The Information Machine

AI-Enabled Offensive Cyberattacks Escalate · history

Version 10

2026-05-26 18:45 UTC · 305 items

What

A cluster of AI-enabled offensive cyber incidents in May 2026 — TeamPCP's 'Mini Shai-Hulud' supply chain attack (314+ compromised npm/PyPI packages, victims including OpenAI, Mistral AI, and the European Commission [5][6]), the separate 'TrapDoor' attack (34+ packages across npm, PyPI, and Crates.io [9]), and the first confirmed criminal AI-generated zero-day intercepted by Google [12] — are now understood as acceleration of a supply chain attack trend established in March 2026 [1][2], not an isolated spike. GitHub has published a 2026 security roadmap for GitHub Actions [28], the specific attack vector Mini Shai-Hulud exploited, signaling a platform-level institutional response. A BrightTalk webcast confirms Axios npm as an additional named compromise target [7], and social media reporting suggests an unnamed third threat actor has since joined supply chain campaigns [11].

Why it matters

The compression from five supply chain attacks in twelve days (March 2026) to five in forty-eight hours (May 2026), with a possible third actor now joining, shows a CI/CD trust-assumption vulnerability that has become a stable, repeatable template being independently replicated across threat groups. Anthropic's Project Glasswing capability disclosure has simultaneously moved from security research discourse into enterprise operational planning, and the policy question of how AI labs should deploy offensive-capable models remains unresolved across three competing approaches — Anthropic's full restriction, OpenAI's gated access, and Microsoft's government testing mandate.

Open questions

  • Does GitHub's 2026 Actions security roadmap [28] address the specific trust-assumption exploit used in Mini Shai-Hulud's publishing-machinery compromise [4], or is it a general hardening initiative that leaves the core attack vector intact?

  • Social media reports an additional, unnamed threat actor has joined supply chain campaigns [11] — is this TrapDoor operating under a new alias, a fourth independent actor, or secondary amplification of known incidents?

  • Will TeamPCP follow through on its public leak threat against Mistral AI [22]? Mistral has confirmed the breach but not disclosed what data was involved [19], and the specific compromise of mistralai 2.4.6 remains documented without a public remediation scope [34].

  • The AISI autonomous AI cyber capability doubling rate appears in primary-source reporting as approximately 4.5 months [15] but in a secondary analysis as 4.7 months [16] — which figure reflects the primary publication, and does the discrepancy affect the 'Beyond Moore's Law' trajectory argument [17]?

Narrative

Beginning in March 2026, supply chain attacks against open-source package ecosystems surged at a pace that broke existing incident-response assumptions. Zscaler's ThreatLabz team documented the surge across March [1], and a DreamFactory analysis cataloguing five supply chain attacks in twelve days frames March 2026 as the inflection point at which open-source package trust was systematically undermined [2]. The May 2026 wave — compressed to five attacks in forty-eight hours [3] — targeted the same CI/CD trust-assumption layer: GitHub Actions publishing machinery that grants packages elevated permissions without requiring credential theft. TeamPCP's 'Mini Shai-Hulud' attack began May 11, 2026, by compromising 42 TanStack GitHub repositories [4] and expanded to 314+ npm and PyPI packages by May 19 [5][6]. A BrightTalk webcast confirms Axios npm as an additional compromised package [7], extending confirmed victims — OpenAI, Mistral AI, the European Commission, UiPath, Guardrails AI, and SAP [8] — to one of the most widely downloaded HTTP client libraries in the JavaScript ecosystem. A simultaneous but entirely distinct attack, 'TrapDoor,' hit 34+ packages across npm, PyPI, and Crates.io, stealing wallet credentials and SSH keys [9][10], establishing that at least two independent threat actors converged on the same attack surface within the same window, with social media suggesting a possible third [11].

