• Secure Prompt
  • Posts
  • Threat Wire #001: The AI supply chain just had its worst week of 2026

Threat Wire #001: The AI supply chain just had its worst week of 2026

TeamPCP. OpenAI. TrustFall. ChromaDB. Five critical AI security stories in one week.

Author

Secure Prompt Team
May 25, 2026

Sponsored by

Catch Bad Actors. Let Good Users Flow.

When your goal is to increase the difficulty of online attacks, the advanced features of hCaptcha Enterprise is the most robust solution.

Take it from one of our customers: 

β€œCompared to last year [when using competitor], we had a 96% reduction in bot throughput.” - Top 10 Gaming Company

Category leaders in every industry have been switching to hCaptcha because of the robustness and durability of our detection and deterrence solutions.

Virtually all companies that book a demo decide to move forward. 

AI SECURITY PULSE

Hello!

This week's AI threat landscape converged on a single theme: the AI developer supply chain is now a primary attack surface. TeamPCP's Megalodon wave pushed 5,718 malicious commits across 5,561 GitHub repos in six hours, OpenAI rotated code-signing certificates after employee devices were caught in the blast radius, and ChromaDB - the vector database underneath thousands of RAG deployments - was disclosed as pre-auth RCE with no patch. Three months ago, attackers wanted your models. This week, they're going after the pipelines that build them.

Subscribe to keep reading

This content is free, but you must be subscribed to Secure Prompt to continue reading.

I consent to receive newsletters via email. Sign up Terms of service.

Already a subscriber?Sign in.Not now