AI Security Wire

Threat actors are embedding prompt injection payloads in third-party LLM plugins and data sources to hijack AI agent actions, exfiltrate data, and pivot within enterprise environments.

A critical deserialization vulnerability in a widely-deployed ML model serving framework allows unauthenticated remote code execution via crafted model files. Patch immediately — active exploitation observed in the wild.

PhantomSynth is a financially motivated threat actor that has industrialised the use of LLMs to generate hyper-personalised spear phishing lures at scale, dramatically lowering the cost of targeted social engineering campaigns.

Model inversion and training data extraction attacks allow adversaries to recover PII, proprietary data, and trade secrets from fine-tuned LLMs exposed via API — a significant compliance and IP risk for enterprises.

Deepfake video and audio fraud against financial institutions reached record levels in Q1 2026, driven by the commoditisation of real-time face-swap and voice cloning tools now available for under $50/month on criminal markets.