New AI Now Institute research shows Claude Code and OpenAI Codex can be hijacked into executing attacker-planted malware while performing routine security audits of open-source code — a design flaw that model updates cannot fix.
New AI Now Institute research shows Claude Code and OpenAI Codex can be hijacked into executing attacker-planted malware while performing routine security audits of open-source code — a design flaw that model updates cannot fix.
Microsoft Incident Response published research showing how attackers can hijack agentic AI workflows by planting hidden instructions in MCP tool description fields — a vector that bypasses most current enterprise controls because each step the agent takes looks routine.
Sysdig researchers have documented a threat actor weaponising misconfigured Ollama model servers as the reasoning engine for an autonomous multi-stage penetration testing framework called VAPT, marking a significant shift in how stolen AI compute is being used.
Nine vulnerabilities including a hardcoded authentication bypass and critical MCP command injection were disclosed in PraisonAI, with scanners targeting the auth bypass endpoint less than four hours after the advisory went public.
Researchers from Toronto, Cambridge, and ServiceNow demonstrated an AI worm that ingests public vulnerability advisories at runtime and synthesises working exploits for CVEs it was never trained on, successfully compromising targets across a simulated network.
LayerX Security demonstrated a technique that conditions AI browsers to accept false context, then exploits that state to extract credentials. Six mainstream AI browsers failed the test.
AI agents generate a new class of security event that existing SIEM infrastructure was not designed to process. DeepMind's June 2026 control roadmap, OWASP's Agentic Top 10, and the EU AI Act's August logging deadline all converge on the same problem: security teams cannot monitor what they are not capturing.
CVE-2026-12957 lets a malicious repository silently execute arbitrary commands the moment a developer opens it in Amazon Q Developer, exfiltrating AWS credentials with no user interaction required.
Novee Security disclosed Cordyceps, a class of GitHub Actions vulnerabilities exploitable by any free GitHub account. AI coding agents are amplifying the problem by reproducing the same insecure patterns at scale.