Rce | GRID THE GREY

5 reports

All LLM Security Industry News Agentic AI Research Supply Chain Prompt Injection Regulatory Adversarial ML Jailbreaks Model Theft Data Poisoning

ATLAS OWASP HIGH The Hacker News May 14, 2026 ▲ 7.8

Microsoft MDASH Agentic AI System Discovers 16 Critical Windows Vulnerabilities

Microsoft has disclosed MDASH, a multi-model agentic AI scanning system that autonomously discovered 16 vulnerabilities patched in May 2026's Patch Tuesday, including two critical RCE flaws. The …

AML.T0047 - ML-Enabled Product or Service AML.T0040 - ML Model Inference API Access AML.T0043 - Craft Adversarial Data

ATLAS OWASP HIGH Dark Reading May 08, 2026 ▲ 8.5

Malicious Repos Trigger Silent Code Execution in Claude, Cursor, Gemini CLIs

A vulnerability class dubbed 'TrustFall' demonstrates that malicious code repositories can trigger arbitrary code execution in AI-assisted developer tools including Claude Code, Cursor CLI, Gemini …

AML.T0051 - LLM Prompt Injection AML.T0010 - ML Supply Chain Compromise AML.T0047 - ML-Enabled Product or Service

ATLAS OWASP CRITICAL Microsoft Security Blog May 08, 2026 ▲ 9.2

Prompt Injection Achieves Remote Code Execution in Semantic Kernel Agent Framework

Microsoft's Defender Security Research Team disclosed two CVEs in Semantic Kernel — a widely-used AI agent orchestration framework — demonstrating how prompt injection can escalate to remote code …

AML.T0051 - LLM Prompt Injection AML.T0047 - ML-Enabled Product or Service AML.T0043 - Craft Adversarial Data

ATLAS OWASP CRITICAL Dark Reading Apr 22, 2026 ▲ 8.5

Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool

Google has patched a critical prompt injection vulnerability in an agentic AI tool designed for filesystem operations, where insufficient input sanitisation enabled sandbox escape and arbitrary code …

AML.T0051 - LLM Prompt Injection AML.T0047 - ML-Enabled Product or Service AML.T0057 - LLM Data Leakage

ATLAS OWASP CRITICAL The Hacker News Apr 13, 2026 ▲ 9.4

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

A maximum-severity (CVSS 10.0) remote code execution vulnerability in Flowise, a widely-used open-source AI agent builder, is under active exploitation with over 12,000 internet-exposed instances at …

AML.T0047 - ML-Enabled Product or Service AML.T0040 - ML Model Inference API Access AML.T0010 - ML Supply Chain Compromise