LIVE FEED
Microsoft MDASH Brings AI-Powered Windows Vulnerability Discovery

Microsoft MDASH Brings AI-Powered Windows Vulnerability Discovery

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 BleepingComputer

Microsoft has deployed MDASH (Multi-model Agentic Scanning Harness), an AI-powered agentic system that autonomously scans Windows binaries for vulnerabilities and validates findings through multiple AI models before human engineer review. The accelerated discovery pipeline means defenders will see a higher volume of Patch Tuesday fixes, compressing patch deployment windows and increasing pressure on enterprise patch management processes. Simultaneously, the same AI-accelerated vulnerability discovery capability is available to adversaries, raising the risk that threat actors identify and weaponise flaws faster than Microsoft's pipeline can remediate them.

FableCut Ships AI-Drivable Browser Video Editor via MCP and REST

FableCut Ships AI-Drivable Browser Video Editor via MCP and REST

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 7.2 HN AI Security

FableCut is a zero-dependency, browser-based non-linear video editor that exposes its entire timeline as a JSON document and accepts live control from AI agents via MCP (Model Context Protocol) and REST APIs, enabling tools like Claude Code or Claude Desktop to autonomously edit video. This agent-accessible media pipeline introduces meaningful new attack surface: any AI agent granted MCP/REST access can read, overwrite, or poison the JSON timeline, and a compromised or prompt-injected agent could silently alter exported video content. Defenders managing AI agent workflows that touch media pipelines should treat this as an unsandboxed tool-use endpoint requiring strict authZ, input validation, and output integrity checks.

AI Agents Emerge as a New Identity Class Orgs Must Secure

AI Agents Emerge as a New Identity Class Orgs Must Secure

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 Dark Reading

AI agents are being recognised as a distinct identity type that cannot be adequately governed using legacy service account or API token frameworks, requiring purpose-built identity and access management approaches. For defenders, this gap means agents operating today are likely over-privileged, under-monitored, and outside existing IAM policy scope. Security teams face an immediate challenge in extending least-privilege, auditability, and lifecycle management controls to autonomous agent identities before adversaries exploit the blind spot.

Y Combinator Ships Agentic Code Generation at 37K Lines Daily

Y Combinator Ships Agentic Code Generation at 37K Lines Daily

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 5.8 HN AI Security

Y Combinator CEO Garry Tan has publicly claimed to ship approximately 37,000 lines of AI-generated code per day using agentic coding tools, and an independent developer analysis has revealed the underlying mechanics of this workflow. This level of AI-assisted code velocity introduces meaningful security concerns around code provenance, supply chain integrity, and the reduced human review time per line of shipped code. Defenders should treat high-velocity AI code pipelines as a new supply chain risk category requiring dedicated SAST/DAST tooling and policy controls.

Google Gemini Abused for Phishing-as-a-Service

Google Gemini Abused for Phishing-as-a-Service

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 Schneier on Security

A Chinese cybercriminal group called Outsider Enterprise exploited Google's Gemini AI to mass-produce phishing pages impersonating Google, YouTube, and government agencies like E-ZPass, offering nearly 300 scam templates via Telegram. Google has filed suit and coordinated with major US carriers to block the resulting smishing campaigns. The case highlights how generative AI lowers the technical barrier for large-scale phishing operations and stress-tests provider-side content controls.

Writer AI Session Token Leak Enables Account Takeover

Writer AI Session Token Leak Enables Account Takeover

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 The Hacker News

A critical vulnerability dubbed WriteOut in the Writer enterprise AI platform allowed attackers to hijack victim session tokens across organisational boundaries using a malicious agent preview link. The flaw exploited Writer's live preview sandbox, which incorrectly forwarded authenticated session cookies into attacker-controlled execution environments. Writer has patched the issue by isolating sandbox origins and stripping session cookies from preview requests.

Tencent Releases Hy3 295B Open-Source Model with 256K Context

Tencent Releases Hy3 295B Open-Source Model with 256K Context

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 5.5 Simon Willison

Tencent has released Hy3, a 295B-parameter Mixture-of-Experts open-source model under Apache 2.0, featuring 256K context length and temporarily available for free inference via OpenRouter. The model's large context window, open weights, and Chinese provenance expand the attack surface for defenders managing LLM supply chains, jailbreak campaigns, and influence operations. Security teams should treat this as another high-capability open-weight model requiring the same scrutiny applied to comparable releases from Mistral or Meta.

