The Information Machine

AI-Enabled Offensive Cyberattacks Escalate · history

Version 5

2026-05-24 03:22 UTC · 203 items

What

Three converging developments define the current state of AI-enabled offensive cybersecurity. First, TeamPCP's 'Mini Shai-Hulud' supply chain attack compromised 314+ npm/PyPI packages affecting OpenAI, Mistral AI, the European Commission, and others [3][5]; OpenAI's official post-incident disclosure now specifies two employee devices were compromised and code-signing certificates for its iOS, macOS, and Windows apps were exfiltrated, triggering a June 12, 2026 revocation deadline after which unpatched apps stop functioning [6]. Second, Google confirmed the first AI-generated zero-day exploit in the wild, targeting a 2FA trust assumption and intercepted before mass deployment, with Google Cloud Blog publishing a primary-source account [13][15]. Third, Anthropic's Project Glasswing—confirmed as Anthropic-owned, with Cloudflare Blog and Anthropic's own red team now as primary sources—revealed Claude Mythos can autonomously chain exploits in ways earlier frontier models missed, a finding mainstream media has characterized as too dangerous for public release [20][21][23]. TeamPCP has separately escalated to an explicit public leak threat against Mistral AI if no buyer is found for its claimed 5GB exfiltration [11][12].

Why it matters

The June 12 certificate revocation deadline for OpenAI's consumer apps is the first direct, user-facing consequence of this threat cluster—moving the incident from developer-machine compromise to a hard deadline affecting end-users regardless of any fault on their part [6]. The convergence of a confirmed AI-generated zero-day targeting trust-assumption logic [13], an autonomous exploit-chaining model withheld from public release [23], and AISI data showing autonomous AI cyber capability doubling roughly every 4.5 months [26] indicates AI-native offensive techniques have crossed from theoretical concern to operational reality faster than institutional defenses have adapted.

Open questions

  • Will TeamPCP follow through on the public leak threat against Mistral AI if no buyer is found, and on what timeline? [11][12]

  • OpenAI confirmed code-signing certificates for iOS, macOS, and Windows apps were exfiltrated [6] — has any evidence emerged of tampered published software, or was the breach limited to certificate key material before revocation?

  • Reports suggest OpenAI is offering GPT-5.5-Cyber access to vetted security researchers [28] — is this a formal program announcement, what access controls govern it, and does it signal AI labs are deliberately arming defenders with specialized models?

  • The Trump-Xi summit reportedly touched briefly on AI safety and cybersecurity but left the most consequential issues unresolved [27] — what specific policy commitments, if any, emerged, and does the bilateral framework address AI-enabled offensive capabilities?

Narrative

A coordinated supply chain attack named 'Mini Shai-Hulud' by its operators—threat group TeamPCP—began on May 11, 2026, targeting 42 TanStack GitHub repositories and publishing 84 malicious npm package versions by exploiting GitHub Actions publishing machinery rather than stealing developer credentials [1]. The attack scaled rapidly: more than 169 npm packages and multiple PyPI packages were confirmed compromised by May 15 [2], reaching over 314 packages by May 19 [3]. The downstream blast radius spanned AI industry tooling and government infrastructure: OpenAI, Mistral AI, the European Commission, UiPath, Guardrails AI, and SAP were all confirmed affected through the same npm vector [4][5]. OpenAI's official post-incident disclosure—the most detailed primary-source account from any affected organization—specifies that two employee devices were compromised on May 11, that only limited credentials were exfiltrated from internal source code repositories, and that the compromised repositories included code-signing certificates for OpenAI's iOS, macOS, and Windows applications [6]. The company initiated a full certificate rotation and set a June 12, 2026 revocation deadline, after which macOS users who have not updated their OpenAI apps will find them non-functional [6]. OpenAI noted that the two affected devices had not yet received updated security configurations that would have blocked the malicious package, characterizing the incident as reflecting a 'broader shift in the threat landscape' toward supply chain targeting of shared developer tooling rather than any single organization [6]. TeamPCP has separately escalated its campaign against Mistral AI through three phases: an initial claim of 5GB exfiltration across 450 repositories [7][8], a sale listing of Mistral source code at $25,000 across multiple channels [9][10], and now an explicit public leak threat—the group has stated it will publish the data if no buyer is found [11][12]. Mistral AI has confirmed the breach but declined to disclose what data was taken [11], leaving scope unspecified while TeamPCP's disclosures become progressively more public.

