{"data":{"id":"b772b81d-ff8f-404a-af32-17160bb18463","title":"OWASP GenAI Exploit Round-up Report Q1 2026","summary":"A Q1 2026 security report by OWASP documents major AI and agentic AI (AI systems that can take autonomous actions) exploits, showing a shift from theoretical risks to real-world attacks targeting AI agent identities, permissions, and supply chains. Key incidents include a Mexican government breach where attackers used Claude to automate reconnaissance and exploitation, affecting 150 GB of sensitive data, along with other incidents involving prompt injection (tricking AI by hiding malicious instructions in its input), privilege abuse, and supply-chain vulnerabilities in AI tools.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://genai.owasp.org/2026/04/14/owasp-genai-exploit-round-up-report-q1-2026/?utm_source=rss&utm_medium=rss&utm_campaign=owasp-genai-exploit-round-up-report-q1-2026","publishedAt":"2026-04-15T06:04:40.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","data_extraction","supply_chain"],"issueType":"research","affectedPackages":null,"affectedVendors":["Anthropic","OpenAI","Google","HuggingFace"],"affectedVendorsRaw":["Anthropic Claude","OpenAI ChatGPT","Google Vertex AI","Meta","Flowise","Grafana","LiteLLM","Mercor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-15T06:04:40.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":"industry","atlasIds":null}}