NVIDIA and Hugging Face Launch GR00T 1.7 Robot Model

NVIDIA and Hugging Face Launch GR00T 1.7 Robot Model

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.8 NVIDIA AI Blog

NVIDIA and Hugging Face have integrated the Isaac GR00T 1.7 vision-language-action model, Isaac Teleop framework, and a 350,000-trajectory open dataset into the LeRobot open-source robotics library, creating an end-to-end open pipeline for training and deploying physical AI systems. This dramatically lowers the barrier to fine-tuning and deploying robot foundation models, expanding the attack surface across the full ML supply chain — from poisoned community datasets to adversarially crafted demonstrations used in teleop data collection. Defenders responsible for robotics deployments must now contend with a large, loosely governed open-source ecosystem where compromised models or datasets can directly translate to unsafe physical-world behaviour.

AWS Launches Multi-Turn RL for Amazon Nova

AWS Launches Multi-Turn RL for Amazon Nova

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 AWS Machine Learning Blog

AWS has released a production-grade, event-driven multi-turn reinforcement learning training infrastructure for Amazon Nova models on SageMaker HyperPod, enabling enterprises to train agents that learn tool orchestration, error recovery, and sequential decision-making at scale. This materially expands the attack surface by introducing complex reward-routing pipelines, ephemeral compute provisioning, and environment-facing reward workers as new targets for poisoning and manipulation. Defenders must scrutinise the trust boundaries between the Nova Forge SDK, ECS reward workers, and HyperPod training pods, as a compromised reward signal can silently shape model behaviour across entire interaction sequences.

OfficeCLI Brings Microsoft Office Automation to AI Agents

OfficeCLI Brings Microsoft Office Automation to AI Agents

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.8 HN AI Security

OfficeCLI is an open-source, single-binary tool that enables AI agents to programmatically read, write, and automate Microsoft Word, Excel, and PowerPoint files without requiring a local Office installation. This dramatically expands the file-system attack surface for agentic AI systems, enabling prompt injection via document content, automated exfiltration of sensitive Office files, and weaponisation of documents as a persistent injection vector. Defenders operating AI agent pipelines that touch file systems must now treat any Office document as a potential adversarial input channel.

Prompt Injection Attacks Manipulate AI Crypto Agents

Prompt Injection Attacks Manipulate AI Crypto Agents

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 SecurityWeek

Researchers identified two active campaigns embedding indirect prompt injection payloads in malicious websites to manipulate autonomous AI agents into executing unauthorised cryptocurrency transactions. The attacks exploit the growing deployment of agentic AI systems that browse the web and take real-world actions with minimal human oversight. This represents a concrete, financially motivated escalation of prompt injection from data exfiltration to direct fund theft.

SkillCloak Bypasses AI Agent Skill Scanners at 90% Rate

SkillCloak Bypasses AI Agent Skill Scanners at 90% Rate

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 The Hacker News

Researchers at Hong Kong University of Science and Technology have demonstrated that static scanners used to vet malicious AI agent 'skills' — modular add-ons for agents like Claude Code and OpenAI Codex — can be systematically bypassed using a tool called SKILLCLOAK. The technique leverages either character-substitution obfuscation or self-extracting packing into scanner-ignored directories like .git/, achieving evasion rates above 90% across all eight tested scanners. The same research team also developed SKILLDETONATE, a runtime behavioral sandbox that catches most of the threats static analysis misses.

Amazon Q Extension Credential Theft via MCP Injection

Amazon Q Extension Credential Theft via MCP Injection

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 Dark Reading

A vulnerability in the Amazon Q Visual Studio Code extension allows adversaries to plant malicious repositories that execute arbitrary code and exfiltrate cloud credentials. The flaw highlights escalating risks associated with Model Context Protocol (MCP) integrations embedded within AI-powered developer tools. This attack vector represents a growing threat surface as AI coding assistants gain privileged access to developer environments and cloud infrastructure.

Alibaba and Baidu Launch LLMs With US-Level Capabilities

Alibaba and Baidu Launch LLMs With US-Level Capabilities

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.2 Dark Reading

Two newly released large language models from Chinese AI firms have reached capability parity with leading US frontier models, expanding the global pool of powerful AI available to both commercial and adversarial users. For defenders, this development broadens the asymmetry between attackers — who gain access to capable, potentially less-restricted models — and defenders, who must now account for threats generated by a wider set of model providers. Security teams should anticipate increased use of these models for offensive tasks such as phishing content generation, vulnerability research automation, and social engineering at scale.

Langflow LLM Agents Exploited for Ransomware Delivery

Langflow LLM Agents Exploited for Ransomware Delivery

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 SecurityWeek

A documented ransomware attack leveraged agentic AI infrastructure — specifically the Langflow LLM orchestration platform — to automate multi-stage intrusion chains combining known exploitation techniques with real-time LLM reasoning. This marks a significant escalation in threat actor capability, demonstrating that agentic AI can serve as an autonomous attack coordinator rather than merely an assistant. Security teams running self-hosted AI orchestration platforms now face an expanded attack surface where the AI layer itself can be both the entry point and the execution engine.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.