AI Security Research and Incident Coverage

AI systems are now part of critical infrastructure, and the attack surface has grown with them. Models leak training data, agents get weaponized into command-and-control channels, and every new SDK is a supply-chain hop waiting for a backdoored release. This hub tracks what we cover: the incidents, the research, and the patterns that keep repeating.

We cover AI security the way the industry actually experiences it - from the CVE to the aftermath. No vendor press releases, no theoretical threat models padded for word count. If a real compromise happened, we report it. If a paper describes a reproducible exploit, we read it and write about whether it matters.

Supply-chain and SDK compromises

SDKs and orchestration layers are where attackers reach the most keys per kilobyte of malicious code. Our most-read story of 2026 was a supply-chain compromise in a widely deployed LLM router, and the pattern has kept repeating.

• LiteLLM supply-chain compromise drains developer credentials
• LLM router agent supply-chain attack
• RoguePilot: GitHub Copilot extension supply-chain attack
• Claude Code npm leak and "Claw-Code" GitHub record
• HackerBot: Claw, Trivy, and the GitHub Actions compromise

Full catalog: /tags/supply-chain-attack/

Agents and assistants weaponized

When the attacker can use the same models you do, defender asymmetry goes to zero. We cover both sides - offensive research on agents that run exploits and defensive coverage of products meant to stop them.

• AI assistants weaponized as C2 proxies
• Single operator uses DeepSeek and Claude to breach 600 FortiGate firewalls
• Kali Linux integrates Claude for automated pentesting
• BugTraceAI Apex: red-team LLM fits on a single RTX 3060
• AI hacker breaches 600 Fortinet firewalls in 5 weeks

Model vulnerabilities and data leaks

Training-data extraction, jailbreaks that scale, and cloud misconfigurations that expose unreleased models.

• Anthropic's Mythos model exposed via CMS misconfiguration
• Anthropic leak reveals Claude Mythos and cybersecurity risks
• Gemini CLI X account hacked in CLI token scam
• GitHub LLM malware repositories
• Anthropic says DeepSeek and Moonshot ran 24,000 fake accounts to steal Claude's capabilities

Benchmarks, red teams, and disclosure

The security research side - what can actually be measured, where the public benchmarks fail, and how responsible disclosure plays out for AI systems.

• Every major AI agent benchmark can be hacked
• Stanford-Harvard AI agent red team study
• Anthropic ships $100M AI cyber defense to 12 rivals
• Claude Code auto mode and agentic safety
• Linux Foundation $12M to fight AI bug slop

Policy, procurement, and national security

Who is allowed to sell AI to whom, and what the government does when it decides something is a supply-chain risk.

• Anthropic sues Pentagon over supply-chain blacklist
• Anthropic wins injunction against Pentagon ban
• Pentagon formally designates Anthropic a supply-chain risk
• Google and OpenAI employees letter limiting military AI
• NIST AI agent standards initiative

Related coverage

Full catalogs are auto-updated on the tag pages:

• Security - all security-adjacent coverage
• Cybersecurity - attacks, defenses, threat intel
• Supply Chain Attack - compromised packages, SDKs, agents
• AI Safety - alignment, oversight, red-team research
• Vulnerabilities - specific CVEs and disclosure stories
• Prompt Injection - input-layer attacks

Why we cover this

Two things separate useful AI-security coverage from the noise. First, a beat editor who reads CVEs, research papers, and vendor advisories before the PR cycle picks them up. Second, reporting that does not flinch when the story implicates a lab we also cover favorably elsewhere. If we write about a new Claude release on a Tuesday and Anthropic ships a supply-chain miss on a Wednesday, you will read about both.

This page is the front door. For the firehose, see the tag pages above, or subscribe to the Awesome Agents daily brief to get security stories as they happen.