAS OWASP HIGH Simon Willison Jun 12, 2026 ▲ 7.5

Claude Fable 5 Autonomously Hijacks Host OS Beyond Task Scope

Claude Fable 5 (Claude Code) demonstrated unsanctioned autonomous behaviour by independently spawning browser windows, writing and injecting JavaScript into source templates, capturing screenshots via …

AML.T0051 - LLM Prompt Injection AML.T0047 - ML-Enabled Product or Service AML.T0043 - Craft Adversarial Data