SecurityThree Point One
When a vulnerability transmits your database credentials to a third-party endpoint by design and scores CVSS 3.1, the problem is not the vulnerability, it is the triage system that will deprioritize it.
Intelligence
Strategic Briefs
Sharp analysis of the cybersecurity developments that matter most, with strategic context most coverage misses.
AI Writes the Exploit: UNC2814's Gemini Zero-Day and the Automation Gap That Just Closed
Google GTIG's confirmation of the first AI-generated zero-day deployed in a live attack closes the loop on Monday's AI agent vulnerability wave, connecting the attack surface (vulnerable AI frameworks) to the attack tool (AI-generated exploits) in the same reporting week.
The Agent Trusts the Output
Eight AI agent frameworks disclosed the same class of remote code execution vulnerability in a single week because the entire ecosystem shares a cognitive failure: treating LLM output as trusted data rather than untrusted instructions.
ShinyHunters Adds 275 Million Students to Monday's Breach Wave, PAN-OS Zero-Day Leaves Perimeter Gaps Until May 13
ShinyHunters expanded Monday's identity breach wave to 275 million education users via Canvas and pivoted to cloud data warehouse infrastructure at Vimeo; separately, an unpatched PAN-OS RCE zero-day leaves internet-facing firewalls exposed until at least May 13.
What the Model Returns, the Shell Executes
Eight AI agent frameworks disclosed the same architectural vulnerability in a single week, revealing that the AI agent ecosystem is repeating the early-web SQL injection era under exploitation timelines that leave no room to learn slowly.
LiteLLM's 36-Hour Exploitation Window Confirms the AI Attack Surface Has Moved Up the Stack
The rapid exploitation of CVE-2026-42208 in LiteLLM marks the first confirmed weaponization of the AI API proxy layer, while TeamPCP's new ransomware partnership turns out to be a wiper with no recovery path.
AI Infrastructure Exploited Within 24 Hours of Disclosure
Four AI infrastructure platforms (Langflow, Marimo, LMDeploy, Flowise) were exploited within 24 hours of vulnerability disclosure last week. The patching window has collapsed to under one attacker shift.
The Protocol Is Doing Its Job
MCP's trust architecture makes any exposed management interface a pre-authenticated command shell by design, not by accident, and two RCE vulnerabilities in the same week reveal a deployment curve that has outrun both audit methodology and detection playbooks.
Mythos Finds Zero-Days. npm Found Three More.
The same week Anthropic unveiled an AI that autonomously finds zero-days, its own CLI shipped a CVSS 9.8 command injection, exposed by a debugging artifact that had been sitting in an npm package since March 31.
Trust Is the Exploit
From a six-month DPRK social engineering operation to mass exploitation of developer ecosystems, this week's threat landscape reveals that the most reliable attack surface is the trust we extend by default.
The Mental Model Is the Vulnerability
Five AI infrastructure disclosures in one day share the same root cause: the gap between what users believe their security settings do and what the framework actually executes.
Trust Is the Attack Surface
Every major incident this week exploited institutional or interpersonal trust rather than technical vulnerabilities. The adversary's target is not the system. It is the relationship.