On May 11, Google's Threat Intelligence Group also intercepted what it characterized as the first criminal AI-generated zero-day — a hardcoded trust assumption in a two-factor authentication flow, discovered and weaponized using AI before mass deployment [12]. Attribution reporting names APT45 and UNC2814 with North Korean infrastructure [13][14]. The UK AI Safety Institute published primary-source data documenting autonomous AI cyber capability doubling at approximately every 4.5 months [15], with a secondary analysis citing 4.7 months [16]; Security Boulevard frames this trajectory as outpacing historical technology acceleration curves [17]. OpenAI's post-incident disclosure documented two employee devices compromised, code-signing certificates for iOS, macOS, and Windows apps exfiltrated, and a June 12 revocation deadline [18]. Mistral AI confirmed the breach but declined to disclose what data was taken [19]; TeamPCP escalated from a $25,000 sale listing [20][21] to an explicit threat to publish the data publicly if no buyer emerges [22].

Anthropics's Project Glasswing — disclosed publicly in April 2026 and confirmed at anthropic.com/glasswing [23] — engages external organizations to test Claude Mythos against real-world codebases. Cloudflare's testing partner account documents Mythos chaining exploits in ways earlier frontier models missed across 50+ repositories [24]. Anthropic has not released Mythos publicly [25], framing controlled access as a deliberate safety decision. An open-source replication by Keyvanhardani implements an eight-phase sink-guided pipeline using Claude Opus 4.7 at approximately $1 per run [26], giving Picus Security's 'paradox' argument — that defensive disclosure may accelerate offensive proliferation faster than it builds readiness [27] — concrete material form: the methodology is now publicly available regardless of whether Anthropic releases the original.

Institutional responses have accelerated. GitHub published a 2026 security roadmap for GitHub Actions [28], the attack vector Mini Shai-Hulud exploited, though whether the roadmap addresses the specific trust-assumption vulnerability is not yet established. Microsoft's MDASH multi-agent system independently found 16 Windows vulnerabilities including 4 critical RCE flaws [29], and Microsoft separately called for government cyber testing of frontier AI models [30]. OpenAI's 'Trusted Access for Cyber' program gives vetted defenders access to GPT-5.5 and the specialized GPT-5.5-Cyber model [31][32], and the US DoD CSIAC published a formal technical response report on counter-AI offensive tools [33]. Anthropic's full restriction, OpenAI's gated external access, and Microsoft's government testing mandate persist as three competing deployment philosophies without convergence into a common standard.

