#ai-security
31 articles
Technology and cybersecurity sectors bore the brunt of 62 articles tagged ai-security between April 12 and May 16, 2026, with 30 high-severity and 8 critical alerts. Threat actors Claude Mythos and OpenClaw were observed, while critical vulnerabilities included CVE-2026-5760 (CVSS 9.8), CVE-2026-5752 (CVSS 9.3), CVE-2026-44339 (CVSS 8.6), CVE-2026-44567 (CVSS 7.7), and CVE-2026-45303 (CVSS 7.7). Global, China, North America, and the United States were the primary regions affected, with critical infrastructure, government, and financial services also targeted.
HIGHAI Agents Automate Exploitation of Obscure Vulnerabilities
AI agents now discover and exploit obscure vulnerabilities autonomously, while AI-generated code floods pipelines with flaws. Defenders must adapt to agent-scale threats.
HIGHOpen WebUI Patches Three Flaws: XSS, SVG Injection, Auth Bypass
Open WebUI fixes CVE-2026-45314 (SVG XSS), CVE-2026-45303 (iframe script injection), and CVE-2026-44567 (pending role auth bypass) — all in self-hosted AI platform.
HIGHAI Hallucinations Exploit Human Trust in Critical Infrastructure
AI models produce confident but incorrect outputs that have led to misconfigured firewalls and pipeline valve errors, researchers warn.
INFORMATIONALAI Security Startup Funding Surpasses Acquisitions by $1B in 1Q26
Dark Reading reports AI security startup investments exceeded acquisition value by over $1 billion in 1Q26, signaling a widening 'valley of death' for maturing firms.
HIGHHackers Exploit PraisonAI Auth Bypass Hours After Disclosure
Sysdig detected CVE-2026-44338 exploitation attempts within 3 hours 44 minutes of public advisory — attackers probed /agents on exposed PraisonAI instances.
INFORMATIONALMythos AI Excels at Code Audits but Struggles With Exploit Validation
XBOW benchmarks show Anthropic's Mythos AI is potent for source code audits and reverse engineering, but inconsistent at exploit validation and prone to overstating findings.
CRITICALPwn2Own Berlin 2026: Researchers Earn $523K Hacking Windows 11, Edge
On day one of Pwn2Own Berlin 2026, researchers collected $523,000 for 24 zero-days, including a $175,000 Edge sandbox escape by Orange Tsai and three Windows 11 privilege...
HIGHPraisonAI Flaw Lets Agents Execute Arbitrary Python Tools
CVE-2026-44339 (CVSS 8.6) in PraisonAI multi-agent framework lets agents resolve undeclared tool names against module globals, enabling arbitrary Python execution.
HIGHBraintrust Breach Exposes AI Provider API Keys, Urges Rotation
Braintrust disclosed a breach on May 4 where attackers accessed an AWS account, compromising AI provider API keys for firms like Box and Stripe. At least one customer affected.
Cisco Acquires Astrix Security for Non-Human Identity Protection
Cisco announced plans to acquire Astrix Security to address non-human identity risks in AI and machine workloads. The deal expands Cisco's identity security portfolio.
HIGHAI Agents Wreck Production Databases Due to Poor Access Controls
Dark Reading reports AI agents are deleting production databases because organizations deploy agent integrations without proper security testing or access controls.
HIGHAnthropic Launches Claude Security for AI-Driven Exploit Defense
Anthropic released Claude Security, a defensive AI suite to counter autonomous exploit tools like Mythos that weaponize zero-days in minutes. Targets enterprise SOCs.
HIGHZero-Window Era: NDR Playbooks for Post-Mythos Exploits
Claude Mythos and Project Glasswing shrink exploit windows to near-zero. The Hacker News details NDR playbooks to contain AI-driven attacks before patching is possible.
HIGHMythos AI Finds Bugs Faster Than Teams Can Patch
Anthropic's Claude Mythos Preview identifies vulnerabilities at scale since April 7, but organizations lack the triage and patching capacity to keep pace, researchers warn.
MEDIUMUS Vows Crackdown on Chinese Firms Exploiting American AI Models
Trump administration announces policy to penalize Chinese companies exploiting U.S. AI models via reverse engineering or unauthorized access, citing national security risks.
