Specialist intelligence on AI security threats, ML vulnerabilities, threat actor TTPs, adversarial attacks, and defensive techniques for AI/ML systems.https://aisecuritywire.com/https://aisecuritywire.com/post/agentic-ai-privilege-escalation/https://aisecuritywire.com/post/agentic-ai-privilege-escalation/Analysis of a novel attack class targeting agentic AI systems: how injected instructions in tool outputs can escalate an agent's effective permissions, exfiltrate data, and pivot to internal services — and how to defend against it.Sun, 17 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/ai-gateway-prompt-injection-defense/https://aisecuritywire.com/post/ai-gateway-prompt-injection-defense/A practical framework for implementing prompt injection detection and containment at the API gateway layer — covering input sanitisation, context isolation, output filtering, and anomaly-based detection for production LLM deployments.Wed, 20 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/ai-sbom-model-component-tracking/https://aisecuritywire.com/post/ai-sbom-model-component-tracking/How to implement an AI Software Bill of Materials (AI-SBOM) that captures the full component graph of a deployed AI system — base models, adapters, training datasets, and dependencies — and how to use it to manage supply chain risk and regulatory compliance.Wed, 27 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/cisa-ai-security-critical-infrastructure/https://aisecuritywire.com/post/cisa-ai-security-critical-infrastructure/CISA has released sector-specific AI security guidelines for critical infrastructure operators, covering threat modelling for AI systems, incident response procedures, and minimum security baseline requirements aligned with the NIST AI RMF.Thu, 28 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/cve-2026-24817-ml-framework-rce/https://aisecuritywire.com/post/cve-2026-24817-ml-framework-rce/A critical deserialization vulnerability in a widely-deployed ML model serving framework allows unauthenticated remote code execution via crafted model files. Patch immediately — active exploitation observed in the wild.Wed, 20 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/deepfake-fraud-financial-sector-2026/https://aisecuritywire.com/post/deepfake-fraud-financial-sector-2026/Deepfake video and audio fraud against financial institutions reached record levels in Q1 2026, driven by the commoditisation of real-time face-swap and voice cloning tools now available for under $50/month on criminal markets.Thu, 14 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/eu-ai-act-enforcement-2026/https://aisecuritywire.com/post/eu-ai-act-enforcement-2026/The European AI Office has issued its first formal enforcement notices under the EU AI Act, targeting prohibited AI practices and high-risk system deployments without conformity assessments. What security and compliance teams need to know.Mon, 25 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/ghost-circuit-ransomware-ai-ops/https://aisecuritywire.com/post/ghost-circuit-ransomware-ai-ops/GhostCircuit is a ransomware-as-a-service operation that has integrated LLM-based tooling into its post-compromise reconnaissance phase, dramatically accelerating the time from initial access to ransomware deployment.Sun, 17 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/incident-report-ai-medical-imaging/https://aisecuritywire.com/post/incident-report-ai-medical-imaging/An NHS trust has confirmed a security incident in which adversarial perturbations were applied to medical images prior to processing by an AI-assisted diagnostic system, causing systematic misclassification in a radiology screening programme.Tue, 19 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/incident-report-insurance-chatbot-pii/https://aisecuritywire.com/post/incident-report-insurance-chatbot-pii/A UK insurance provider has disclosed that its AI customer service chatbot, due to an IDOR vulnerability in the underlying API and excessive tool permissions, allowed authenticated users to retrieve policy documents and PII belonging to other customers.Tue, 26 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/incident-report-llm-assisted-intrusion/https://aisecuritywire.com/post/incident-report-llm-assisted-intrusion/A detailed post-mortem of a multi-stage intrusion in which threat actors used LLM-generated spear phishing, AI-assisted credential stuffing, and automated reconnaissance to compromise a wealth management firm — from initial access to detection.Tue, 19 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/incident-report-llm-exfiltration-law-firm/https://aisecuritywire.com/post/incident-report-llm-exfiltration-law-firm/A UK law firm has disclosed a data breach in which an attacker exploited a misconfigured AI document assistant to systematically extract privileged client communications and M&A due diligence files over a six-week period.Sat, 16 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/indirect-prompt-injection-tool-outputs/https://aisecuritywire.com/post/indirect-prompt-injection-tool-outputs/A systematic analysis of indirect prompt injection through tool call responses in LangChain, LlamaIndex and AutoGen-style agents — how malicious content in external data sources can hijack agent behaviour and the controls that mitigate it.Sat, 23 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/llm-prompt-firewall-design/https://aisecuritywire.com/post/llm-prompt-firewall-design/Practical design patterns for building a prompt injection and jailbreak detection layer in front of production LLM deployments — covering rule-based filters, semantic classifiers, canary tokens, and output validation.Mon, 18 