Timeline

  • pre-2010: fast16.sys virus deployed, selectively corrupting floating-point results in nuclear physics software — establishing an early template for targeted scientific sabotage through invisible degradation rather than overt disruption. [72][73][74]
  • 2026-02/03: METR assesses frontier AI risks during February–March 2026, producing findings published in the Frontier Risk Report. [75]
  • 2026-03: Supply chain attacks against open-source package ecosystems surge; Zscaler ThreatLabz documents the March wave; DreamFactory catalogues five attacks in twelve days, framing March as the inflection point at which open-source package trust broke. [1][2]
  • 2026-04-16: Internet Governance Project publishes early substantive public analysis of Project Glasswing, weeks before Mini Shai-Hulud begins. [38]
  • 2026-04-19: IANS Research publishes that Project Glasswing 'Exposes the Next Challenge for Vulnerability Management'; Bruce Schneier publishes commentary on Anthropic's Mythos Preview and Glasswing. [37][39]
  • 2026-05-07: OpenAI publishes 'Scaling Trusted Access for Cyber with GPT-5.5 and GPT-5.5-Cyber,' formally granting vetted security defenders access to both models — four days before the Mini Shai-Hulud attack begins. [31][53][54][55][76][77][78]
  • 2026-05-11: TeamPCP's Mini Shai-Hulud begins: 42 TanStack GitHub repositories compromised via GitHub Actions publishing machinery, 84 malicious npm package versions published without credential theft; Google GTIG intercepts the first criminal AI-generated zero-day targeting a 2FA trust assumption; attribution names APT45 and UNC2814 with North Korean infrastructure. [4][12][13][14][52][79][50][51]
  • 2026-05-12: Microsoft publishes the Security Blog announcing MDASH, its multi-model agentic security system, which has already found 16 Windows vulnerabilities including 4 critical RCE flaws. [29][59][60][61][62]
  • 2026-05-13: OpenAI publishes its post-incident disclosure specifying two employee devices compromised, code-signing certificates for iOS/macOS/Windows apps exfiltrated, and a June 12 revocation deadline; UK AISI publishes primary-source data documenting autonomous AI cyber capability doubling at approximately every 4.5 months. [18][80][65][15]
  • 2026-05-15: Attack scale reaches 169+ npm and PyPI packages; OpenAI, Mistral AI, the European Commission, UiPath, Guardrails AI, and SAP all confirmed as victims via the same supply chain vector. [56][57][81][8][58][6]
  • 2026-05-18: TeamPCP threatens to leak Mistral AI's code publicly if no buyer is found; DarkWebInformer documents the ~5GB exfiltration claim across social channels. [22][82][83][84][85]
  • 2026-05-19: Total compromised packages reaches 314+ npm/PyPI; Cloudflare tests Mythos against 50+ repositories within Project Glasswing, documenting exploit chaining earlier frontier models missed; METR Frontier Risk Report begins circulating. [42][5][86][87][88][89][24][75][90][91][92]
  • 2026-05-20: US DoD CSIAC publishes 'Counter-AI Offensive Tools and Techniques'; Microsoft calls for government cyber testing of frontier AI models. [33][93][94][95][30]
  • 2026-05-22: TeamPCP lists Mistral AI source code for sale at $25,000; Mistral AI officially confirms the breach but declines to disclose what data was taken. [20][21][96][97][98][19][46][99][100][101][102]
  • 2026-05-23: Anthropic's Project Glasswing confirmed as Anthropic-owned initiative via anthropic.com/glasswing; Cloudflare Blog publishes primary-source account; NBC News reports Anthropic won't release Mythos publicly; Bloomberg, CNBC, SecurityWeek, and CyberScoop report Google's AI zero-day. [23][24][35][25][52][79][50][51][12][103][104][105][106]
  • 2026-05-24: Keyvanhardani publishes open-source Mythos replication on GitHub; mistralai Python client version 2.4.6 specifically documented as compromised; 'TrapDoor' supply chain attack documented by Socket.dev hitting 34+ packages across npm, PyPI, and Crates.io simultaneously, stealing wallets and SSH keys; StepSecurity documents five supply chain attacks in 48 hours as a converging wave. [26][34][107][108][71][109][9][10][110][3][47][31][53]
  • 2026-05-25+: GitHub publishes its 2026 GitHub Actions security roadmap; Axios npm package confirmed as an additional compromised target in the supply chain wave; social media reporting suggests an unnamed third threat actor has joined supply chain campaigns. [28][7][11]

Perspectives

Anthropic (Project Glasswing)

Project Glasswing is Anthropic's own defensive security initiative engaging external organizations to test Claude Mythos against real-world codebases; Mythos discovers exploit chains earlier frontier models missed; controlled access is a deliberate safety decision. Enterprise security vendors have begun publishing operational guidance in response: XM Cyber frames it as a readiness call, Picus Security articulates a 'paradox' between defensive disclosure and offensive proliferation, and LTIMindtree's analysis signals the disclosure has reached enterprise IT services planning.

Evolution: Consistent; growing enterprise vendor commentary (XM Cyber, Picus Security, LTIMindtree) signals the capability disclosure is moving from security research discourse into operational enterprise security planning.

TeamPCP and TrapDoor (threat actors)

TeamPCP operates Mini Shai-Hulud and has escalated from breach-and-claim through a $25,000 sale listing to an explicit public leak threat against Mistral AI; Axios npm is now confirmed as an additional compromised target. TrapDoor is a structurally separate group that simultaneously targeted 34+ packages across npm, PyPI, and Crates.io, stealing wallet credentials and SSH keys; no attribution or identity has been established for TrapDoor.

Evolution: Axios npm confirmed as new named victim via BrightTalk webcast; a possible third unnamed threat actor has joined supply chain campaigns per social media reporting, though no primary attribution exists.

