This Week in AI Security - 18th June 2026

This Week in AI Security - 18th June 2026

In this episode, Jeremy explores the fallout of the first US government-mandated global model kill switch, an unprecedented action taken against Anthropic's new Fable model. We also examine CISA's radical new 3-day vulnerability remediation timeline and how autonomous threats are now weaponizing application monitoring software.

Key Episode Highlights:

  • The Global Kill Switch: Just five days after launch, the US Department of Commerce invoked a sweeping export control directive against Anthropic's Claude Fable model after an Amazon-discovered jailbreak was flagged to national security officials. This action triggered a total global deactivation, limiting access exclusively to US citizens.
  • The "Lethal Trifecta" of Agent Hijacking: Toxic researchers define the critical conditions where AI agents become highly weaponizable: concurrent access to sensitive data, exposure to untrusted external content, and the ability to execute outbound actions.
  • Sentry "Agentjacking": Attackers are injecting malicious Markdown into standard Sentry error logs to bypass WAF and EDR tools, silently hijacking the AI agents developers deploy to automatically triage and fix code errors.
  • CISA BOD 2026-04: As the "Vulnpocalypse" pushes the projected 2026 vulnerability count to 66,000, CISA has issued an emergency Binding Operational Directive that slashes the required patching timeline for critical software flaws down to a blistering 3 days.
  • Hugging Face Framework RCE: A newly disclosed critical vulnerability (CVE-2026-4372) proves that a single polluted line in a Hugging Face configuration file can grant full Remote Code Execution on enterprise inference servers.
  • The Shai-Hulud Miasma: A sophisticated 4.6MB payload is now exploiting static code analysis within AI development pipelines. The worm intentionally embeds instructions regarding heavily restricted topics (e.g., bomb-making) into error logs to intentionally trigger LLM safety halts, effectively blinding AI security monitoring tools.

Episode Links

https://unit42.paloaltonetworks.com/hijacking-vertex-ai-model/

https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html

https://blog.securityjoes.com/post/shai-hulud-miasma-when-a-supply-chain-worm-learned-to-hijack-ai-coding-agents

https://thehackernews.com/2026/06/litellm-vulnerability-chain-lets-low.html

https://thehackernews.com/2026/06/144-mastra-npm-packages-compromised-via.html

https://www.brinztech.com/breach-alerts/brinztech-ai-infrastructure-alert-authentication-evasion-broken-access-controls-and-automated-agent-manipulation-the-in-the-wild-scanning-exploitation-loop-of-praisonai-cve-2026-44338

https://www.toxsec.com/p/agentic-ai-attacks-explained-lethal-trifecta

https://cyberscoop.com/cisa-vulnerability-remediation-directive-bod-26-04/

https://www.helpnetsecurity.com/2026/06/15/first-2026-cve-forecast/

https://pluto.security/blog/unauthenticated-remote-code-execution-in-huggingface-transformers-via-config-injection/

https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html

https://thehackernews.com/2026/06/malicious-jetbrains-plugins-steal-ai.html

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(120)

This Week in AI Security - 2nd July 2026

This Week in AI Security - 2nd July 2026

A lighter week on volume, which gives Jeremy room to go deeper on a set of stories that all reinforce trends we've been tracking for months. The through-line: prompts keep showing up in places nobody ...

2 Juli 12min

This Week in AI Security - 25th June 2026

This Week in AI Security - 25th June 2026

This week's episode is short but loaded. Jeremy walks through a run of stories where AI is reshaping both sides of the security fight at once. Models are now surfacing decades-old vulnerabilities that...

2 Juli 13min

Taylor Hersom of Eden Dta

Taylor Hersom of Eden Dta

In this episode of Modern Cyber, Jeremy is joined by Taylor Hersom, Founder of Eden Data, to explore the critical intersection of cybersecurity, compliance, and enterprise growth.They discuss why star...

24 Juni 42min

Kenneth Ellington of Ellington Cybersecurity Academy

Kenneth Ellington of Ellington Cybersecurity Academy

In this episode of Modern Cyber, Jeremy sits down with Kenneth Ellington, founder of Ellington Cyber Academy, to explore the rapidly evolving landscape of SIEM engineering, threat hunting, and automat...

16 Juni 30min

This Week in AI Security - 11th June 2026

This Week in AI Security - 11th June 2026

In this episode, Jeremy explores how the automated "Vulnpocalypse" is officially manifesting in enterprise networks. As Microsoft logs a historic record-shattering Patch Tuesday to keep pace with AI-a...

11 Juni 12min

Nick Cawthon of Guage

Nick Cawthon of Guage

In this episode of Modern Cyber, Jeremy sits down with Nick Cawthon, an enterprise-scale design strategist and user experience researcher, to explore the critical and frequently neglected relationship...

9 Juni 38min

This Week in AI Security - 4th June 2026

This Week in AI Security - 4th June 2026

In this week's episode, Jeremy reports live from the sidelines of Infosecurity Europe in London. As state-sponsored actors turn to thousands of automated recursive prompts to weaponize zero-days, the ...

4 Juni 14min

Populärt inom Business & ekonomi

badfluence
framgangspodden
varvet
svd-tech-brief
rss-borsens-finest
uppgang-och-fall
avanzapodden
dynastin
bathina-en-podcast
rss-inga-dumma-fragor-om-pengar
lastbilspodden
fill-or-kill
rss-dagen-med-di
borsmorgon
rss-dominoeffekten
rikatillsammans-om-privatekonomi-rikedom-i-livet
kapitalet-en-podd-om-ekonomi
montrosepodden
rss-svart-marknad
tabberaset