The OWASP Top 10 for LLM Applications (v2.0): each vulnerability class, real-world observed attacks, and defensive controls for enterprise AI teams.
The OWASP Top 10 for LLM Applications (v2.0): each vulnerability class, real-world observed attacks, and defensive controls for enterprise AI teams.
Meta's AI support chatbot had a confused deputy flaw allowing attackers to hijack Instagram accounts via recovery requests. 20,225 accounts compromised over 45 days.
A self-replicating worm compromised 73 Microsoft GitHub repositories on June 5, 2026, via stolen contributor PAT and malicious AI coding tool configs. Contained in 105 seconds.
Adversa AI disclosed SymJack (symlink hijacking to plant malicious MCP servers) and TrustFall (trust dialog bypass) hitting six AI coding agents including Copilot and Cursor.
CISA added CVE-2026-42271 to KEV after Horizon3.ai chained the LiteLLM MCP command injection flaw with a Starlette auth bypass for unauthenticated RCE. Federal deadline: June 22.