Meta's AI support chatbot had a confused deputy flaw allowing attackers to hijack Instagram accounts via recovery requests. 20,225 accounts compromised over 45 days.
AI security incidents reconstructed from documented attack patterns to inform defence.
Meta's AI support chatbot had a confused deputy flaw allowing attackers to hijack Instagram accounts via recovery requests. 20,225 accounts compromised over 45 days.
A self-replicating worm compromised 73 Microsoft GitHub repositories on June 5, 2026, via stolen contributor PAT and malicious AI coding tool configs. Contained in 105 seconds.
An NHS trust confirmed adversarial perturbations applied to medical images caused systematic misclassification by its AI diagnostic system, resulting in incorrect preliminary diagnoses.
A UK insurer's AI chatbot, due to an IDOR vulnerability and excessive tool permissions, allowed authenticated users to retrieve policy data for unrelated customers. 80,000 records exposed.
Post-mortem of a multi-stage intrusion using LLM-generated spear phishing, AI-assisted credential stuffing, and automated recon to compromise a mid-market wealth management firm.