Running parallel to the supply chain campaign, the exploitation of AI for offensive cyber operations has taken formalized shape. Google's Threat Intelligence Group, in a primary-source post on the Google Cloud Blog, confirmed the first instance of a criminal actor using AI to discover and weaponize a zero-day vulnerability targeting two-factor authentication via a hardcoded trust assumption [13]. Attribution reporting names APT45 and UNC2814, with North Korean infrastructure cited [14][15]. GTIG intercepted the exploit before mass deployment, but the incident establishes a qualitative precedent: AI is now being applied to discover novel vulnerability classes, not just automate exploitation of known ones [16]. The story achieved broad social media reach on May 23, with security educators and researchers amplifying the disclosure widely [17]. Google's cloud blog also documents the broader pattern of adversaries using AI for vulnerability exploitation, augmented operations, and initial access—framing the zero-day as one instance of a systematic shift rather than an isolated incident [13]. Academic research published on arxiv as 'ExploitGym' separately examined whether AI agents can turn known security vulnerabilities into real attacks, providing an independent benchmark for evaluating AI-assisted exploit development capability [18].

Anthropics's Project Glasswing—confirmed via an official page at anthropic.com/glasswing [19] and documented in a red team capability assessment published at red.anthropic.com [20]—is the model developer's defensive security initiative in which external organizations test Claude Mythos against real-world codebases. Cloudflare participated as a testing partner, with the Cloudflare Blog publishing a primary-source account of what Mythos revealed when run against 50+ repositories, documenting the model's ability to chain exploits in ways earlier frontier models missed [21]. Anthropic's own red team assessment confirms this finding [20], and the Cloud Security Alliance has characterized Mythos as crossing an 'autonomous offensive threshold' [22]. NBC News framed the restricted access as a deliberate safety decision—'Why Anthropic won't release its new Mythos AI model to the public'—translating the story from technical security reporting into consumer-facing AI risk narrative [23]. Zvi Mowshowitz dedicated a Substack post to the Glasswing/Mythos findings [24], signaling active engagement from the AI policy and safety commentary community. Meanwhile, Microsoft's MDASH multi-agent vulnerability discovery system—now documented in a primary-source post on the Microsoft Security Blog—independently found 16 Windows vulnerabilities including 4 critical RCE flaws, establishing defensive AI as a viable force multiplier [25]. The UK AI Safety Institute's data on autonomous AI cyber capability doubling has been reported with a specific figure: approximately every 4.5 months [26]. At the geopolitical level, the Trump-Xi summit in Beijing reportedly touched briefly on AI safety standards and cybersecurity but left the most consequential issues unresolved [27], and reports on May 24 suggest OpenAI is offering GPT-5.5-Cyber access to vetted security researchers [28]—though the sourcing for this claim is a single social media post and has not been independently confirmed.