Google Threat Intelligence Group (GTIG)

Confirmed the first criminal AI-assisted zero-day exploit targeting a 2FA trust assumption; attribution names APT45 and UNC2814 with North Korean infrastructure; GTIG intercepted the exploit before mass deployment, framing the incident as one instance of a systematic shift rather than an isolated event.

Evolution: Consistent; mainstream amplification via social media has broadened public reach significantly.

OpenAI

Published the most detailed primary-source incident disclosure of any confirmed breach victim — two employee devices compromised, code-signing certificates for iOS/macOS/Windows apps exfiltrated, June 12 revocation deadline, no customer data or production systems affected. Separately maintains a formal 'Trusted Access for Cyber' program giving vetted defenders access to GPT-5.5 and GPT-5.5-Cyber, predating the attack by four days.

Evolution: Consistent; GPT-5.5 system card published on OpenAI's Deployment Safety Hub provides additional primary-source documentation on the cyber model.

Microsoft

MDASH multi-agent vulnerability discovery system independently found 16 Windows vulnerabilities including 4 critical RCE flaws and tops leading industry benchmarks for defensive AI. Microsoft has separately and explicitly called for frontier AI models to be subject to government cyber testing — a third deployment model distinct from Anthropic's full restriction or OpenAI's gated access.

Evolution: Consistent.

UK AI Safety Institute (AISI)

Published primary-source data formalizing the doubling of autonomous AI cyber capability at approximately every 4.5 months; a secondary analysis cites the figure as 4.7 months, a discrepancy without confirmed explanation.

Evolution: The 4.5-month primary figure now has a conflicting 4.7-month secondary citation, raising a minor but unresolved accuracy question.

Picus Security / enterprise security vendors

Picus Security frames Project Glasswing as a 'paradox' — the defensive initiative may accelerate offensive proliferation faster than it builds defensive readiness, particularly given Keyvanhardani's open-source replication of the Mythos methodology at ~$1/run. XM Cyber frames the disclosure as a readiness call; LTIMindtree's PDF analysis signals the topic has reached enterprise IT services planning.

Evolution: Consistent; the Picus paradox framing is the most direct enterprise-vendor challenge to Anthropic's Glasswing rationale and gives the Keyvanhardani replication institutional articulation.

GitHub

Published a 2026 security roadmap for GitHub Actions, the specific attack platform exploited in Mini Shai-Hulud's CI/CD compromise — signaling a platform-level institutional response to the attack vector, though the roadmap's scope relative to the trust-assumption exploit has not been established.

Evolution: New voice this pass; GitHub's roadmap is the first platform-owner response to the specific attack mechanism used in the May 2026 wave.

Tensions

  • Picus Security's 'paradox' framing [27] argues that Anthropic's Glasswing capability disclosure may accelerate offensive proliferation faster than it builds defensive readiness — a tension made concrete by Keyvanhardani's open-source replication of the Mythos methodology at ~$1/run [26], which is now publicly available regardless of whether Anthropic releases the original model [25]. [27][26][25][35][24]
  • Anthropic's full restriction of Mythos, OpenAI's gated external access for vetted defenders [31], and Microsoft's explicit call for government cyber testing mandates [30] represent three fundamentally different theories of accountability for offensive-capable AI models, with no common standard in sight. [25][31][30][32]
  • Microsoft's MDASH success in finding 16 Windows vulnerabilities [29] supports the view that defensive AI can scale to meet offensive AI, while RupeeMindset's structural economics argument holds that defensive costs scale prohibitively relative to offensive ones and AI deepens rather than resolves that asymmetry [69]. [29][69][70]
  • TeamPCP publicly discloses more about the Mistral AI breach scope — claiming 5GB across 450 repositories and threatening to publish [22] — than Mistral itself has confirmed, creating an information asymmetry where the attacker's characterization of the incident is the primary public record [19]. [22][19][20][21][71]
  • DreamFactory's 'five attacks in twelve days' for March 2026 [2] and StepSecurity's 'five attacks in forty-eight hours' for May [3] together show attack tempo compressing over the same attack surface — but whether AI tooling drives the compression or independent actors are simply discovering the same proven CI/CD template is unresolved, determining whether the AISI doubling rate [15] is explanatory or coincidental. [2][3][15][1][11]
  • GitHub's 2026 Actions security roadmap [28] signals a platform-level response to the attack vector Mini Shai-Hulud exploited, but the roadmap's scope is unestablished relative to the specific trust-assumption used in the May attack [4] — raising the question of whether hardening the platform post-exploitation closes the actual vulnerability or addresses adjacent surface. [28][4][3]

