LLM

CVE-2026-39987: An AI Agent Hacked a Database in Under an Hour

An attacker exploited a Marimo notebook, let an LLM agent do the post-exploitation, and it dumped an entire PostgreSQL database in 4 pivots. This is the first documented LLM-agent intrusion in the wild.