Last Week in AI
Curated summaries of the most important AI security developments, delivered every Friday.
Last Week in AI Security — Week of June 1, 2026
Critical Starlette vulnerability enables autonomous AI agent attacks; Trump executive order mandates voluntary frontier model review; CISA BOD imminent.
- CVE-2026-48710 (BadHost): Critical Starlette auth bypass affects FastAPI, vLLM, MCP servers
- First documented autonomous AI agent attack: Sysdig captures live exfiltration in under 60 minutes
- Trump EO mandates voluntary 30-day frontier model review; CISA BOD expected June 6
Last Week in AI Security — Week of May 25, 2026
Critical vLLM RCE enables server takeover via malicious video; PyTorch Lightning supply chain attack compromises 2.6.2-2.6.3; NIST releases AI RMF Critical Infrastructure Profile concept note.
- CVE-2026-22778: Critical vLLM RCE via malicious video URL affects millions of AI servers
- PyTorch Lightning supply chain attack: versions 2.6.2-2.6.3 compromised April 30
- NIST releases concept note for AI RMF Profile on Trustworthy AI in Critical Infrastructure
Last Week in AI Security — Week of May 18, 2026
NSA releases Model Context Protocol security guidance; Anthropic's Project Glasswing finds 10,000+ critical vulnerabilities; Drupal SQL injection actively exploited; Laravel package compromise hits thousands.
- NSA AISC releases security guidance for AI-driven automation using Model Context Protocol
- Anthropic's Project Glasswing discovers over 10,000 critical vulnerabilities in systemically important software
- Drupal Core CVE-2026-9082 SQL injection under active exploitation within 48 hours of patch
Last Week in AI Security — Week of May 11, 2026
Google disrupts first confirmed AI-assisted zero-day attack; Microsoft's MDASH AI system discovers 16 Windows vulnerabilities; Semantic Kernel RCE flaws enable prompt injection to code execution.
- Google confirms first AI-generated zero-day exploited in the wild, marking new era of AI threat
- Microsoft's multi-model AI scanner MDASH finds 16 Windows vulnerabilities including 4 critical RCEs
- CVE-2026-25592 and CVE-2026-26030 in Semantic Kernel allow prompt injection to escalate to RCE
Last Week in AI Security — Week of May 4, 2026
Critical Ollama memory leak exposes 300,000 servers; malvertising campaign weaponizes Claude.ai shared chats via Google Ads; EU finalizes AI Act simplification ahead of August deadline.
- CVE-2026-7482 'Bleeding Llama' enables unauthenticated attackers to leak entire Ollama process memory
- Attackers abuse Google Ads and legitimate claude.ai shared chats to distribute Mac malware
- EU AI Omnibus agreement postpones high-risk system compliance while banning nudification apps
Last Week in AI Security — Week of April 27, 2026
Google reports 32% surge in prompt injection attacks; Pentagon signs AI deals with 7 tech giants while Anthropic remains blacklisted; CVE-2026-31431 Linux privilege escalation threatens all distributions since 2017.
- Google detects 32% increase in malicious prompt injection attempts from Nov 2025 to Feb 2026
- Pentagon finalizes classified AI deployment with OpenAI, Google, Microsoft, excluding Anthropic
- CVE-2026-31431: Linux kernel flaw allows unprivileged users to gain root on distributions since 2017
Last Week in AI Security — Week of April 20, 2026
Anthropic's Mythos Preview unleashes 'Vulnpocalypse' fears as AI models find thousands of zero-days; Firefox 150 patches 271 AI-discovered vulnerabilities in defensive race.
- Anthropic withholds Mythos Preview from public release citing unprecedented vuln-discovery power
- Firefox 150 patches 271 bugs found by Claude Mythos; Microsoft integrates AI into SDL
- PyTorch CVE-2026-24747 (CVSS 9.8) enables RCE via malicious checkpoint files in versions ≤2.9.1
Last Week in AI Security — Week of April 13, 2026
Prompt injection emerges as unsolvable threat as CIS and UK NCSC warn defenses remain insufficient; critical vLLM RCE and PyTorch vulnerabilities under active exploitation.
- CIS warns prompt injection is 'inherent threat' as government AI adoption reaches 82%
- Critical CVE-2026-22778 vLLM RCE allows video link attack; PyTorch CVE-2026-24747 rated 9.8
- Microsoft CVE-2026-21520 Copilot Studio patched but data exfiltration continues
Last Week in AI Security — Week of April 6, 2026
Anthropic's Claude Mythos found thousands of zero-days in critical infrastructure; Apple Intelligence jailbroken via prompt injection at 76% success rate; three critical LangChain and vLLM vulnerabilities enable data exfiltration.
- Anthropic Project Glasswing deploys Mythos Preview to 40+ orgs after finding thousands of zero-days
- Apple Intelligence vulnerable to prompt injection with 76% success rate via Unicode obfuscation
- LangChain CVE-2026-34070, CVE-2025-68664, CVE-2025-67644 expose enterprise AI to data theft
Last Week in AI Security — Week of March 30, 2026
Anthropic's Claude Code codebase accidentally exposed on npm in packaging error; China-linked attackers exploit Claude for cyberattacks; Unit 42 fuzzing research reveals LLM guardrail fragility at scale.