Timeline

  • pre-2010: fast16.sys virus deployed, selectively corrupting floating-point results in nuclear physics and precision engineering software—establishing an early template for targeted scientific sabotage through invisible degradation rather than overt disruption [79][80][81]
  • 2026-05-11: TeamPCP's Mini Shai-Hulud supply chain attack begins: 42 TanStack GitHub repositories compromised via GitHub Actions publishing machinery, 84 malicious npm package versions published without credential theft; Google GTIG detects the first known AI-generated zero-day exploit targeting a 2FA trust assumption and intercepts it before mass deployment [1][13][15][38][82][36][37]
  • 2026-05-12: Microsoft publishes the primary-source Security Blog post announcing MDASH, its multi-model agentic security system, which has already found 16 Windows vulnerabilities including 4 critical RCE flaws and tops leading industry benchmarks [25][56][57][61]
  • 2026-05-13: OpenAI publishes its official post-incident disclosure specifying two employee devices compromised, code-signing certificates for iOS/macOS/Windows apps exfiltrated, June 12 revocation deadline set, and no customer data or production systems affected; SafeDep publishes technical report on the supply chain attack; UK AISI publishes primary-source blog documenting doubling of autonomous model cyber time horizon [6][83][65]
  • 2026-05-14: Attack scope confirmed across Mistral AI, OpenAI, UiPath, and OpenSearch npm packages; TeamPCP claims 5GB Mistral breach across 450 repositories; node-ipc (3M+ downloads) separately compromised [84][85][7][86]
  • 2026-05-15: Attack scale reaches 169+ npm and PyPI packages; OpenAI, Mistral AI, the European Commission, UiPath, Guardrails AI, and SAP all named as affected via the same supply chain vector [29][30][2][4][33][5]
  • 2026-05-16: Cloud Security Alliance CISO briefing cites the AI-generated zero-day; Decryption Digest names APT45 and UNC2814 in attribution reporting with North Korean infrastructure cited [14][34]
  • 2026-05-17: Attack formally named 'Mini Shai-Hulud'; Mistral AI and TanStack npm/PyPI packages confirmed as central targets [40]
  • 2026-05-18: TeamPCP threatens to leak Mistral AI's code publicly if no buyer is found; DarkWebInformer documents the ~5GB exfiltration claim across social channels [12][44]
  • 2026-05-19: Total compromised packages reaches 314+ npm/PyPI; Cloudflare tests Mythos against 50+ repositories within Project Glasswing, documenting its ability to chain exploits; MCP/AI skills ecosystem flagged as analogous supply chain attack surface [39][3][76][50][52][55][21]
  • 2026-05-20: US DoD CSIAC publishes formal technical response report 'Counter-AI Offensive Tools and Techniques'; regulatory debate emerges on whether governments should mandate access to offensive models or fund sovereign AISI-style capabilities [70][78][73][74]
  • 2026-05-21: Security community characterizes the AI-assisted zero-day as a major escalation milestone marking the emergence of AI-native threat actors [16][87][88]
  • 2026-05-22: TeamPCP lists Mistral AI source code for sale at $25,000 across multiple channels; Mistral AI officially confirms the breach but declines to disclose what data was taken; Cybernews confirms 450 repositories exposed; Trump-Xi summit in Beijing touches briefly on AI safety and cybersecurity but leaves most consequential issues unresolved [9][10][41][42][8][45][27]
  • 2026-05-23: Anthropic's Project Glasswing confirmed as Anthropic-owned initiative; Cloudflare Blog publishes primary-source account 'Project Glasswing: what Mythos showed us'; Anthropic red team assessment published at red.anthropic.com; NBC News reports Anthropic won't release Mythos publicly; Bloomberg, CNBC, SecurityWeek, and CyberScoop report Google's AI zero-day; the AI zero-day story goes viral on social media with widespread retweet amplification; Zvi Mowshowitz covers Glasswing on Substack [19][21][20][23][38][82][36][37][13][17][24]
  • 2026-05-24: Reports emerge (unverified, single social media source) that OpenAI is offering GPT-5.5-Cyber access to vetted security researchers [28]

Perspectives

OpenAI

Published the most detailed primary-source incident disclosure of any confirmed breach victim: two employee devices compromised, code-signing certificates for iOS/macOS/Windows apps exfiltrated requiring full rotation, June 12 revocation deadline, no customer data or production systems affected. Frames the incident as reflecting a 'broader shift' toward supply chain targeting rather than attacks on individual companies. Separately reported (unverified) to be opening GPT-5.5-Cyber to vetted security researchers.

Evolution: Significantly more detailed this pass: OpenAI's official blog post (7254) adds specific blast radius figures (two devices), the code-signing cert impact and revocation deadline, and the policy gap explanation (affected devices not yet configured). Remains the most transparent breach victim by a wide margin.

Google Threat Intelligence Group (GTIG)

Confirmed the first criminal AI-assisted zero-day exploit targeting a 2FA trust assumption; attribution reporting names APT45 and UNC2814 with North Korean infrastructure; GTIG intercepted the exploit before mass deployment. Google Cloud Blog published a primary-source account documenting adversaries using AI for vulnerability exploitation, augmented operations, and initial access—framing the zero-day as one instance of a systematic shift.