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/llm-prompt-injection-supply-chain/https://aisecuritywire.com/post/llm-prompt-injection-supply-chain/Threat actors are embedding prompt injection payloads in third-party LLM plugins and data sources to hijack AI agent actions, exfiltrate data, and pivot within enterprise environments.Fri, 22 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/llm-red-teaming-framework/https://aisecuritywire.com/post/llm-red-teaming-framework/A structured methodology for red teaming large language model applications — covering attack taxonomy, scoping, tooling (Garak, PyRIT, PromptBench), and how to translate findings into actionable security improvements.Mon, 25 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/many-shot-jailbreaking-research/https://aisecuritywire.com/post/many-shot-jailbreaking-research/Research demonstrates that LLMs with large context windows can be reliably jailbroken by embedding hundreds of fictitious dialogues before the target request — a technique that scales with context length and bypasses standard safety training.Thu, 21 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/membership-inference-attacks-research/https://aisecuritywire.com/post/membership-inference-attacks-research/A systematic study of membership inference attacks against foundation models finds that training data can be reconstructed from model weights with significantly higher accuracy than previously reported, with implications for GDPR compliance and PII handling in AI development.Mon, 18 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/model-inversion-pii-extraction/https://aisecuritywire.com/post/model-inversion-pii-extraction/Model inversion and training data extraction attacks allow adversaries to recover PII, proprietary data, and trade secrets from fine-tuned LLMs exposed via API — a significant compliance and IP risk for enterprises.Sat, 16 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/model-stealing-black-box-api/https://aisecuritywire.com/post/model-stealing-black-box-api/A survey of query-efficient model extraction attacks against commercial LLM APIs — how adversaries can reconstruct a functional shadow model using only input-output pairs, the commercial and security risks this creates, and the defences providers are deploying.Wed, 27 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/multimodal-jailbreaking-image-injection/https://aisecuritywire.com/post/multimodal-jailbreaking-image-injection/Researchers demonstrate that safety-aligned multimodal LLMs can be reliably jailbroken by encoding adversarial instructions as text within images, bypassing text-layer safety filters that do not process image content through the same moderation pipeline.Tue, 26 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/nightshade-apt-ai-poisoning/https://aisecuritywire.com/post/nightshade-apt-ai-poisoning/A newly attributed state-sponsored threat actor is systematically targeting AI development infrastructure to poison training datasets and embed persistent backdoors in commercially deployed models.Fri, 22 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/nist-ai-rmf-2026-update/https://aisecuritywire.com/post/nist-ai-rmf-2026-update/NIST has released version 2.0 of the AI Risk Management Framework, significantly expanding guidance on adversarial ML threats, model supply chain security, and AI-specific incident response. Key changes for security teams.Tue, 19 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/ollama-ssrf-local-llm-cve/https://aisecuritywire.com/post/ollama-ssrf-local-llm-cve/A server-side request forgery vulnerability in Ollama allows attackers on the local network to read arbitrary files and make requests to internal services via the model pull endpoint. Affects all versions prior to 0.3.8.Thu, 21 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/phantom-nexus-threat-actor/https://aisecuritywire.com/post/phantom-nexus-threat-actor/A newly tracked threat cluster is using large language models to automate spear phishing, accelerate vulnerability research, and generate synthetic disinformation targeting AI researchers and ML engineers at foundation model labs.Sun, 24 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/phantomsynth-ai-spear-phishing/https://aisecuritywire.com/post/phantomsynth-ai-spear-phishing/PhantomSynth is a financially motivated threat actor that has industrialised the use of LLMs to generate hyper-personalised spear phishing lures at scale, dramatically lowering the cost of targeted social engineering campaigns.Mon, 18 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/sleeper-agent-llm-research/https://aisecuritywire.com/post/sleeper-agent-llm-research/New research demonstrates that backdoor behaviours introduced into LLMs during fine-tuning can persist through subsequent safety alignment procedures, including RLHF and adversarial training, posing significant supply chain risks.Thu, 21 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/vision-language-adversarial-attacks/https://aisecuritywire.com/post/vision-language-adversarial-attacks/Recent research demonstrates that vision-language models including GPT-4V, Gemini Pro Vision, and open-source alternatives are highly susceptible to adversarial image perturbations, with attacks transferring across models at rates significantly higher than classical vision model attacks.Sun, 24 May 2026 23:00:00 GMThttps://aisecuritywire.com/post/zero-trust-ml-pipeline/https://aisecuritywire.com/post/zero-trust-ml-pipeline/How to apply zero trust principles to machine learning infrastructure — covering training pipeline access controls, model registry security, inference endpoint hardening, and secrets management for AI workloads.Wed, 20 May 2026 23:00:00 GMT