- Anthropic ships entire Claude Code source (500K lines) to npm in misconfigured debug bundle
- China-linked hackers exploit Claude and DeepSeek in Mexican government attack stealing tax data
- Unit 42 genetic prompt fuzzing reveals LLMs remain vulnerable despite years of safety work
Last Week in AI Security — Week of March 23, 2026
Zenity demonstrates zero-click prompt injection exploits at RSA 2026; Cisco releases DefenseClaw open-source agent security framework; Meta AI agent autonomously exposes data in severe breach incident.
- Zenity's 'Your AI Agents Are My Minions' demo shows zero-click prompt injection chains at RSA 2026
- Cisco releases DefenseClaw, open-source secure agent framework with NVIDIA OpenShell integration
- Meta confirms internal AI agent autonomously exposed proprietary code during two-hour Sev 1 incident
Last Week in AI Security — Week of March 16, 2026
vLLM remote code execution via video link (CVE-2026-22778), Palo Alto Networks reveals prompt fuzzing weaknesses across models, and HiddenLayer reports 1 in 8 companies hit by agentic AI breaches.
- Critical vLLM RCE vulnerability (CVE-2026-22778) allows remote code execution via malicious video URL
- Palo Alto Unit 42 prompt fuzzing study shows evasion rates up to 96.65% against existing guardrails
- HiddenLayer's 2026 Threat Report: 1 in 8 companies report AI breaches linked to agentic systems
Last Week in AI Security — Week of March 9, 2026
OpenAI acquires Promptfoo for AI red-teaming; Pentagon labels Anthropic a supply-chain risk in heated AI ethics dispute; Chrome Gemini panel CVE and EU AI Act enforcement rules published.
- OpenAI acquires Promptfoo to integrate AI security testing into Frontier platform
- Pentagon brands Anthropic 'supply chain risk' after refusing autonomous weapons, mass surveillance use
- Google patches CVE-2026-0628 in Chrome Gemini AI panel; prompt injection attack surface expands
Last Week in AI Security — Week of March 2, 2026
OpenAI launches Codex Security agent; Palo Alto warns AI agents are 2026's top insider threat; vLLM RCE and LangChain serialization vulnerabilities disclosed.
- OpenAI launches Codex Security agent finding 10,561 high-severity vulnerabilities across 1.2M commits
- Palo Alto Networks: AI agents represent new insider threat, with 40% enterprise app integration by 2026
- MITRE ATLAS publishes first 2026 update with Zenity contributions on agentic AI attack techniques
Last Week in AI Security — Week of February 23, 2026
Defense Secretary declares Anthropic a supply chain risk; CrowdStrike report shows AI-enabled breakout time down to 29 minutes; vLLM RCE vulnerability exposed.
- Pentagon designates Anthropic as supply chain risk, bans military contractors from using Claude
- CrowdStrike: AI-accelerated breakout time plummets to 29 minutes, down from 48 minutes in 2024
- Critical vLLM RCE vulnerability (CVE-2026-22778) enables takeover via malicious video links
Last Week in AI Security — Week of February 16, 2026
International AI Safety Report 2026 published; AI-assisted threat actor compromised 600+ FortiGate devices; Google Translate Gemini prompt injection discovered.
- AI-powered attack compromised 600+ FortiGate firewalls across 55 countries
- International AI Safety Report 2026 released by 100+ experts from 30+ nations
- Google Translate Gemini mode exploited via prompt injection vulnerability
Last Week in AI Security — Week of February 9, 2026
International AI Safety Report reveals escalating risks while critical prompt injection vulnerabilities emerge across major AI platforms.
- International AI Safety Report 2026 documents real-world AI security threats across deepfakes and cyberattacks
- NIST releases preliminary Cybersecurity Framework Profile for AI with three-tier priority system
- OpenAI and Microsoft disclose prompt injection vulnerabilities in ChatGPT Atlas and Copilot memory
Last Week in AI Security — Week of February 2, 2026
International AI Safety Report 2026 released by UK's AISI highlighting deepfake and cyberattack risks while ChatGPT wrapper app exposed 300M messages through Firebase misconfiguration
- International AI Safety Report 2026 warns of deepfake surge to 20% of fraud attempts
- Chat & Ask AI exposed 300M messages from 25M users via Firebase misconfiguration
- NIST releases Cyber AI Profile preliminary draft extending CSF 2.0 for AI systems
Last Week in AI Security — Week of January 26, 2026
This week: NIST releases AI Red Teaming guidelines, critical vulnerability in popular inference framework, and new research on multi-modal jailbreaks.
- NIST publishes formal AI Red Teaming framework (AI 600-1 companion)
- CVE-2026-2847: Remote code execution in vLLM serving endpoint
- University of Toronto paper demonstrates cross-modal injection attacks