Ask ChatGPT to summarize a webpage and it might phish you. An attacker can embed invisible instructions in any page that hijack how ChatGPT renders the summary. Your IP leaks. Fake login links appear. Welcome to 2026.
An attacker exploited a Marimo notebook, let an LLM agent do the post-exploitation, and it dumped an entire PostgreSQL database in 4 pivots. This is the first documented LLM-agent intrusion in the wild.
A single slash in the HTTP Host header bypasses authentication on FastAPI, vLLM, MCP servers, and basically every Python AI service. 325 million downloads per week affected.
380,000 AI-built apps deployed with zero security review. 45% of AI-generated code has OWASP Top 10 vulnerabilities. An AI social network leaked its entire database in 3 days. But sure, ship it.
Deepfake voice calls, AI-written phishing with perfect grammar, chatbot-powered social engineering. The scams just got a lot harder to spot. Here's how we train for them.