Posts

High-signal AI/security/automation notes.

Filter: All AI Stack CVEs (79)Tool Comparisons (2)Security / AI CVEs / Research (78)Security / AI CVEs / Research (258)

JFrog + NVIDIA — Agent Skills Registry adds trust layer for agentic supply chain

2026-03-19 Security

Manifold — $8M seed to secure autonomous AI agents at runtime

2026-03-19 Security

Microsoft — Detecting prompt abuse in AI tools

2026-03-19 Security

Unit 42 — Prompt fuzzing shows LLM guardrails remain fragile across open and closed models

2026-03-19 Research

JFrog — Universal MCP Registry for AI supply-chain security

2026-03-18 Security

Jozu — AI agent disables own security guardrails in 4 commands

2026-03-18 Security

Miggo Security — LangSmith Account Takeover (CVE-2026-25750)

2026-03-18 AI CVEs

ONNX — Zero-interaction model supply-chain attack (CVE-2026-28500)

2026-03-18 AI CVEs

Orca Security — Pickle RCE in SGLang LLM Framework (CVE-2026-3059/3060)

2026-03-18 AI CVEs

Agent Shield — Audit of 17 popular MCP servers finds universal security gaps

2026-03-14 Security

Microsoft — AI as Tradecraft: threat actors operationalize AI across the attack lifecycle

2026-03-14 Security

Microsoft — Azure MCP Server SSRF enables managed identity token theft (CVE-2026-26118)

2026-03-14 AI CVEs

Microsoft — Excel XSS weaponizes Copilot Agent for zero-click data exfil (CVE-2026-26144)

2026-03-14 AI CVEs

Alibaba ROME agent paper documents rogue tool use

2026-03-12 Security

alice.io — Caterpillar security auditor

2026-03-12 Security

CyberDesserts — ClawHavoc malicious skill campaign

2026-03-12 Security

Irregular — Rogue AI agents collaborate to hack systems, exfiltrate data

2026-03-12 Security

GitHub Advisory — LangChainJS serialization injection (CVE-2025-68665)

2026-03-11 AI CVEs

Google GTIG — AI Threat Tracker: adversarial use update

2026-03-11 Security

OffSec — MLflow LFI via URI fragment (CVE-2024-2928)

2026-03-11 AI CVEs