CVE-2026-33017, a CVSS 9.8 unauthenticated RCE in Langflow, has been added to the CISA KEV catalog after active exploitation deploying a self-spreading Monero cryptominer across exposed AI workflow environments.
CVE-2026-33017, a CVSS 9.8 unauthenticated RCE in Langflow, has been added to the CISA KEV catalog after active exploitation deploying a self-spreading Monero cryptominer across exposed AI workflow environments.
A June 2026 arxiv paper demonstrates that model extraction attacks have a detectable semantic signature in API traffic — and that simple statistical detection outperforms complex filtering approaches.
Researchers from Toronto, Cambridge, and ServiceNow demonstrated an AI worm that ingests public vulnerability advisories at runtime and synthesises working exploits for CVEs it was never trained on, successfully compromising targets across a simulated network.
LayerX Security demonstrated a technique that conditions AI browsers to accept false context, then exploits that state to extract credentials. Six mainstream AI browsers failed the test.
Unit 42 found that LLMs reliably hallucinate plausible-but-fake domains for real brands. Attackers now probe AI models to identify those domains, register them first, and inherit the trust the model projects onto addresses that never existed.