depthfirst's autonomous security agent scanned FFmpeg's 1.5M lines of C code and found 21 confirmed zero-days with working PoC inputs, some dormant for over 20 years.
depthfirst's autonomous security agent scanned FFmpeg's 1.5M lines of C code and found 21 confirmed zero-days with working PoC inputs, some dormant for over 20 years.
A flawed permission check in Anthropic's Claude Code GitHub Action allowed attackers to use prompt injection via a crafted issue to steal CI/CD secrets. Patched in v1.0.94.
Hundreds of backdoored and malware-laced models have been found in public AI registries. Covers pickle RCE, activation-trigger backdoors, and enterprise controls for model intake.
SafeBreach Labs documented a prompt injection attack hiding malicious commands inside WhatsApp, Slack, or SMS notifications. Gemini treats hostile text as trusted. Patched Nov 2025.
Trump's June 2 EO established a voluntary 30-day government review window for frontier AI, a new AI cybersecurity clearinghouse, and criminal prosecution priority for AI-enabled attacks.