Evolution: Google Cloud Blog primary-source post (15153) is now in evidence, elevating prior secondary-attribution reports to direct documentation from Google itself and broadening the framing from a single zero-day to a systematic adversary behavior pattern.

TeamPCP (threat group)

Operators of the Mini Shai-Hulud supply chain attack; have escalated from breach-and-claim through active sale listing ($25,000) to an explicit leak threat—stating they will publish Mistral AI data publicly if no buyer is found.

Evolution: Consistent with prior synthesis; the escalation arc is documented but no new phases have materialized since the leak threat was announced.

Mistral AI

Officially confirmed the breach but has not disclosed what data is involved; remains silent on whether TeamPCP's 5GB/450-repository claim accurately characterizes the scope.

Evolution: No new disclosures; the gap between TeamPCP's increasingly public escalation and Mistral's silence continues to widen.

Anthropic (Project Glasswing)

Project Glasswing is Anthropic's own defensive security initiative, confirmed via an official page at anthropic.com/glasswing and documented in a red team capability assessment at red.anthropic.com; the project engages external organizations to test Claude Mythos against real-world codebases. Anthropic's own red team confirms Mythos discovers exploit chains earlier frontier models missed. Controlled access is a deliberate safety decision—Anthropic has not released Mythos publicly.

Evolution: Anthropic's own red team report (3577) is now in evidence as a primary source alongside the official Glasswing page; the controlled-release decision is now framed explicitly as a safety judgment via NBC News coverage (13276).

Cloudflare (Glasswing testing partner)

Participated in Project Glasswing as a testing partner; the Cloudflare Blog has published a primary-source account of what Mythos revealed when run against 50+ repositories, documenting the model's ability to chain exploits in ways earlier frontier models missed. Advocates for narrow-scope AI agent design to limit blast radius from autonomous exploitation.

Evolution: Cloudflare Blog post (13279) is now confirmed as a primary-source institutional account, adding direct weight to the exploit-chaining capability claim beyond prior secondary reporting.

Microsoft (MDASH team)

Multi-agent vulnerability discovery system independently found 16 Windows vulnerabilities including 4 critical RCE flaws; Microsoft's Security Blog is now a primary source for the MDASH announcement and benchmark results. MDASH is presented as topping leading industry benchmarks for defensive AI vulnerability discovery.

Evolution: Microsoft's own Security Blog (15254) is now in evidence as a primary source, confirming the benchmark framing and specific vulnerability counts previously cited secondhand.

Cloud Security Alliance (CSA)

Characterized Claude Mythos as crossing an 'autonomous offensive threshold' in a research note; separately cited the AI-generated zero-day in a CISO briefing, positioning the incident as a formal inflection point for institutional security posture.

Evolution: CSA's 'autonomous offensive threshold' framing (3745) is new this pass and provides a named conceptual marker for the capability step Mythos represents.

UK AI Safety Institute (AISI)

Published primary-source blog formalizing data on the doubling of autonomous AI cyber time horizon; coverage now reports the specific figure of approximately 4.5 months per doubling, elevating the measurement from a rough estimate to an attributed government figure.

Evolution: The 4.5-month doubling rate (15179) is a more specific quantification than the 'months' figure cited in the prior synthesis, and AISI's dedicated cyber category page (15181) is now in evidence.

US DoD / CSIAC

Published formal technical response report 'Counter-AI Offensive Tools and Techniques,' signaling that AI-native offensive capabilities now warrant organized institutional response at the national defense level.

Evolution: Consistent from prior synthesis.

Zvi Mowshowitz (AI commentary, Substack)

Dedicated a Substack post to Claude Mythos and Project Glasswing cybersecurity findings, signaling active engagement from the AI safety and policy commentary community with the offensive-capability disclosure.

Evolution: New voice this pass; Zvi's coverage (13275) marks the first engagement with the Glasswing story from the AI safety commentary community, extending the story beyond technical security circles.

NBC News / mainstream media

Frames the Mythos restricted access as driven by the model's dangerous capabilities ('Why Anthropic won't release its new Mythos AI model to the public'), translating the Glasswing story from technical security reporting into consumer-facing AI safety narrative.

Evolution: New framing this pass; mainstream media engagement (13276) marks the Glasswing/Mythos story's arrival in consumer press framed around capability risk rather than security industry trade coverage.

