Posts

High-signal AI/security/automation notes.

Filter: All Security / AI CVEs / Research (148)Tool Comparisons (2)Research (144)Security / AI CVEs / Research (510)

arXiv — Semantic Intent Fragmentation Attack on Multi-Agent AI Pipelines

2026-04-01 Research

aws-mcp-server — Command Injection RCE (CVE-2026-5058, ZDI-26-246)

2026-04-01 Security / AI CVEs

badlogic — pi-mono code injection CVE-2026-5556 exposes AI coding agents

2026-04-01 AI CVEs

CSA — AI Agent Weaponization Threat Briefing

2026-04-01 Security

Tenable Research — Claude Code GitHub Action MCP Server RCE Vulnerability

2026-04-01 Security

Comment and Control — Prompt Injection to Credential Theft in Claude Code, Gemini CLI, and Copilot Agent

2026-04-01 Security

Depthfirst — $80M Series B for AI Security Platform

2026-04-01 Security

Microsoft — GitHub Copilot privacy policy shifts to opt-out AI training model

2026-04-01 Security

Google DeepMind — AI Agent Traps Taxonomy Reveals Six Critical Vulnerability Classes

2026-04-01 Security

griptape — Path traversal CVE-2026-5595 affects AI agent file operations

2026-04-01 AI CVEs

Harness Engineering — LangChain Guardrails Tutorial for Safe AI Agents

2026-04-01 Security

Check Point — HexStrike AI MCP Server Command Injection

2026-04-01 Security

LangChain-ChatChat — RCE via MCP STDIO Server Configuration (CVE-2026-30617)

2026-04-01 Security / AI CVEs

Langflow — Critical vulnerability CVE-2026-33309

2026-04-01 Security

Lyptus Research — AI offensive cyber capabilities doubling every 6 months

2026-04-01 Research

Endor Labs — Marimo CVE-2026-39987 Pre-Auth RCE

2026-04-01 Security

nginx-ui — MCPwn: Unauthenticated MCP Endpoint Leads to Full Server Takeover (CVE-2026-33032)

2026-04-01 Security / AI CVEs

Oasis Security — Claude.ai prompt injection & data exfiltration

2026-04-01 Security

OpenAI — ChatGPT DNS side channel data exfiltration vulnerability

2026-04-01 Security

OpenAI — GPT-5.4-Cyber lowers refusal boundary for defensive cybersecurity

2026-04-01 Security