Lead dispatch · top current threat
First reported 25 Jun 2026 · updated 25 Jun 2026 · 2 sources · 1d ago
A Rust-based macOS implant and information stealer dubbed Gaslight embeds prompt injection strings and fake debugging/error data within its executable to trick AI-assisted malware analysis tools into aborting or refusing analysis of the artifact.
SEV 0.60 REL 0.90
prompt-injection · anti-analysis
llm · ai-agents
The wire · latest
First reported 24 Jun 2026 · 2d ago
An analysis piece arguing that autonomous, agentic AI adversaries are compressing the timeline of cyberattacks beyond human-speed defenses, ending the era of human-paced threat cycles. The available text is introductory commentary without specific technical proof-of-concept details.
First reported 23 Jun 2026 · 3d ago
Security firm AIR built a fake AI agent skill and distributed it via a popular skill marketplace and an Instagram ad, reportedly reaching roughly 26,000 agents including some on corporate accounts. Every skill security scanner tested marked it safe, though the payload was harmless by design and only collected the user's email address.
First reported 23 Jun 2026 · 3d ago
An opinion/commentary piece reflecting on how agentic AI removes the human from the targeting loop, drawing analogies to the historical evolution of weapons that distanced warriors from their victims.
First reported 23 Jun 2026 · 4d ago
Snyk analyzed nearly 10,000 developer environments to examine risks introduced by AI coding agents as a new layer in the software supply chain, highlighting issues around tools, instructions, and permissions in agentic development.
First reported 22 Jun 2026 · 4d ago
Research by Charles Ye, Jasmine Cui, and Dylan Hadfield-Menell shows LLMs cannot reliably distinguish privileged system/assistant text from untrusted user input, and weigh writing style over content. Crafting injected text in the style of internal reasoning blocks ('role confusion') enabled jailbreaks, with attack success at 61% that dropped to 10% when text was 'destyled.'
First reported 22 Jun 2026 · 4d ago
Four vulnerabilities dubbed 'DifyTap' in Dify, a platform for building and managing AI applications, allow attackers to silently access and exfiltrate sensitive data, including AI chat histories.
First reported 22 Jun 2026 · 4d ago
A conference talk recap discussing how attackers may use legacy infrastructure to circumvent AI security programs and hijack AI agents, noting rapid AI agent adoption outpacing security controls.
First reported 19 Jun 2026 · 7d ago
The article argues that shadow AI in enterprises has evolved from a data leakage concern into an access control problem, where the risk lies in autonomous AI tools and agents having unmanaged access permissions rather than just employees pasting sensitive data.
First reported 16 Jun 2026 · 11d ago
An Atlantic piece quotes cybersecurity expert Katie Moussouris discussing a White House report on a Claude jailbreak, where the model refused to 'review code for security issues' but complied when asked to 'fix this code.' Moussouris characterized this as the model working as intended for cyberdefense rather than a genuine exploit.
First reported 3 Jun 2026 · 24d ago
An article discussing how AI agents are reshaping the software development lifecycle and shifting where security risk originates, arguing that securing the development process matters as much as securing code.
First reported 2 Jun 2026 · 25d ago
The jqwik 1.10.0 release added a hidden prompt injection targeting AI coding agents, using terminal escape codes to conceal destructive instructions from humans while keeping them readable to logs and tools. This was introduced by the open source maintainer as protestware against agentic coding.
First reported 29 May 2026 · 28d ago
An Arcis blog post argues that agent security has four layers (identity, pre-deploy testing, observability, runtime defense) and that the runtime hot path is structurally underserved. It frames MCP's explicit tool-call contract as enabling runtime defense against agent toolcall injection (their vector V32), applying allowlist/sanitize/refuse techniques at the agent-tool boundary.
How the wire is made
Poll & cluster
Internet is crawled for AI security news and near-duplicate coverage is embedded and grouped into durable incidents.
Curate
AI Agent filters for agentic-AI relevance, tags threat-type & affected-tech, scores severity & relevance, and writes the summary.
Every item here is one machine-curated intelligence object, not a headline.
Read the wire for free. There is a small charge to ask the index questions.
The wire, open
The complete curated feed, no key required.
The vector desk
Query the index by meaning, not just keyword.