Sources

  1. [1] Supply Chain Attacks Surge in March 2026 | ThreatLabz — reactive:ai-offensive-cyber
  2. [2] Five Supply Chain Attacks in Twelve Days: How March 2026 Broke Open-Source Trust and What Comes Next — reactive:ai-offensive-cyber
  3. [3] 5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not ... — reactive:ai-offensive-cyber
  4. [4] The npm supply chain attack that hit TanStack, Mistral AI, and UiPath on May 11 didn't involve stolen credentials.42 Tan... — reactive:ai-offensive-cyber (2026-05-14)
  5. [5] 314 npm packages compromised in the Shai-Hulud supply chain attack. — reactive:ai-offensive-cyber (2026-05-19)
  6. [6] 170 npm packages compromised in one coordinated supply chain attack — OpenAI, Mistral AI, even the European Commission g... — reactive:ai-security-nexus (2026-05-23)
  7. [7] 2026 Supply Chain Attacks: Axios NPM and TeamPCP Compromises — reactive:ai-offensive-cyber
  8. [8] @IntCyberDigest The list keeps growing: OpenAI, Mistral, UiPath, Guardrails AI, SAP. All hit through the same npm supply... — reactive:ai-offensive-cyber (2026-05-15)
  9. [9] TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages... — reactive:ai-offensive-cyber
  10. [10] TrapDoor supply chain attack hit 34+ packages across npm, PyPI, and https://t.co/rIAvxdhxV6, stealing wallets, SSH keys,... — reactive:ai-offensive-cyber (2026-05-24)
  11. [11] Another threat actor has joined the malicious supply chain ... — reactive:ai-offensive-cyber
  12. [12] Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access | Google Cloud Blog — reactive:ai-offensive-cyber
  13. [13] AI built the first zero-day exploit targeting 2FA. Google GTIG intercepted it before mass deployment. APT45, UNC2814, Ru... — reactive:ai-offensive-cyber (2026-05-16)
  14. [14] Google reports first known AI-assisted zero-day exploit in the wild — reactive:ai-offensive-cyber (2026-05-12)
  15. [15] Cyber Ceiling Broken: AISI's Actual Measurement Reveals Mythos' Capabilities Surging Towards ASI with 4.5 - Month Doubling Rate — reactive:ai-offensive-cyber
  16. [16] AISI: autonomous AI cyber capability now doubling every 4.7 months — reactive:ai-offensive-cyber
  17. [17] Beyond Moore's Law: The Hyper-Acceleration of Autonomous AI ... — reactive:ai-offensive-cyber
  18. [18] Our response to the TanStack npm supply chain attack — OpenAI Blog (2026-05-13)
  19. [19] Hackers threaten to leak Mistral files online — AI giant confirms breach, but not what data is involved | TechRadar — reactive:ai-offensive-cyber
  20. [20] TeamPCP hackers advertise Mistral AI code repos for sale — reactive:ai-offensive-cyber
  21. [21] TeamPCP Hackers Put Mistral AI Source Code Up for Sale at $25,000 — reactive:ai-offensive-cyber
  22. [22] [2026-05-18] TeamPCP threatens to leak Mistral AI's code if no one ... — reactive:ai-offensive-cyber
  23. [23] Project Glasswing: Securing critical software for the AI era - Anthropic — reactive:frontier-ai-cyber-capabilities
  24. [24] Project Glasswing: what Mythos showed us - The Cloudflare Blog — reactive:ai-offensive-cyber
  25. [25] Why Anthropic won't release its new Mythos AI model to the public — reactive:ai-offensive-cyber
  26. [26] GitHub - Keyvanhardani/mythos-research: Outside-in replication of Anthropic's Mythos Preview / Project Glasswing — open-source agentic vulnerability-discovery scaffold on Claude Opus 4.7. Eight-phase sink-guided pipeline, ~$1/run, OSS self-scan and coordinated disclosure. · GitHub — reactive:ai-offensive-cyber