AgentGraph

Argues that the MCP/AI skills ecosystem recreates the npm supply chain vulnerability problem at a faster pace, with unverified community packages receiving implicit trust from AI agents.

Evolution: Consistent from prior synthesis.

RupeeMindset

Argues the structural asymmetry favoring offense is economic, not merely technical: defensive costs scale poorly while offensive AI costs favor attackers, and AI deepens rather than resolves this gap.

Evolution: Consistent from prior synthesis.

Samuel Ajiboyede

Raises the regulatory question of whether governments should mandate reciprocal access to offensive AI models or fund sovereign capabilities like AISI, framing this as a policy design choice rather than a settled answer.

Evolution: Consistent from prior synthesis.

Grant Harvey (The Neuron)

Frames AI cybersecurity as a genuine two-sided escalation where autonomous capabilities power both offense and defense; emphasizes AI's advantage in tracing user flows to identify trust-assumption flaws; cautiously optimistic that defensive multi-agent verification can scale.

Evolution: Consistent from prior synthesis.

Jack Clark (Import AI)

Uses fast16.sys as a cautionary historical metaphor to argue the most dangerous AI-enabled cyberweapons will be subtle and degradation-focused; frames proliferation as analogous to how a superintelligence might prevent competitors from developing comparable capabilities.

Evolution: Consistent from prior synthesis; additional historical documentation of fast16 (15248, 15249) has emerged corroborating the metaphor's factual basis.

Tensions

  • Microsoft's MDASH results and Grant Harvey's framing suggest defensive AI can scale to meet offensive AI [62][25]; RupeeMindset counters that defensive cost structures are prohibitively higher than offensive ones, and AI deepens rather than resolves that asymmetry [77]—a structural economics argument that MDASH's capability demonstration does not address. [62][25][77]
  • Anthropic's Project Glasswing finding—now documented in primary-source reports from both Anthropic's red team and the Cloudflare Blog—that Mythos finds exploit chains earlier frontier models missed [20][21] sharpens the tension with Microsoft MDASH's defensive benchmark: MDASH was optimized for finding individual vulnerabilities [25], not countering chained exploit sequences, leaving open whether the defensive AI architecture tested by Microsoft is keeping pace with the specific chaining capability being demonstrated on offense. [20][21][25][65]
  • Mistral AI confirms the breach but declines to say what data was taken [11], while TeamPCP publicly threatens to leak the data if no buyer is found [12]—an information asymmetry where the attacker discloses more about breach scope than the victim, now amplified by the leak threat's deadline pressure that forces Mistral toward public acknowledgment or silent acceptance of public exposure. [11][12][45][9][10]
  • OpenAI's disclosure that no customer data or production systems were compromised [6] sits in tension with the practical impact of code-signing certificate revocation: macOS users who do not update by June 12 will find OpenAI apps non-functional [6]—a direct consumer disruption that complicates the 'limited blast radius' framing even absent data exfiltration. [6]
  • Samuel Ajiboyede frames the policy choice as mandating reciprocal access to offensive AI models versus funding sovereign capabilities like AISI [78]; these approaches imply fundamentally different theories of defense—deterrence through capability parity versus specialized state institutions—and no voice in the thread has yet argued for both simultaneously. [78][65]
  • The dual-use optimism in Harvey's framing [62] and Clark's degradation-focused alarm [79] now face a concrete test: Mini Shai-Hulud's CI/CD compromise method and the AI-assisted 2FA zero-day both exploit trust-assumption logic rather than memory errors [13][1], suggesting Clark's 'invisible degradation' template may already be operational at the infrastructure layer rather than purely at the scientific-data layer. [62][79][13][14][1]