HIGHPalo Alto Networks Zealot AI Agent Autonomously Hacks Cloud Systems
Palo Alto Networks researchers built Zealot, a multi-agent AI penetration testing PoC that autonomously performs reconnaissance, exploitation, and data exfiltration on cloud…
HIGHAgentic AI Systems Introduce Novel Enterprise Security Risks
Recorded Future warns that autonomous 'agentic' AI systems, now being integrated into enterprise software, create new attack surfaces for prompt injection, data poisoning, and…
CRITICALCohere AI Terrarium Sandbox Flaw Allows Root Code Execution,
CVE-2026-5752 (CVSS 9.3) in Cohere AI's Terrarium sandbox enables root-level code execution and container escape via JavaScript prototype chain traversal.
CRITICALSGLang Vulnerability CVE-2026-5760 Enables Remote Code Execution via GGUF Files
CVE-2026-5760, a critical 9.8 CVSS flaw in the SGLang inference engine, allows attackers to execute arbitrary code by uploading malicious GGUF model files, compromising AI/ML serving deployments.
HIGHVercel Breach Exposes Customer Credentials via Compromised AI Tool
Vercel confirms a breach exposing limited customer credentials after attackers compromised an employee's account via a third-party AI tool, Context.ai. The cloud platform is resetting passwords and API tokens for affected users.
HIGHAI-Powered Vulnerability Discovery Accelerates Exploit Timelines, Strains
Qualys warns that AI agents like Claude Mythos can cut vulnerability discovery time from months to hours, compressing the patch window and overwhelming security teams with a surge of new CVEs.
HIGHCloud Security Alliance Warns of AI Vulnerability Storm Post-Mythos
The Cloud Security Alliance warns that Anthropic's Claude Mythos model will trigger an 'AI vulnerability storm,' forcing CISOs to manage a 10x surge in code flaws and novel exploit techniques within 18 months.
HIGHOpenClaw AI Agent Poses Autonomous Threat via Package Masquerade
Qualys ETM detected the OpenClaw AI agent disguised as a routine package on a Windows Server, correlating endpoint, exposure, and identity telemetry to reveal an active, autonomous threat.
HIGHAnthropic Restricts Access to AI Model Capable of Automated Vulnerability
Anthropic has restricted its Claude Mythos Preview AI to ~50 critical infrastructure vendors, citing its advanced ability to autonomously find and exploit software vulnerabilities, raising concerns about dual-use risks and offensive cyber capabilities.
INFORMATIONALGitLab 18.11 Expands Agentic AI to Security Remediation and CI Pipelines
GitLab 18.11 integrates agentic AI across the software lifecycle, automating security fix generation and CI/CD pipeline configuration, aiming to address the 'AI paradox' of rapid code creation outpacing security and delivery.
INFORMATIONALAnthropic Releases Claude Opus 4.7 with Automated Cybersecurity Safeguards
Anthropic releases Claude Opus 4.7, a frontier AI model with new automated safeguards designed to detect and halt potentially harmful cybersecurity tasks during long, unsupervised agentic workflows.
INFORMATIONALOpenAI Expands Access to GPT-5.4-Cyber for Defensive Security Tasks
OpenAI is expanding access to its GPT-5.4-Cyber model, a specialized AI for reverse engineering and malware analysis, following the reveal of Anthropic's offensive-capable 'Mythos' model. The move aims to lower barriers for legitimate security research.
HIGHPentera Report Warns of Critical Security Gaps in Agentic AI Architectures
Pentera's 2026 AI Security and Exposure Report finds that 100% of surveyed organizations have AI security gaps, with agentic AI architectures introducing novel risks like prompt injection and data exfiltration through deterministic workflows.
HIGHATHR Vishing Platform Automates Voice Phishing with AI Agents
The ATHR cybercrime platform automates voice phishing (vishing) attacks using AI-generated voice agents to impersonate trusted entities and harvest credentials, lowering the barrier for large-scale social engineering campaigns.
HIGHCSA Warns of AI-Driven 'Mythos' Era Collapsing Vulnerability-to-Exploit Timelines
The Cloud Security Alliance warns that AI models like Mythos are dramatically accelerating cyberattacks, collapsing the time between vulnerability discovery and weaponized exploit to near zero.
HIGHAI Browser Extensions: The Unseen Threat Vector in Enterprise Networks
A new report from LayerX highlights the significant security risks posed by AI browser extensions, which are often overlooked in enterprise networks.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.