  27. [27] What Is Project Glasswing? Anthropic's AI Misuse Research Initiative ... — reactive:claude-mythos-capability-regulation
  28. [28] What's coming to our GitHub Actions 2026 security roadmap - The GitHub Blog — reactive:ai-offensive-cyber
  29. [29] Defense at AI speed: Microsoft's new multi-model agentic security ... — reactive:ai-offensive-cyber
  30. [30] AI Frontier Models Should Be... | VitalLaw.com — reactive:ai-offensive-cyber
  31. [31] Scaling Trusted Access for Cyber with GPT-5.5 and GPT-5.5-Cyber — OpenAI Blog (2026-05-07)
  32. [32] GPT-5.5 System Card - Deployment Safety Hub - OpenAI — reactive:ai-offensive-cyber
  33. [33] Read CSIAC's technical response report, "Counter-AI Offensive Tools and Techniques." — reactive:ai-offensive-cyber (2026-05-20)
  34. [34] [SECURITY] Supply chain compromise in mistralai 2.4.6 ... - GitHub — reactive:ai-offensive-cyber
  35. [35] Assessing Claude Mythos Preview's cybersecurity capabilities — reactive:frontier-ai-cyber-capabilities
  36. [36] Anthropic Glasswing & Claude Mythos Explained for GovCon — reactive:ai-offensive-cyber
  37. [37] Anthropic's 'Project Glasswing' Exposes the Next Challenge for ... — reactive:ai-offensive-cyber
  38. [38] AI, Project Glasswing, and the Changing Institutional Economics of Bugs - Internet Governance Project — reactive:ai-offensive-cyber
  39. [39] On Anthropic's Mythos Preview and Project Glasswing — reactive:claude-mythos-capability-regulation
  40. [40] Project Glasswing, Mythos Findings, and Getting Ready for Your ... — reactive:openai-advanced-account-security
  41. [41] [PDF] Claude Mythos and Project Glasswing | LTM — reactive:ai-offensive-cyber
  42. [42] Mini Shai-Hulud: TeamPCP compromette 160+ pacchetti npm e PyPI in un supply chain attack che ha colpito TanStack, Mistra... — reactive:ai-security-nexus (2026-05-19)
  43. [43] Mistral AI and TanStack npm packages were compromised in a supply chain attack named 'Mini Shai-Hulud.' GitHub creds, CI... — reactive:ai-offensive-cyber (2026-05-17)
  44. [44] TeamPCP claims it breached @MistralAI and stole 5GB of data across 450 repositories, while Mistral confirms impact from ... — reactive:ai-offensive-cyber (2026-05-14)
  45. [45] Hackers threaten to leak Mistral files online — AI giant confirms breach, but not what data is involved — reactive:ai-offensive-cyber
  46. [46] Alleged Mistral AI Breach Exposes Internal Repositories and Source ... — reactive:ai-offensive-cyber
  47. [47] TeamPCP: CI/CD Security Tool Supply Chain Compromise — reactive:ai-offensive-cyber
  48. [48] CISO Daily Briefing: Google's TIG confirmed the first criminal AI-generated zero-day exploit — AI-native threat actors a... — reactive:ai-offensive-cyber (2026-05-16)
  49. [49] A criminal group has used AI to discover and weaponize a 0-day vulnerability, marking a major escalation in offensive cy... — reactive:ai-offensive-cyber (2026-05-21)
  50. [50] Google Detects First AI-Generated Zero-Day Exploit - SecurityWeek — reactive:ai-offensive-cyber
  51. [51] Google spotted an AI-developed zero-day before attackers could use it | CyberScoop — reactive:ai-offensive-cyber
  52. [52] Google Researchers Detect First AI-Built Zero-Day Exploit in Cyberattack - Bloomberg — reactive:ai-offensive-cyber
