Sign up to save your podcasts
Or
Share This Week in AI Security - 16th April 2026
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
This Week in AI Security - 16th April 2026
This week, Jeremy breaks down a sophisticated bypass of Apple Intelligence and explores a hardware-level GPU threat that turns "vandalism" into full system takeovers. We also look at the massive data fallout from the Mercor supply chain breach and why "Claude Mythos" is officially ending the era of slow vulnerability management.
Key Stories & Developments:
- NeuralExec vs. Apple: Researchers reveal a 76% success rate in bypassing Apple Intelligence safety filters using Right-to-Left (RTL) Unicode overrides.
- The 4TB Mercor Leak: The fallout from the LiteLLM supply chain attack is confirmed: 4 terabytes of data stolen, leading Meta to pause contracts and OpenAI to investigate exposure.
- GPU-Breach: A new technique from the University of Toronto moves beyond "bit-flipping" to gain God-mode over GPU memory, threatening cryptographic secrets.
- Secret Sprawl Explosion: GitGuardian reports a 34% jump in exposed secrets, with AI service credentials (like OpenRouter and Google API keys) being the fastest-growing category.
- The Death of the Patch Cycle: "Claude Mythos" has flipped the script—99% of its AI-discovered zero-days are now valid, forcing a realization that this is no longer an AI security problem, but a high-speed vulnerability management crisis.
Episode Links
- https://9to5mac.com/2026/04/09/researchers-detail-how-a-prompt-injection-attack-bypassed-apple-intelligence-protections/
- https://securityboulevard.com/2026/04/bypassing-llm-supervisor-agents-through-indirect-prompt-injection/
- https://cybersecurityjournal.ca/techtalk/83883-flowise-cve-2025-59528-rce-exploitation-ai-agent-builder-2026-04-08/
- https://cyberscoop.com/grafanaghost-grafana-prompt-injection-vulnerability-data-exfiltration/
- https://techcrunch.com/2026/04/09/after-data-breach-10b-valued-startup-mercor-is-having-a-month/
- https://www.helpnetsecurity.com/2026/04/14/gitguardian-ai-agents-credentials-leak/
- https://securityaffairs.com/190455/security/gpubreach-exploit-uses-gpu-memory-bit-flips-to-achieve-full-system-takeover.html
- https://aisle.com/blog/system-over-model-zero-day-discovery-at-the-jagged-frontier
- https://openai.com/index/scaling-trusted-access-for-cyber-defense/
- https://www.npr.org/2026/04/11/nx-s1-5778508/anthropic-project-glasswing-ai-cybersecurity-mythos-preview
- https://labs.cloudsecurityalliance.org/wp-content/uploads/2026/04/mythosready.pdf
- https://www.businessinsider.com/andon-market-luna-ai-agent-managed-store-san-francisco-2026-4#
Worried about AI security?
Get Complete AI Visibility in 15 Minutes. Discover all of your shadow AI now. Book a demo of Firetail's AI Security & Governance Platform: https://www.firetail.ai/request-a-demo
View all episodes
By Jeremy SnyderThis week, Jeremy breaks down a sophisticated bypass of Apple Intelligence and explores a hardware-level GPU threat that turns "vandalism" into full system takeovers. We also look at the massive data fallout from the Mercor supply chain breach and why "Claude Mythos" is officially ending the era of slow vulnerability management.
Key Stories & Developments:
- NeuralExec vs. Apple: Researchers reveal a 76% success rate in bypassing Apple Intelligence safety filters using Right-to-Left (RTL) Unicode overrides.
- The 4TB Mercor Leak: The fallout from the LiteLLM supply chain attack is confirmed: 4 terabytes of data stolen, leading Meta to pause contracts and OpenAI to investigate exposure.
- GPU-Breach: A new technique from the University of Toronto moves beyond "bit-flipping" to gain God-mode over GPU memory, threatening cryptographic secrets.
- Secret Sprawl Explosion: GitGuardian reports a 34% jump in exposed secrets, with AI service credentials (like OpenRouter and Google API keys) being the fastest-growing category.
- The Death of the Patch Cycle: "Claude Mythos" has flipped the script—99% of its AI-discovered zero-days are now valid, forcing a realization that this is no longer an AI security problem, but a high-speed vulnerability management crisis.
Episode Links
- https://9to5mac.com/2026/04/09/researchers-detail-how-a-prompt-injection-attack-bypassed-apple-intelligence-protections/
- https://securityboulevard.com/2026/04/bypassing-llm-supervisor-agents-through-indirect-prompt-injection/
- https://cybersecurityjournal.ca/techtalk/83883-flowise-cve-2025-59528-rce-exploitation-ai-agent-builder-2026-04-08/
- https://cyberscoop.com/grafanaghost-grafana-prompt-injection-vulnerability-data-exfiltration/
- https://techcrunch.com/2026/04/09/after-data-breach-10b-valued-startup-mercor-is-having-a-month/
- https://www.helpnetsecurity.com/2026/04/14/gitguardian-ai-agents-credentials-leak/
- https://securityaffairs.com/190455/security/gpubreach-exploit-uses-gpu-memory-bit-flips-to-achieve-full-system-takeover.html
- https://aisle.com/blog/system-over-model-zero-day-discovery-at-the-jagged-frontier
- https://openai.com/index/scaling-trusted-access-for-cyber-defense/
- https://www.npr.org/2026/04/11/nx-s1-5778508/anthropic-project-glasswing-ai-cybersecurity-mythos-preview
- https://labs.cloudsecurityalliance.org/wp-content/uploads/2026/04/mythosready.pdf
- https://www.businessinsider.com/andon-market-luna-ai-agent-managed-store-san-francisco-2026-4#
Worried about AI security?
Get Complete AI Visibility in 15 Minutes. Discover all of your shadow AI now. Book a demo of Firetail's AI Security & Governance Platform: https://www.firetail.ai/request-a-demo