Research confirms that text embeddings stored in vector databases are not safely anonymised. Inversion attacks can reconstruct source text with high fidelity from embeddings alone, including those produced by commercial APIs.
Research confirms that text embeddings stored in vector databases are not safely anonymised. Inversion attacks can reconstruct source text with high fidelity from embeddings alone, including those produced by commercial APIs.
TeamPCP, tracked as UNC6780 by Google's Threat Intelligence Group, ran three coordinated supply chain campaigns in 2026 — poisoning Trivy, LiteLLM, and 170+ npm/PyPI packages — culminating in the theft of 3,800 GitHub internal repositories.
Microsoft Threat Intelligence documents a surge in malvertising campaigns using fake AI tool brands as lures, with mass endpoint compromise observed within hours of campaign launch. Fake products including "Awesome AI Windows Plugin" and "Flux Pro AI" are being used to deliver infostealer payloads at scale.
CVE-2026-33017, a CVSS 9.8 unauthenticated RCE in Langflow, has been added to the CISA KEV catalog after active exploitation deploying a self-spreading Monero cryptominer across exposed AI workflow environments.
A June 2026 arxiv paper demonstrates that model extraction attacks have a detectable semantic signature in API traffic — and that simple statistical detection outperforms complex filtering approaches.