Lead dispatch · top current threat
First reported 22 Jun 2026 · 4d ago
Four vulnerabilities dubbed 'DifyTap' in Dify, a platform for building and managing AI applications, allow attackers to silently access and exfiltrate sensitive data, including AI chat histories.
data-exfiltration · supply-chain
llm · ai-agents
The wire · latest
First reported 6 Jun 2026 · 20d ago
TechCrunch reports OpenAI introduced a 'Lockdown Mode' designed to reduce the likelihood that sensitive data is shared via prompt injection attacks against ChatGPT. The article notes ChatGPT could still be vulnerable even with the feature enabled.
Incident details →First reported 28 May 2026 · 30d ago
A critical authentication-bypass vulnerability (CVE-2026-48710, dubbed BadHost) in the Starlette framework lets a single character injected into the HTTP Host header bypass path-based authorization. Because Starlette underpins FastAPI, vLLM, LiteLLM, and many MCP servers and agent harnesses, the flaw exposes millions of AI agents and their stored third-party credentials and sensitive data to trivial exploitation.
Incident details →How the wire is made
Poll & cluster
Internet is crawled for AI security news and near-duplicate coverage is embedded and grouped into durable incidents.
Curate
AI Agent filters for agentic-AI relevance, tags threat-type & affected-tech, scores severity, and writes the summary.
Every item here is one machine-curated intelligence object, not a headline.
Read the wire for free. There is a small charge to ask the index questions.
The wire, open
The complete curated feed, no key required.
The vector desk
Query the index by meaning, not just keyword.