< ciso
brief />
Tag Banner

All news with #ai supply chain tag

28 articles

HalluSquatting: New AI supply-chain attack risks

🛡️ New research describes "HalluSquatting," an attack that exploits AI assistants' habit of inventing resource names. Attackers register those predictable fake names on marketplaces and plant adversarial instructions; when an assistant hallucinate-fetches the same name, it may run the attacker's commands. The technique abuses auto-run modes and agent tools that fetch and execute external code, permitting widespread compromise without traditional malware or exploits.
read more →

How AI Is Rewriting Software Supply Chain Risk

🛡️ Software supply chain security has evolved as AI tools and agents become integral to builds. What used to be a question of third‑party packages and transitive dependencies now includes models, agents, prompts, and autonomous tooling as provenance concerns. Teams must extend lineage to models and pipeline actions, and prioritize findings by actual exploitability to avoid alert overload. The discussion surfaces in a webinar on July 22 covering new research and practical program changes.
read more →

Malicious AI agent skill bypasses security checks

🛡️ A faux AI agent skill called brand-landingpage bypassed static security scanners and reached over 26,000 users via an Instagram ad, highlighting risks as enterprises adopt AI-driven tools. The skill pointed agents to a fake Stitch SDK hosted on a domain controlled by researchers, which initially redirected to the real Google Stitch site to pass review. After distribution, the researchers changed the hosted content to instruct agents to download a script that collected email addresses, demonstrating how mutable external resources let malicious behaviors slip past static reviews. Security vendors and scanners from Cisco, Nvidia, and skills.sh marked the skill safe during testing.
read more →

AI tools surge in underground ransomware marketplaces

🔍 Analysis by Halcyon shows a rapid rise in AI-based tools sold across Telegram channels, dark web forums, and underground markets, with posts increasing from 38 in December 2025 to 1,486 by February 2026. The offerings fall into four groups: weaponized LLMs, AI-enabled identity fraud, AI-augmented malware/infrastructure, and jailbroken or stolen AI services. Ransomware operations are professionalising with tiered services, automation and freemium models, lowering the skill barrier for new actors while law enforcement takedowns and better enterprise defenses remain critical.
read more →

TrapDoor campaign raises developer workstation risk

🛡️ Researchers uncovered the TrapDoor campaign, a cross-registry malicious package operation affecting npm, PyPI, and Crates.io that targets developer workflows and AI coding assistant files. The packages exfiltrated secrets such as AWS credentials, GitHub tokens, SSH keys, browser data, and local dev configs by abusing normal execution points like postinstall scripts, import-time execution, and Rust build scripts. Analysts warn this workflow-focused approach enables persistence and lateral movement into CI/CD and cloud infrastructure, recommending stronger install-time scanning, least-privilege credentials, endpoint hardening, and AI tooling governance.
read more →

Why Security Fixes Often Miss Vulnerability Dashboards

🔍 On April 22 a trojanized Bitwarden CLI briefly appeared on npm, harvesting developer tokens via a compromised GitHub Action tied to the Checkmarx supply‑chain incident. Bitwarden later issued CVE‑2026‑42994, but the author notes the CVE was retroactive and did not imply a patchable defect. The piece argues CVE’s artifact‑centric model struggles with agentic and model‑mediated threats that mutate behaviorally and often evade dashboards.
read more →

G7 Issues Minimum SBOM Elements for AI Supply Chains

🔍 A G7 Cybersecurity Working Group paper published on 12 May defines minimum elements for software bills of materials (SBOMs) tailored to AI systems, aiming to boost transparency across AI supply chains. It outlines seven clusters — Metadata, System Level Properties, Models, Dataset Properties, Key Performance Indicators, Infrastructure and Security Properties — to guide producers and users. The guidance stresses clusters are non-mandatory, that SBOMs alone are insufficient, and recommends linking SBOMs to vulnerability, advisory and tooling ecosystems.
read more →

CISA's AI SBOM Guidance Expands Supply‑Chain Oversight

🔍 The US Cybersecurity and Infrastructure Security Agency (CISA), working with G7 cyber partners, released supplemental minimum elements for an AI software bill of materials to document models, datasets, software components, providers, licenses, and other dependencies. The guidance extends traditional SBOM concepts into AI and is positioned to support procurement and vendor-risk assessments while remaining non‑exhaustive and non‑mandatory. Security teams should press vendors for model provenance, training and update practices, and runtime controls, but must recognize AI SBOMs provide visibility rather than assurance.
read more →

Managed Apache Airflow: Scaling Data and AI Workloads

🚀 Google announced that Cloud Composer is now Managed Service for Apache Airflow and that Apache Airflow 3.1 is Generally Available to support AI and MLOps workloads. The release introduces a decoupled architecture, native DAG versioning, managed backfills, event-driven scheduling, and Human-in-the-Loop alerts. Managed Airflow embeds a Data Engineering Agent for agentic troubleshooting, adds a declarative YAML-based Deployment Automation Framework with cross-product bundles, and launches an MCP Server in public preview to reduce developer context-switching.
read more →

Google Virgo Network: Megascale AI Data Center Fabric

🚀 Google announces the Virgo Network, a megascale, flat two-layer fabric purpose-built for modern AI workloads that unifies accelerators across pods into a single compute domain. The design separates a high-bandwidth scale-up domain, an east-west RDMA scale-out accelerator fabric, and the Jupiter north-south network to deliver deterministic low latency and massive non-blocking bandwidth. Virgo uses high-radix switches and multi-planar control domains to reduce layers and isolate faults, while sub-millisecond telemetry and automated straggler detection aim to preserve cluster goodput. The fabric targets predictable performance and rapid recovery for large distributed training and serving.
read more →