  53. [53] OpenAI prepares GPT-5.5-Cyber for trusted security researchers - Techzine Global — reactive:frontier-ai-cyber-capabilities
  54. [54] OpenAI opens GPT-5.5-Cyber to vetted security researchers — reactive:ai-offensive-cyber
  55. [55] OpenAI Launches GPT-5.4-Cyber To Expand The Trusted Access ... — reactive:ai-offensive-cyber
  56. [56] 🚨 OpenAI Confirms Security Breach Via TanStack npm Supply Chain Attack — reactive:ai-security-nexus (2026-05-16)
  57. [57] OpenAI confirms breach in TanStack supply chain cyberattack. — reactive:ai-security-nexus (2026-05-15)
  58. [58] OpenAI recommends updating desktop agents, after the supply chain attack compromising nearly 170 npm packages; by TeamPC... — reactive:ai-offensive-cyber (2026-05-15)
  59. [59] Microsoft's MDASH AI Security System Finds 16 Windows Vulnerabilities — reactive:ai-offensive-cyber
  60. [60] Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday — reactive:ai-offensive-cyber
  61. [61] Microsoft unveils MDASH, its AI agent-driven security platform — and it's already spotted a host of new Windows flaws | TechRadar — reactive:ai-offensive-cyber
  62. [62] Microsoft: AI-Powered Security System MDASH Tops Industry Benchmark — reactive:ai-offensive-cyber
  63. [63] Microsoft Introduces MDASH For Vulnerability Discovery | Let's Data Science — reactive:ai-offensive-cyber
  64. [64] Recent evaluations from the UK AI Security Institute (AISI) highlight the accelerating pace of autonomous AI cyber capab... — reactive:ai-offensive-cyber (2026-05-14)
  65. [65] How fast is autonomous AI cyber capability advancing? — reactive:ai-offensive-cyber (2026-05-13)
  66. [66] AI cyber capability is speeding past earlier projections - Help Net Security — reactive:ai-offensive-cyber
  67. [67] "How fast is autonomous AI cyber capability advancing?", AISI Work ... — reactive:ai-offensive-cyber
  68. [68] (PDF) An Outside-In Replication of Project Glasswing Mythos ... — reactive:ai-offensive-cyber
  69. [69] @TheEconomist The real vulnerability isn't just "trusted firms" leaking tools—it's the asymmetric economics. Defensive c... — reactive:ai-offensive-cyber (2026-05-15)
  70. [70] 😿 AI hackers found a new lane — The Neuron (2026-05-17)
  71. [71] The alleged breach comes just days after Mistral disclosed that ... — reactive:ai-offensive-cyber
  72. [72] Import AI 457: AI stuxnet; cursed Muon optimizer; and positive alignment — Import AI (2026-05-18)
  73. [73] Decades-old pre-Stuxnet cyber sabotage tool breaks cover, NSA listed it as 'nothing to see here' — fast16 targeted nuclear reactors, dam design, and other high-precision civil engineering software years before Stuxnet broke cover | Tom's Hardware — reactive:ai-offensive-cyber
  74. [74] Ethical Hacking — reactive:ai-offensive-cyber
  75. [75] Frontier Risk Report (February to March 2026) - METR — reactive:ai-offensive-cyber
  76. [76] Access to GPT-5.4-Cyber is granted exclusively to vetted ... - Instagram — reactive:ai-offensive-cyber
  77. [77] GPT-5.5-Cyber AI for Cybersecurity Red Team Use - LinkedIn — reactive:ai-offensive-cyber
  78. [78] OpenAI GPT-5.5-Cyber Ignites Security Race — reactive:ai-offensive-cyber
  79. [79] Google thwarts effort hacker group use AI 'mass exploitation event' — reactive:ai-offensive-cyber
  80. [80] Mass Supply Chain Attack Hits TanStack, Mistral AI NPM and PyPI Packages — reactive:ai-offensive-cyber (2026-05-13)
