Hundreds of backdoored and malware-laced models have been found in public AI registries. Covers pickle RCE, activation-trigger backdoors, and enterprise controls for model intake.
Hundreds of backdoored and malware-laced models have been found in public AI registries. Covers pickle RCE, activation-trigger backdoors, and enterprise controls for model intake.
SafeBreach Labs documented a prompt injection attack hiding malicious commands inside WhatsApp, Slack, or SMS notifications. Gemini treats hostile text as trusted. Patched Nov 2025.
Trump's June 2 EO established a voluntary 30-day government review window for frontier AI, a new AI cybersecurity clearinghouse, and criminal prosecution priority for AI-enabled attacks.
The NSA AISC's May 2026 CIS on MCP security: authentication gaps, tool poisoning via unsigned dynamic discovery, session-identity binding failures, and compensating controls.
Sysdig documented an LLM agent autonomously driving lateral movement from a marimo RCE to a PostgreSQL dump across four pivots in under two minutes. What this means for detection.