A UK insurance provider has disclosed that its AI customer service chatbot, due to an IDOR vulnerability in the underlying API and excessive tool permissions, allowed authenticated users to retrieve policy documents and PII belonging to other customers.
An NHS trust has confirmed a security incident in which adversarial perturbations were applied to medical images prior to processing by an AI-assisted diagnostic system, causing systematic misclassification in a radiology screening programme.
A detailed post-mortem of a multi-stage intrusion in which threat actors used LLM-generated spear phishing, AI-assisted credential stuffing, and automated reconnaissance to compromise a wealth management firm — from initial access to detection.
A UK law firm has disclosed a data breach in which an attacker exploited a misconfigured AI document assistant to systematically extract privileged client communications and M&A due diligence files over a six-week period.