Sources

  1. [1] The npm supply chain attack that hit TanStack, Mistral AI, and UiPath on May 11 didn't involve stolen credentials.42 Tan... — reactive:ai-offensive-cyber (2026-05-14)
  2. [2] A supply chain worm just hit over 169 npm packages and multiple PyPI packages. The affected ecosystems include TanStack,... — reactive:ai-offensive-cyber (2026-05-15)
  3. [3] 314 npm packages compromised in the Shai-Hulud supply chain attack. — reactive:ai-offensive-cyber (2026-05-19)
  4. [4] @IntCyberDigest The list keeps growing: OpenAI, Mistral, UiPath, Guardrails AI, SAP. All hit through the same npm supply... — reactive:ai-offensive-cyber (2026-05-15)
  5. [5] 170 npm packages compromised in one coordinated supply chain attack — OpenAI, Mistral AI, even the European Commission g... — reactive:ai-security-nexus (2026-05-23)
  6. [6] Our response to the TanStack npm supply chain attack — OpenAI Blog (2026-05-13)
  7. [7] TeamPCP claims it breached @MistralAI and stole 5GB of data across 450 repositories, while Mistral confirms impact from ... — reactive:ai-offensive-cyber (2026-05-14)
  8. [8] Mistral AI breached in TanStack-linked attack? 450 repos exposed — reactive:ai-offensive-cyber
  9. [9] TeamPCP hackers advertise Mistral AI code repos for sale — reactive:ai-offensive-cyber
  10. [10] TeamPCP Hackers Put Mistral AI Source Code Up for Sale at $25,000 — reactive:ai-offensive-cyber
  11. [11] Hackers threaten to leak Mistral files online — AI giant confirms breach, but not what data is involved — reactive:ai-offensive-cyber
  12. [12] [2026-05-18] TeamPCP threatens to leak Mistral AI's code if no one ... — reactive:ai-offensive-cyber
  13. [13] Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access | Google Cloud Blog — reactive:ai-offensive-cyber
  14. [14] AI built the first zero-day exploit targeting 2FA. Google GTIG intercepted it before mass deployment. APT45, UNC2814, Ru... — reactive:ai-offensive-cyber (2026-05-16)
  15. [15] Google reports first known AI-assisted zero-day exploit in the wild — reactive:ai-offensive-cyber (2026-05-12)
  16. [16] A criminal group has used AI to discover and weaponize a 0-day vulnerability, marking a major escalation in offensive cy... — reactive:ai-offensive-cyber (2026-05-21)
  17. [17] First 2026 AI zero-day REVEALED — reactive:ai-offensive-cyber (2026-05-23)
  18. [18] ExploitGym: Can AI Agents Turn Security Vulnerabilities into Real Attacks? — reactive:ai-offensive-cyber
  19. [19] Project Glasswing: Securing critical software for the AI era - Anthropic — reactive:frontier-ai-cyber-capabilities
  20. [20] Assessing Claude Mythos Preview's cybersecurity capabilities — reactive:frontier-ai-cyber-capabilities
  21. [21] Project Glasswing: what Mythos showed us - The Cloudflare Blog — reactive:ai-offensive-cyber
  22. [22] Claude Mythos and the AI Autonomous Offensive Threshold — reactive:frontier-ai-cyber-capabilities
  23. [23] Why Anthropic won't release its new Mythos AI model to the public — reactive:ai-offensive-cyber
  24. [24] Claude Mythos #2: Cybersecurity and Project Glasswing — reactive:ai-offensive-cyber
  25. [25] Defense at AI speed: Microsoft's new multi-model agentic security ... — reactive:ai-offensive-cyber
  26. [26] Cyber Ceiling Broken: AISI's Actual Measurement Reveals Mythos' Capabilities Surging Towards ASI with 4.5 - Month Doubling Rate — reactive:ai-offensive-cyber
  27. [27] The Trump-Xi summit in Beijing touched briefly on AI safety standards and cybersecurity, but left the most consequential... — reactive:ai-offensive-cyber (2026-05-22)
  28. [28] 🧠 OpenAI opens GPT-5.5-Cyber to vetted security researchers — reactive:ai-offensive-cyber (2026-05-24)
  29. [29] 🚨 OpenAI Confirms Security Breach Via TanStack npm Supply Chain Attack — reactive:ai-security-nexus (2026-05-16)