Anthropic MCP Design Flaw Enables Remote Code Execution

⚠️ OX Security disclosed a systemic "by design" vulnerability in Anthropic's Model Context Protocol (MCP) SDK that permits remote command execution across reference implementations (Python, TypeScript, Java, Rust). Unsafe defaults in MCP's STDIO configuration produced 10 vulnerabilities affecting projects such as LiteLLM, LangChain, and Flowise, impacting over 7,000 public servers and 150 million downloads. Several downstream vendors have issued patches, but Anthropic has declined to change the protocol reference implementation, leaving an ongoing AI supply-chain risk.
read more →

Critical Architectural Flaw in MCP Threatens AI Supply Chain

⚠️ Researchers have identified a critical, systemic vulnerability in MCP, the open source model context protocol developed by Anthropic. An Ox Security report published on April 15 says an architectural decision in official MCP SDKs causes the STDIO interface to execute arbitrary commands even when a local server process fails to start, enabling attackers to run malicious commands without sanitization. The flaw could expose API keys, chat histories, internal databases and other sensitive data across thousands of instances, and Ox Security reports that Anthropic has declined to change the protocol.
read more →

Researchers Warn of Rising AI-Generated Code Vulnerabilities

⚠️ Georgia Tech researchers warn that AI-assisted 'vibe coding' is producing measurable security flaws in real projects. The Vibe Security Radar traced at least 35 new CVEs in March 2026 and reports 74 confirmed AI-related vulnerabilities to date, while estimating the true count in open source may be five to ten times higher. The team monitors roughly 50 tools and uses metadata and AI agents to map vulnerable commits back to assistants such as Claude Code, noting some tools leave no trace.
read more →

Paid AI Accounts Now a Hot Underground Commodity Market

🤖 Flare's analysis of hundreds of fraud-forum posts finds premium AI subscriptions (including ChatGPT, Claude, and Microsoft Copilot) are widely advertised, bundled, and resold in underground markets. Listings tout discounted subscriptions, multi-service bundles, API keys, and claims of reduced restrictions. Patterns point to exposed keys, credential theft, large-scale account creation, trial abuse, and shared subscriptions fueling the trade, increasing operational and data risk for organizations.
read more →

54-Year-Old Pleads Guilty After $8M Streaming Fraud

🎵 Michael Smith pleaded guilty to conspiracy to commit wire fraud after using AI to generate hundreds of thousands of songs and deploying up to 10,000 bots that streamed them billions of times, fraudulently earning more than US $8 million in royalties. He has agreed to forfeit US $8,091,843.64 and will be sentenced on July 29, 2026. The case highlights how AI and automation can be abused on streaming platforms, undermining legitimate artists' income.
read more →

Anthropic Ban Signals New AI Supply Chain Risks for CISOs

🔒The Trump administration's ban on Anthropic as a supply-chain risk forces CISOs to locate, isolate, and potentially remove a specific AI model across complex environments. The Pentagon memo gives 180 days and requires contractor certification, but enterprises lack comprehensive inventories and visibility into AI usage. Experts debate whether existing SBOM methods suffice and warn that removal can be disruptive without careful governance.
read more →

Anthropic's Claude: IP Theft, Government Ultimatums

🛡️ Two recent episodes involving Anthropic’s Claude — a China-based large-scale extraction campaign and the U.S. government’s ban of Claude for federal use — expose a growing operational risk in frontier AI. When adversaries can probe a model at scale they can map strengths and predictable seams, and when major customers demand behavioral changes vendors face immediate, operational trade-offs. CISOs should treat frontier models as high-value dependencies shaped by upstream pressures and invest in visibility, monitoring, and governance to detect when external influences begin affecting deployed behavior.
read more →

How Google Addresses Critical Security Topics, 2026

🛡️ Royal Hansen, VP Engineering at Google, outlines how Google Cloud is confronting emergent cybersecurity risks as AI reshapes the threat landscape. He emphasizes AI-powered malware, supply-chain and training-data poisoning, and governance challenges tied to loss-of-control of AI infrastructure. Google is advancing controls—tamper-proof provenance, model-level protections, Identity and Access Management, and treating prompts like code—while rolling out agentic workflows to augment SOC teams. The post also consolidates recent threat intelligence, incident responses, and practitioner resources.
read more →

Top 5 Real-World AI Security Threats Revealed in 2025

🔒 2025 exposed major, real-world risks across the AI ecosystem as rapid adoption of agentic AI expanded enterprise attack surfaces. Researchers documented pervasive Shadow AI and vulnerable vendor tools, AI supply-chain poisoning, credential theft (LLMjacking), prompt-injection attacks, and rogue or misconfigured MCP servers. These incidents affected popular frameworks and cloud services and resulted in data breaches, remote-code execution, and costly fraud.
read more →

AI-Enhanced Tuoni Framework Targets US Real Estate Firm

🔍 Morphisec observed an AI-enhanced intrusion in October 2025 that targeted a major US real estate firm using the modular Tuoni C2 framework. The campaign began with a Microsoft Teams impersonation and a PowerShell one-liner that spawned a hidden process to retrieve a secondary script. That loader downloaded a BMP file and used least significant bit steganography to extract shellcode, executing it entirely in memory and reflectively loading TuoniAgent.dll. Researchers noted AI-generated code patterns and an encoded configuration pointing to two C2 servers; Morphisec's AMTD prevented execution.
read more →