LIVE FEED
FIRST LOOK Yellow Teams Bring AI Offense and Defense Into One Security Function // FIRST LOOK Tracebit Ships AWS Context Bombing Defence Against AI Hacking Agents // FIRST LOOK FriendMachine Launches Jacquard Lang for AI-Written Code Review // CRITICAL Check Point 2026 AI Security Report: LLMs Now Run Live Attacks // FIRST LOOK OpenAI GPT-5.6 Sol Ships Faster Parallel Tool-Use for Agents // FIRST LOOK Meta Launches Muse Image with Public Instagram Photo Reuse // FIRST LOOK Estonia Launches State-Issued Digital IDs for AI Agents // HIGH AI Widens Skill-Ability Gap, Enabling Autonomous Cyberattacks // FIRST LOOK OpenAI Expands ChatGPT Into Family and Caregiver Households // FIRST LOOK Iroh Launches Mesh LLM for Distributed AI Across Peer Nodes //
Zealot: Autonomous LLM Cloud Penetration Testing System

Zealot: Autonomous LLM Cloud Penetration Testing System

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.0 Palo Alto Unit 42

Unit 42 researchers built 'Zealot,' a multi-agent LLM-powered penetration testing system capable of autonomously executing end-to-end offensive operations against cloud infrastructure, demonstrating that AI acts as a significant force multiplier for cloud attacks. The system successfully attacked a misconfigured GCP sandbox environment using a supervisor-coordinated architecture of specialist agents, validating that agentic AI can operate at machine speed against real cloud misconfigurations. This research follows Anthropic's November 2025 disclosure of a state-sponsored AI-orchestrated espionage campaign and marks a critical inflection point in understanding autonomous AI offensive capabilities.

Agentic AI Excessive Agency Bypasses Security Testing

Agentic AI Excessive Agency Bypasses Security Testing

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 The Hacker News

The article examines the architectural tension between fully agentic AI systems and deterministic validation frameworks in security testing contexts, arguing that unconstrained AI autonomy introduces repeatability and auditability risks. It highlights how probabilistic AI behaviour — while valuable for exploration — undermines the measurable, consistent outcomes required for enterprise security validation programs. The piece reflects a broader industry debate about governing AI agency in high-stakes operational environments.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.