  30. [30] OpenAI confirms breach in TanStack supply chain cyberattack. — reactive:ai-security-nexus (2026-05-15)
  31. [31] OpenAI Confirms Security Breach Via TanStack npm Supply Chain Attack https://t.co/AMdx5vvk0a — reactive:ai-security-nexus (2026-05-15)
  32. [32] 🚨 OpenAI just confirmed a real supply-chain attack. — reactive:ai-offensive-cyber (2026-05-15)
  33. [33] OpenAI recommends updating desktop agents, after the supply chain attack compromising nearly 170 npm packages; by TeamPC... — reactive:ai-offensive-cyber (2026-05-15)
  34. [34] CISO Daily Briefing: Google's TIG confirmed the first criminal AI-generated zero-day exploit — AI-native threat actors a... — reactive:ai-offensive-cyber (2026-05-16)
  35. [35] AI ZERO-DAY IN THE WILD COURTESY OF GOOGLE THREAT INTEL — reactive:ai-offensive-cyber (2026-05-14)
  36. [36] Google Detects First AI-Generated Zero-Day Exploit - SecurityWeek — reactive:ai-offensive-cyber
  37. [37] Google spotted an AI-developed zero-day before attackers could use it | CyberScoop — reactive:ai-offensive-cyber
  38. [38] Google Researchers Detect First AI-Built Zero-Day Exploit in Cyberattack - Bloomberg — reactive:ai-offensive-cyber
  39. [39] Mini Shai-Hulud: TeamPCP compromette 160+ pacchetti npm e PyPI in un supply chain attack che ha colpito TanStack, Mistra... — reactive:ai-security-nexus (2026-05-19)
  40. [40] Mistral AI and TanStack npm packages were compromised in a supply chain attack named 'Mini Shai-Hulud.' GitHub creds, CI... — reactive:ai-offensive-cyber (2026-05-17)
  41. [41] TeamPCP Claims Sale of Mistral AI Repositories Amid Mini Shai-Hulud Attack — reactive:ai-offensive-cyber
  42. [42] TeamPCP Monetizes Shai-Hulud Fallout: Mistral AI Source Code — reactive:ai-offensive-cyber
  43. [43] TeamPCP hackers advertise Mistral AI code repos for sale | Simon J ... — reactive:ai-offensive-cyber
  44. [44] ‼️ Mistral AI allegedly breached: ~5GB of internal source code ... — reactive:ai-offensive-cyber
  45. [45] Hackers threaten to leak Mistral files online — AI giant confirms breach, but not what data is involved | TechRadar — reactive:ai-offensive-cyber
  46. [46] Hackers Put Mistral AI Source Code Up for Sale After Supply Chain Attack — reactive:ai-security-nexus
  47. [47] Anthropic Glasswing & Claude Mythos Explained for GovCon — reactive:ai-offensive-cyber
  48. [48] Project Glasswing: what Mythos showed us | Subhash Dasyam — reactive:ai-offensive-cyber
  49. [49] Claude Mythos Cracks All Security, Project Glasswing, and the New ... — reactive:ai-offensive-cyber
  50. [50] Cloudflare says Anthropic's Mythos Preview finds exploit chains that earlier frontier models missed — reactive:ai-offensive-cyber
  51. [51] Cloudflare just explained why Mythos is so important (and it is not ... — reactive:ai-offensive-cyber
  52. [52] Cloudflare Tests AI's Ability to Find and Exploit Vulnerabilities — reactive:ai-offensive-cyber
  53. [53] Cloudflare's approach to building safe AI agents with narrow scope ... — reactive:ai-offensive-cyber
  54. [54] 🤖Anthropic’s Mythos AI can now chain bugs into working exploits, according to Cloudflare. — reactive:ai-offensive-cyber (2026-05-19)
  55. [55] Cloudflare tests Mythos against 50+ repositories, highlights its ability ... — reactive:ai-offensive-cyber
  56. [56] Microsoft's MDASH AI Security System Finds 16 Windows Vulnerabilities — reactive:ai-offensive-cyber
  57. [57] Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday — reactive:ai-offensive-cyber
  58. [58] MDASH Vulnerability Discovery - AI Security System | Saudi Shopper — reactive:ai-offensive-cyber
  59. [59] Microsoft MDASH finds Windows security flaws with AI | ETIH EdTech News — EdTech Innovation Hub — reactive:ai-offensive-cyber
