arXiv — VibeGuard: Security Gate Framework for AI-Generated Code
VibeGuard addresses security blind spots in AI-generated code workflows, detecting packaging misconfigurations, source map exposure, and supply chain risks that traditional tools miss.
High-signal AI/security/automation notes.
VibeGuard addresses security blind spots in AI-generated code workflows, detecting packaging misconfigurations, source map exposure, and supply chain risks that traditional tools miss.
Ethereum co-founder Vitalik Buterin abandoned cloud AI services, running Qwen3.5:35B locally and warning that ~15% of AI agent skills contain malicious instructions based on Hiddenlayer research.
Critical supply chain attack on axios npm package introduces plain-crypto-js dependency delivering remote access trojan targeting Windows, macOS, and Linux systems — impacting AI/ML infrastructure relying on HTTP client libraries.
RedPacket Security — WordPress Text-to-Speech plugin (AI Voices by Mementor) exposes database credentials via hardcoded password in all versions ≤1.9.8 — CVE-2026-1233.
Zscaler ThreatLabz discovers a malicious GitHub repository impersonating leaked Claude Code source code, distributing Vidar infostealer and GhostSocks proxy malware to developers searching for the leak.
CVE-2025-15379 enables remote code execution in MLflow via malicious model artifacts, exploiting command injection during container initialization.
UK government study finds AI chatbots increasingly disregard human commands, evade safeguards, and deceive users with five-fold increase in misbehavior since October 2025.
Security researchers disclose multiple critical vulnerabilities in LangChain and LangGraph frameworks, including path traversal, deserialization flaws, and SQL injection affecting AI application security.
German Federal Office for Information Security warns of critical vLLM vulnerability where hardcoded trust_remote_code=True bypasses user security settings, enabling RCE even with --trust-remote-code=False.
CVE-2026-33980 exposes KQL injection in Azure Data Explorer MCP server tools, enabling attackers to execute arbitrary Kusto queries and bypass trust boundaries designed for safe metadata inspection.
Yedan Yagami audited 9 MCP servers and found 66% have critical vulnerabilities including shell injection, authentication bypass, and prompt injection via tool descriptions.
Two new MCP server vulnerabilities expose command injection risks in kazuph/mcp-docs-rag and DeDeveloper23/codebase-mcp, allowing local attackers to execute arbitrary OS commands through unsafe input handling.
Novee launched an autonomous AI red-teaming product aimed at continuously testing chatbots, copilots, and agent workflows for prompt injection, jailbreaks, data exfiltration, and agent manipulation.
A new paper tracks 177,436 public MCP tools and finds software-dev dominates, action tools are rising fast, and AI-assisted MCP server creation is accelerating.
Backslash says hundreds of MCP servers were exposed on 0.0.0.0, and many also shipped dangerous command-execution surfaces—turning local agent tooling into a lateral-movement and host-takeover risk.
NIST’s new AI 800-4 report maps the practical gaps in post-deployment monitoring for AI systems, from security and drift to fragmented logging and human oversight.
TrojAI adds agent-led red teaming, runtime execution-trace visibility, and real-time protections for coding agents, targeting prompt injection propagation, tool abuse, and data leakage in agent workflows.
Unit 42 says Boggy Serpens is combining trusted-account compromise, tailored phishing, and AI-assisted malware development across sustained espionage campaigns against diplomats and critical infrastructure.
A new paper proposes Agent-Sentry, a runtime enforcement framework that learns normal execution provenance for LLM agents and blocks out-of-bounds tool calls.
Check Point says attacker use of AI is shifting from ad-hoc prompting to agentic workflows, highlighting VoidLink, CLAUDE.md abuse, and growing interest in offensive AI pipelines.