LIVE FEED
FIRST LOOK Yellow Teams Bring AI Offense and Defense Into One Security Function // FIRST LOOK Tracebit Ships AWS Context Bombing Defence Against AI Hacking Agents // FIRST LOOK FriendMachine Launches Jacquard Lang for AI-Written Code Review // CRITICAL Check Point 2026 AI Security Report: LLMs Now Run Live Attacks // FIRST LOOK OpenAI GPT-5.6 Sol Ships Faster Parallel Tool-Use for Agents // FIRST LOOK Meta Launches Muse Image with Public Instagram Photo Reuse // FIRST LOOK Estonia Launches State-Issued Digital IDs for AI Agents // HIGH AI Widens Skill-Ability Gap, Enabling Autonomous Cyberattacks // FIRST LOOK OpenAI Expands ChatGPT Into Family and Caregiver Households // FIRST LOOK Iroh Launches Mesh LLM for Distributed AI Across Peer Nodes //
Meta Launches Muse Image with Public Instagram Photo Reuse

Meta Launches Muse Image with Public Instagram Photo Reuse

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 The Hacker News

Meta's Muse Image model, embedded across its platform family, allows any user to @-mention a public Instagram account and generate AI imagery using that account's public photos and videos — enabled by default with no notification to the subject. This creates significant non-consensual identity and likeness risks at scale, enabling synthetic media abuse, disinformation campaigns, and social engineering lures built from harvested public profile content. Defenders and enterprise security teams should treat this as a new mass-scale OSINT-to-deepfake pipeline that lowers the technical barrier for targeted impersonation attacks to near zero.

OpenClaw AI Assistant Flaws Enable WhatsApp-to-Host RCE

OpenClaw AI Assistant Flaws Enable WhatsApp-to-Host RCE

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 8.5 The Hacker News

Three high-severity vulnerabilities in OpenClaw, a personal AI assistant, have been chained to enable remote code execution on the host system via a WhatsApp message, requiring no prior foothold. The flaws—covering OS command injection, incomplete input filtering, and path traversal—allow sandbox escape, credential theft, and privilege escalation. All three have been patched in OpenClaw version 2026.6.6, but unpatched deployments remain at significant risk.

Google Gemini Android Hijacked by Indirect Prompt Injection

Google Gemini Android Hijacked by Indirect Prompt Injection

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 9.1 The Hacker News

SafeBreach researcher Or Yair demonstrated that malicious text embedded in WhatsApp, Slack, SMS, or Signal notifications could trigger indirect prompt injection against Google Gemini's Android Utilities feature, causing the assistant to execute real device actions without user awareness. A novel bypass technique called 'Fake Context Alignment' defeated Google's post-patch authorization checks by exploiting multilingual obfuscation and muted hyperlinks to trick victims into authorising sensitive actions. Google has patched the issue, but the research exposes a fundamentally large attack surface where any app capable of pushing a notification becomes a potential injection vector.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.