AI Hacking
AI Security Resources

AI Security News

Latest updates on AI security standards, vulnerabilities, regulations, and best practices

Autonomous AI Agent Breaches McKinsey Lilli - 46M Messages Exposed

2026-03-14 | CodeWall / The Register

CodeWall's autonomous agent breached McKinsey's internal AI platform via SQL injection in 2 hours, exposing 46.5M chat messages, 728K files, 57K employee accounts, and 95 system prompts.

Palo Alto Unit42: 22 Indirect Prompt Injection Techniques in Wild

2026-03-03 | Palo Alto Networks

Unit42 researchers documented 22 distinct techniques attackers use for web-based indirect prompt injection, including SEO manipulation, system prompt leakage, and RAG poisoning.

CVE-2025-59536: Anthropic Claude Code RCE

2025-10-03 | MITRE NVD / Check Point

Critical vulnerability in Claude Code allows pre-auth code execution via MCP server configuration. CVSS 8.7. Users opening untrusted repositories execute arbitrary code.

CVE-2025-53773: GitHub Copilot Remote Code Execution

2025-08-12 | Microsoft MSRC

Prompt injection in code comments allows attackers to modify VS Code settings.json and execute arbitrary commands on developer machines.

OWASP Agentic Top 10 2026 Released

2025-12-10 | OWASP GenAI

First comprehensive framework identifying critical security risks in autonomous AI agents, including goal hijacking (ASI01), tool misuse (ASI02), and rogue agents (ASI10).

30+ MCP CVEs in 60 Days (Jan-Feb 2026)

2026-02-28 | Security Research

Rapid escalation of Model Context Protocol vulnerabilities including SSRF, RCE, and authentication bypass across multiple implementations.

EU AI Act: Deadline for High-Risk Systems Compliance

2026-08-01 | EU Commission

European Union begins enforcing AI Act requirements for high-risk AI systems with strict penalties for non-compliance.

42,665 MCP Servers Exposed to Internet

2026-01-15 | Invariant Labs

Security scans reveal massive exposure of unprotected MCP servers, with 36% lacking any authentication mechanisms.

LangChain Deserialization RCE (CVE-2025-68664)

2025-09-18 | NVD

Remote code execution via malicious serialized objects in LangChain serialization pipeline.

Cursor IDE Prompt Injection (CVE-2025-45825)

2025-07-22 | NVD

Malicious code comments in files can trigger code execution through Cursor IDE's AI assistance.

Stay Updated

Subscribe to AI security newsletters for the latest vulnerabilities and defense strategies:

Related Articles

Related Resources