AI Security Research and Incident Coverage
Tracking AI supply-chain attacks, agent exploits, prompt injection, model leaks, and the real-world incidents shaping AI security today.
Cybersecurity
Gemini CLI X Account Hacked to Push Pump.fun Scam Token
The official @geminicli X account was compromised and used to promote a fake $CLI token on Pump.fun. Users quickly identified it as a scam.
Cal.com Closes Its Source Code, Blames AI Hackers
Cal.com moved its core codebase to a private repo after five years of open source, arguing AI tools make public code 5-10x easier to exploit. The community isn't buying it.
GPT-5.4-Cyber Review: Defensive AI, Controlled Access
OpenAI's GPT-5.4-Cyber is a fine-tuned defensive cybersecurity model with binary reverse engineering, lowered refusal thresholds, and restricted access through the Trusted Access for Cyber program.
OpenAI Launches GPT-5.4-Cyber for Vetted Defenders Only
OpenAI's GPT-5.4-Cyber is a restricted model fine-tuned for defensive cybersecurity with binary reverse engineering and reduced refusal rates, available only through identity-verified access tiers - a direct response to Anthropic's Mythos Preview.
Opus 4.7 Reportedly Days Away as OpenAI Fires Back With GPT-5.4 Cyber
The Information reports Anthropic is prepping Claude Opus 4.7 and an AI design tool for imminent release, while OpenAI launched GPT-5.4-Cyber yesterday - a restricted cybersecurity model that directly challenges Claude Mythos.
9 of 428 LLM Routers Were Secretly Hijacking Agent Calls
UC Santa Barbara researchers found 9 of 428 third-party LLM routers actively injecting malicious tool calls, draining crypto, and stealing AWS credentials from AI agent sessions.
Claude Mythos Preview - Anthropic's Restricted Frontier
Claude Mythos Preview is Anthropic's most capable model - restricted to 50 orgs via Project Glasswing, with 93.9% on SWE-bench Verified and thousands of autonomous zero-day discoveries.
BugTraceAI Apex Fits a Red Team LLM on an RTX 3060
A 26B MoE model fine-tuned on elite bug bounty reports and real evasion techniques runs locally in 16.7GB, delivering WAF bypasses, exploit chains, and zero refusals with internal reasoning blocks.
Claude Mythos Preview Finds Thousands of Zero-Days
Anthropic's restricted Claude Mythos Preview model autonomously discovered thousands of high-severity vulnerabilities across every major OS and browser, including bugs hiding in plain sight for 27 years.
Anthropic Ships $100M AI Cyber Defense to 12 Rivals
Project Glasswing unites AWS, Apple, Google, Microsoft, CrowdStrike, and seven other organizations with $100M in credits for Anthropic's restricted Mythos Preview model to patch critical infrastructure before attackers catch up.
Anthropic's Mythos Model Exposed by CMS Misconfiguration
A default-public setting in Anthropic's CMS accidentally exposed 3,000 unpublished assets, including a draft blog post revealing Claude Mythos - a new flagship model the company says poses serious cybersecurity risks.
