Sign up to save your podcasts
Or
Share This Week in AI Security - 18th June 2026
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
This Week in AI Security - 18th June 2026
In this episode, Jeremy explores the fallout of the first US government-mandated global model kill switch, an unprecedented action taken against Anthropic's new Fable model. We also examine CISA's radical new 3-day vulnerability remediation timeline and how autonomous threats are now weaponizing application monitoring software.
Key Episode Highlights:
- The Global Kill Switch: Just five days after launch, the US Department of Commerce invoked a sweeping export control directive against Anthropic's Claude Fable model after an Amazon-discovered jailbreak was flagged to national security officials. This action triggered a total global deactivation, limiting access exclusively to US citizens.
- The "Lethal Trifecta" of Agent Hijacking: Toxic researchers define the critical conditions where AI agents become highly weaponizable: concurrent access to sensitive data, exposure to untrusted external content, and the ability to execute outbound actions.
- Sentry "Agentjacking": Attackers are injecting malicious Markdown into standard Sentry error logs to bypass WAF and EDR tools, silently hijacking the AI agents developers deploy to automatically triage and fix code errors.
- CISA BOD 2026-04: As the "Vulnpocalypse" pushes the projected 2026 vulnerability count to 66,000, CISA has issued an emergency Binding Operational Directive that slashes the required patching timeline for critical software flaws down to a blistering 3 days.
- Hugging Face Framework RCE: A newly disclosed critical vulnerability (CVE-2026-4372) proves that a single polluted line in a Hugging Face configuration file can grant full Remote Code Execution on enterprise inference servers.
- The Shai-Hulud Miasma: A sophisticated 4.6MB payload is now exploiting static code analysis within AI development pipelines. The worm intentionally embeds instructions regarding heavily restricted topics (e.g., bomb-making) into error logs to intentionally trigger LLM safety halts, effectively blinding AI security monitoring tools.
Episode Links
https://unit42.paloaltonetworks.com/hijacking-vertex-ai-model/
https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html
https://blog.securityjoes.com/post/shai-hulud-miasma-when-a-supply-chain-worm-learned-to-hijack-ai-coding-agents
https://thehackernews.com/2026/06/litellm-vulnerability-chain-lets-low.html
https://thehackernews.com/2026/06/144-mastra-npm-packages-compromised-via.html
https://www.brinztech.com/breach-alerts/brinztech-ai-infrastructure-alert-authentication-evasion-broken-access-controls-and-automated-agent-manipulation-the-in-the-wild-scanning-exploitation-loop-of-praisonai-cve-2026-44338
https://www.toxsec.com/p/agentic-ai-attacks-explained-lethal-trifecta
https://cyberscoop.com/cisa-vulnerability-remediation-directive-bod-26-04/
https://www.helpnetsecurity.com/2026/06/15/first-2026-cve-forecast/
https://pluto.security/blog/unauthenticated-remote-code-execution-in-huggingface-transformers-via-config-injection/
https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html
https://thehackernews.com/2026/06/malicious-jetbrains-plugins-steal-ai.html
View all episodes
By Jeremy SnyderIn this episode, Jeremy explores the fallout of the first US government-mandated global model kill switch, an unprecedented action taken against Anthropic's new Fable model. We also examine CISA's radical new 3-day vulnerability remediation timeline and how autonomous threats are now weaponizing application monitoring software.
Key Episode Highlights:
- The Global Kill Switch: Just five days after launch, the US Department of Commerce invoked a sweeping export control directive against Anthropic's Claude Fable model after an Amazon-discovered jailbreak was flagged to national security officials. This action triggered a total global deactivation, limiting access exclusively to US citizens.
- The "Lethal Trifecta" of Agent Hijacking: Toxic researchers define the critical conditions where AI agents become highly weaponizable: concurrent access to sensitive data, exposure to untrusted external content, and the ability to execute outbound actions.
- Sentry "Agentjacking": Attackers are injecting malicious Markdown into standard Sentry error logs to bypass WAF and EDR tools, silently hijacking the AI agents developers deploy to automatically triage and fix code errors.
- CISA BOD 2026-04: As the "Vulnpocalypse" pushes the projected 2026 vulnerability count to 66,000, CISA has issued an emergency Binding Operational Directive that slashes the required patching timeline for critical software flaws down to a blistering 3 days.
- Hugging Face Framework RCE: A newly disclosed critical vulnerability (CVE-2026-4372) proves that a single polluted line in a Hugging Face configuration file can grant full Remote Code Execution on enterprise inference servers.
- The Shai-Hulud Miasma: A sophisticated 4.6MB payload is now exploiting static code analysis within AI development pipelines. The worm intentionally embeds instructions regarding heavily restricted topics (e.g., bomb-making) into error logs to intentionally trigger LLM safety halts, effectively blinding AI security monitoring tools.
Episode Links
https://unit42.paloaltonetworks.com/hijacking-vertex-ai-model/
https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html
https://blog.securityjoes.com/post/shai-hulud-miasma-when-a-supply-chain-worm-learned-to-hijack-ai-coding-agents
https://thehackernews.com/2026/06/litellm-vulnerability-chain-lets-low.html
https://thehackernews.com/2026/06/144-mastra-npm-packages-compromised-via.html
https://www.brinztech.com/breach-alerts/brinztech-ai-infrastructure-alert-authentication-evasion-broken-access-controls-and-automated-agent-manipulation-the-in-the-wild-scanning-exploitation-loop-of-praisonai-cve-2026-44338
https://www.toxsec.com/p/agentic-ai-attacks-explained-lethal-trifecta
https://cyberscoop.com/cisa-vulnerability-remediation-directive-bod-26-04/
https://www.helpnetsecurity.com/2026/06/15/first-2026-cve-forecast/
https://pluto.security/blog/unauthenticated-remote-code-execution-in-huggingface-transformers-via-config-injection/
https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html
https://thehackernews.com/2026/06/malicious-jetbrains-plugins-steal-ai.html