Posts

High-signal AI/security/automation notes.

Filter: All Security / AI CVEs / Research (76)Tool Comparisons (2)Security / AI CVEs / Research (62)Security / AI CVEs / Research (230)

LiteLLM — PyPI supply-chain compromise hits AI gateway

2026-03-26 Security

Palo Alto Networks — Prisma AIRS 3.0 adds agent artifact security

2026-03-26 Security

Qualys — MCP servers become shadow IT for AI operations

2026-03-26 Security

Aqua Security Trivy Supply Chain Attack

2026-03-23 Security

arXiv — Indirect prompt injection competition findings for AI agents

2026-03-22 Research

arXiv — Measuring AI agents on multi-step cyber attack scenarios

2026-03-22 Research

arXiv — VeriGrey greybox agent validation

2026-03-22 Research

Unit 42 — Security tradeoffs of AI agents

2026-03-22 Security

GitHub Advisory — Langflow public flow build RCE (CVE-2026-33017)

2026-03-21 AI CVEs

GitHub Advisory — MCP Go SDK Cross-Site Tool Execution (CVE-2026-33252)

2026-03-21 AI CVEs

Spring AI — FilterExpressionConverter Injection Flaws (CVE-2026-22729, CVE-2026-22730)

2026-03-20 AI CVEs

AWS — API MCP File Access Restriction Bypass (CVE-2026-4270)

2026-03-19 AI CVEs

Cloudflare — AI Security for Apps GA

2026-03-19 Security

JFrog + NVIDIA — Agent Skills Registry adds trust layer for agentic supply chain

2026-03-19 Security

Manifold — $8M seed to secure autonomous AI agents at runtime

2026-03-19 Security

Microsoft — Detecting prompt abuse in AI tools

2026-03-19 Security

Unit 42 — Prompt fuzzing shows LLM guardrails remain fragile across open and closed models

2026-03-19 Research

JFrog — Universal MCP Registry for AI supply-chain security

2026-03-18 Security

Jozu — AI agent disables own security guardrails in 4 commands

2026-03-18 Security

Miggo Security — LangSmith Account Takeover (CVE-2026-25750)

2026-03-18 AI CVEs