Slsa-Provenance | GRID THE GREY

LIVE THREATS

CRITICAL Miasma Worm Targets AI Coding Agents via Poisoned Microsoft Packages // MEDIUM AI Security M&A Surge: Agentic Identity, LLM Evaluation, and Browser Control Targeted // HIGH Claude Code GitHub Action Leaked CI/CD Secrets via Prompt Injection // HIGH Gartner Flags Deepfakes and Prompt Injection Among Top Attacker Advantages // MEDIUM OpenAI Lockdown Mode Targets Prompt Injection Data Exfiltration Vector // HIGH Prototype AI Worm Carries Embedded LLM for Decentralised Self-Propagation // HIGH Unauthorized Access to Anthropic's Claude Mythos Exposes Agentic AI Defense Risks // MEDIUM Microsoft Scout Autonomous Agent Expands Attack Surface Across Microsoft 365 // HIGH High-Autonomy AI Agents With Broad Permissions Pose Enterprise Security Crisis // HIGH Indirect Prompt Injection via Notifications Hijacks Google Gemini on Android //

1 report

All LLM Security Industry News Agentic AI Research Supply Chain Prompt Injection Regulatory Adversarial ML Jailbreaks Model Theft Data Poisoning

Miasma Worm Targets AI Coding Agents via Poisoned Microsoft Packages

ATLAS OWASP CRITICAL Ars Technica Security Jun 09, 2026 ▲ 8.5

Miasma Worm Targets AI Coding Agents via Poisoned Microsoft Packages

Seventy-three Microsoft-hosted open source packages were compromised with the Miasma credential-stealing worm, which activates specifically when developers open packages inside AI coding agents. The …

AML.T0010 - ML Supply Chain Compromise AML.T0012 - Valid Accounts AML.T0047 - ML-Enabled Product or Service