  60. [60] 16 New Windows Vulnerabilities Discovered By Microsoft's AI ... — reactive:ai-offensive-cyber
  61. [61] Microsoft unveils MDASH, its AI agent-driven security platform — and it's already spotted a host of new Windows flaws | TechRadar — reactive:ai-offensive-cyber
  62. [62] 😿 AI hackers found a new lane — The Neuron (2026-05-17)
  63. [63] Using AI for Offensive Security | CSA — reactive:ai-offensive-cyber
  64. [64] Recent evaluations from the UK AI Security Institute (AISI) highlight the accelerating pace of autonomous AI cyber capab... — reactive:ai-offensive-cyber (2026-05-14)
  65. [65] How fast is autonomous AI cyber capability advancing? — reactive:ai-offensive-cyber (2026-05-13)
  66. [66] AI cyber capability is speeding past earlier projections - Help Net Security — reactive:ai-offensive-cyber
  67. [67] Cyber & Autonomous Systems | AISI Work Category — reactive:ai-offensive-cyber
  68. [68] "How fast is autonomous AI cyber capability advancing?", AISI Work ... — reactive:ai-offensive-cyber
  69. [69] Autonomous AI Cyber Capability Doubles Every Few Months — reactive:ai-offensive-cyber
  70. [70] Read CSIAC's technical response report, "Counter-AI Offensive Tools and Techniques." — reactive:ai-offensive-cyber (2026-05-20)
  71. [71] Read CSIAC's technical response report, "Counter-AI Offensive ... — reactive:ai-offensive-cyber
  72. [72] DoD Modernization Exchange 2026: Ping Identity’s Kelvin Brewer on applying least privilege access to AI tools — reactive:ai-offensive-cyber
  73. [73] Counter-AI Offensive Tools and Techniques - CSIAC - dtic.mil — reactive:ai-offensive-cyber
  74. [74] [PDF] Counter-AI Offensive Tools and Techniques - CSIAC — reactive:ai-offensive-cyber
  75. [75] Do you work in software or data analysis? CSIAC ... — reactive:ai-offensive-cyber
  76. [76] The supply chain attack surface for AI skills/MCPs is the same problem npm had in 2018, just moving faster. Unverified c... — reactive:ai-offensive-cyber (2026-05-19)
  77. [77] @TheEconomist The real vulnerability isn't just "trusted firms" leaking tools—it's the asymmetric economics. Defensive c... — reactive:ai-offensive-cyber (2026-05-15)
  78. [78] Should regulators mandate reciprocal access to offensive models or fund sovereign capabilities like UK's AISI? — reactive:ai-offensive-cyber (2026-05-20)
  79. [79] Import AI 457: AI stuxnet; cursed Muon optimizer; and positive alignment — Import AI (2026-05-18)
  80. [80] Decades-old pre-Stuxnet cyber sabotage tool breaks cover, NSA listed it as 'nothing to see here' — fast16 targeted nuclear reactors, dam design, and other high-precision civil engineering software years before Stuxnet broke cover | Tom's Hardware — reactive:ai-offensive-cyber
  81. [81] Ethical Hacking — reactive:ai-offensive-cyber
  82. [82] Google thwarts effort hacker group use AI 'mass exploitation event' — reactive:ai-offensive-cyber
  83. [83] Mass Supply Chain Attack Hits TanStack, Mistral AI NPM and PyPI Packages — reactive:ai-offensive-cyber (2026-05-13)
  84. [84] 🚨 node-ipc compromised (3M+ downloads) — reactive:ai-offensive-cyber (2026-05-14)
  85. [85] NEWS | A new NPM supply chain attack is now targeting the AI ecosystem, hitting packages tied to Mistral AI, OpenSearch,... — reactive:ai-offensive-cyber (2026-05-14)
  86. [86] Mass supply-chain attack slams npm and PyPi, with downstream impact affecting Mistral AI and others, as latest Mini Shai... — reactive:ai-offensive-cyber (2026-05-14)
  87. [87] Wow. Someone pulled off the first known supply chain attack designed to steal credentials from an AI coding assistant. A... — reactive:ai-offensive-cyber (2026-05-21)
  88. [88] This exact supply chain attack proves the point I made yesterday. AI tools and extensions make it stupidly easy to pull ... — reactive:ai-offensive-cyber (2026-05-21)