The security intelligence platform for AI teams
AI security threats move fast and get buried under hype and noise. Built by an Information Systems Security researcher to help security teams and developers stay ahead of vulnerabilities, privacy incidents, safety research, and policy developments.
Independent research. No sponsors, no paywalls, no conflicts of interest.
AI Coding Agents Exploited via DNS-Hidden Malware: Researchers demonstrated a novel attack vector where AI coding assistants like Claude Code can be socially engineered through benign repository instructions to execute malicious payloads retrieved from DNS records (the system that translates domain names to IP addresses), bypassing traditional code review since no suspicious code appears in the repository itself. This highlights a new class of supply chain risk unique to autonomous agents that execute commands without human verification.
OpenAI Deploys GPT-5.6 Sol with Hardened Cyber Controls: OpenAI released a limited preview of GPT-5.6 Sol specifically tuned for cybersecurity tasks including vulnerability research and patch development, featuring enhanced jailbreak resistance (defenses against prompts designed to bypass safety restrictions) and guardrails targeting offensive cyber use cases, though the company acknowledges the dual-use controls may over-block legitimate security work during the preview period.
Margaret Atwood Flags Hallucination Risk in LLMs: Author Margaret Atwood publicly criticized Claude for generating factually incorrect information about a TV show, underscoring the persistent hallucination problem (when large language models confidently generate plausible but false information) inherent in systems trained on unverified or low-quality data.
Fix: The fix will be included in TensorFlow 2.5.0. The vulnerability will also be patched in earlier versions: TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE Database