  81. [81] A supply chain worm just hit over 169 npm packages and multiple PyPI packages. The affected ecosystems include TanStack,... — reactive:ai-offensive-cyber (2026-05-15)
  82. [82] ‼️ Mistral AI allegedly breached: ~5GB of internal source code ... — reactive:ai-offensive-cyber
  83. [83] U.S., China announce deals after Trump-Xi summit - CNBC — reactive:ai-offensive-cyber
  84. [84] Trump-Xi 2026 Summit - CSIS — reactive:ai-offensive-cyber
  85. [85] Summit stabilizes U.S.-China relations at critical moment for two great powers — reactive:ai-offensive-cyber
  86. [86] The supply chain attack surface for AI skills/MCPs is the same problem npm had in 2018, just moving faster. Unverified c... — reactive:ai-offensive-cyber (2026-05-19)
  87. [87] Cloudflare says Anthropic's Mythos Preview finds exploit chains that earlier frontier models missed — reactive:ai-offensive-cyber
  88. [88] Cloudflare Tests AI's Ability to Find and Exploit Vulnerabilities — reactive:ai-offensive-cyber
  89. [89] Cloudflare tests Mythos against 50+ repositories, highlights its ability ... — reactive:ai-offensive-cyber
  90. [90] Frontier Risk Report (February to March 2026) - METR — reactive:ai-offensive-cyber
  91. [91] Sung Kim (@sung.kim.mw) on Threads — reactive:ai-offensive-cyber
  92. [92] Frontier Risk Report (February to March 2026) | Stephen Pimentel — reactive:ai-offensive-cyber
  93. [93] Should regulators mandate reciprocal access to offensive models or fund sovereign capabilities like UK's AISI? — reactive:ai-offensive-cyber (2026-05-20)
  94. [94] Counter-AI Offensive Tools and Techniques - CSIAC - dtic.mil — reactive:ai-offensive-cyber
  95. [95] [PDF] Counter-AI Offensive Tools and Techniques - CSIAC — reactive:ai-offensive-cyber
  96. [96] TeamPCP Claims Sale of Mistral AI Repositories Amid Mini Shai-Hulud Attack — reactive:ai-offensive-cyber
  97. [97] TeamPCP Monetizes Shai-Hulud Fallout: Mistral AI Source Code — reactive:ai-offensive-cyber
  98. [98] Mistral AI breached in TanStack-linked attack? 450 repos exposed — reactive:ai-offensive-cyber
  99. [99] TeamPCP is advertising alleged access to Mistral AI repositories ... — reactive:ai-offensive-cyber
  100. [100] Hackers Steal 450 Repos from Mistral AI for $25,000 - LinkedIn — reactive:ai-offensive-cyber
  101. [101] TeamPCP hackers advertise Mistral AI code repos for sale - Reddit — reactive:ai-offensive-cyber
  102. [102] Mistral AI SDK, TanStack Router hit in npm software supply chain attack | CSO Online — reactive:ai-offensive-cyber
  103. [103] First 2026 AI zero-day REVEALED — reactive:ai-offensive-cyber (2026-05-23)
  104. [104] Claude Mythos #2: Cybersecurity and Project Glasswing — reactive:ai-offensive-cyber
  105. [105] Cloudflare Tests Mythos AI on 50 Repositories, Finds Vulnerabilities — reactive:ai-offensive-cyber
  106. [106] AI Finding Zero-Day Vulnerabilities and Chaining Exploits - YouTube — reactive:ai-offensive-cyber
  107. [107] Security Update: Mistral AI PyPI Supply Chain Attack - LiteLLM — reactive:ai-offensive-cyber
  108. [108] Security advisories | Mistral Docs — reactive:ai-offensive-cyber
  109. [109] Mistral AI Breach: A $25,000 Ransom That Exposes Billion-Dollar ... — reactive:ai-offensive-cyber
  110. [110] A coordinated supply chain attack called "TrapDoor" just hit npm, PyPI, and Crates. io simultaneously, 34 malicious pack... — reactive:ai-offensive-cyber (2026-05-24)