Last week's structural blind spot didn't close. It jumped platforms - Apple to Meta - in seven days. Plus: we score our first prediction, and we got it wrong.
A HuggingFace RCE that defeats trust_remote_code. Google's MCP connector hijacked via CORS. 770+ exploitable flaws across 19,000 MCP servers. The protocol everyone rushed to adopt is the soft underbelly.
9 clusters, one orphan - the surface users actually touch is walled off from everything securing it, and a KEV-listed gateway bug proves the point.
Starlette auth bypass hits vLLM, LiteLLM, and MCP gateways. SymJack lands six AI coding agents. First LLM-agent-driven intrusion captured in production.
Network analysis of this week's AI security discourse reveals a structural blind spot - and the EPSS top-50 confirms it.
TeamPCP. OpenAI. TrustFall. ChromaDB. Five critical AI security stories in one week.
Same plan, one week later. Here's why.
Two focused briefings. Original analysis. Public forecast accuracy. Here's what's coming.
This week’s Secure Prompt: OpenClaw flaws expose agent runtimes, prompt injection moves into real-world web content, and AI security shifts from model misuse to operational control.
This week’s Secure Prompt: AI-enabled attacks surge 89%, GenAI tools exploited across 90+ organizations, and GitHub Copilot prompt injection enables remote code execution.
This week’s Secure Prompt: mass Claude model distillation exposed, prompt injection moves operational via supply-chain compromise, and AI-generated passwords proven predictably weak.
This week’s Secure Prompt: OpenClaw Control UI hijacking enables agent takeover, 0-click RCE hits AI desktop connectors, and a CVSS 9.8 RAG supply-chain flaw exposes autonomous workflows.
