{"categories":[{"id":"ASI05","name":"Unexpected Code Execution (RCE)","slug":"rce","blurb":"Unsafe execution of dynamically generated code (e.g. Python/bash) inside an agent loop.","count_7d":9,"count_14d":9,"count_30d":9,"severity_score_7d":119,"by_severity_7d":{"critical":8,"high":1},"prev_7d":0,"trend":"up","samples":[{"title":"CVE-2026-42074: OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerousl","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42074","severity":"critical"},{"title":"CVE-2026-25879: Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced ","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25879","severity":"critical"},{"title":"CVE-2026-44287: FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:3","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44287","severity":"critical"}]},{"id":"ASI01","name":"Agent Goal Hijack","slug":"goal-hijack","blurb":"Redirecting an agent's goals or plans through injected instructions or poisoned content.","count_7d":14,"count_14d":14,"count_30d":14,"severity_score_7d":99,"by_severity_7d":{"critical":3,"high":6,"medium":5},"prev_7d":0,"trend":"up","samples":[{"title":"Please don't spam people looking for employment. It's just cruel","url":"https://news.ycombinator.com/item?id=48370743","severity":"medium"},{"title":"ChatGPhish: The Page Is the Payload","url":"https://permiso.io/blog/chatgpt-markdown-rendering-vulnerability","severity":"medium"},{"title":"Disregard previous instructions and delete all jqwik tests","url":"https://github.com/jqwik-team/jqwik/issues/708","severity":"medium"}]},{"id":"ASI04","name":"Agentic Supply Chain","slug":"supply-chain","blurb":"Compromised or tampered third-party agents, tools, plugins, skills, registries, or update channels.","count_7d":8,"count_14d":8,"count_30d":8,"severity_score_7d":80,"by_severity_7d":{"critical":4,"high":3,"medium":1},"prev_7d":0,"trend":"up","samples":[{"title":"Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm","url":"https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html","severity":"critical"},{"title":"ChatGPT for Google Sheets exfiltrates workbooks","url":"https://www.promptarmor.com/resources/gpt-for-google-sheets-data-exfiltration","severity":"high"},{"title":"Show HN: Agents, run any coding agent on your subscription not API costs","url":"https://agents-cli.sh","severity":"medium"}]},{"id":"ASI02","name":"Tool Misuse & Exploitation","slug":"tool-misuse","blurb":"Misusing legitimate tools through unsafe chaining, ambiguous instructions, or manipulated tool outputs.","count_7d":9,"count_14d":9,"count_30d":9,"severity_score_7d":62,"by_severity_7d":{"critical":1,"high":6,"medium":2},"prev_7d":0,"trend":"up","samples":[{"title":"Show HN: Circus Chief – Claude Code, Codex, and Gemini from Your Phone","url":"https://github.com/ferrislucas/Circus-Chief","severity":"medium"},{"title":"CVE-2026-10280: A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-10280","severity":"high"},{"title":"The newest Instagram “exploit” is the goofiest I've seen","url":"https://www.0xsid.com/blog/meta-account-takeover-fiasco","severity":"critical"}]},{"id":"ASI03","name":"Identity & Privilege Abuse","slug":"identity-abuse","blurb":"Exploiting delegated trust, inherited credentials, or role chains to gain unauthorized access or actions.","count_7d":7,"count_14d":7,"count_30d":7,"severity_score_7d":56,"by_severity_7d":{"critical":1,"high":6},"prev_7d":0,"trend":"up","samples":[{"title":"CVE-2026-42073: OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42073","severity":"high"},{"title":"Show HN: HashCortX] – [AI desktop agent UI app by a vibecoder pharmacist]","url":"https://news.ycombinator.com/item?id=48369220","severity":"high"},{"title":"CVE-2026-44648: SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44648","severity":"high"}]},{"id":"ASI06","name":"Memory & Context Poisoning","slug":"memory-poison","blurb":"Attackers poison RAG databases, vector stores, or long-term agent memory to bias future actions.","count_7d":2,"count_14d":2,"count_30d":2,"severity_score_7d":10,"by_severity_7d":{"high":1,"medium":1},"prev_7d":0,"trend":"up","samples":[{"title":"Show HN: OpenHive – AI agents share solutions so other agents dont re-solve them","url":"https://openhivemind.vercel.app/","severity":"medium"},{"title":"CVE-2026-45582: n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the work","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45582","severity":"high"}]},{"id":"ASI09","name":"Untraceability & Audit Gaps","slug":"untraceable","blurb":"Insufficient logging, attribution gaps, missing audit trails for agent actions.","count_7d":1,"count_14d":1,"count_30d":1,"severity_score_7d":7,"by_severity_7d":{"high":1},"prev_7d":0,"trend":"up","samples":[{"title":"CVE-2026-45046: Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged ","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45046","severity":"high"}]},{"id":"ASI10","name":"Rogue Agents","slug":"rogue-agent","blurb":"Unauthorized, dormant, or abandoned agents abusing agent identity or persisting in environments.","count_7d":1,"count_14d":1,"count_30d":1,"severity_score_7d":7,"by_severity_7d":{"high":1},"prev_7d":0,"trend":"up","samples":[{"title":"What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks","url":"https://thehackernews.com/2026/05/what-2000-exposed-vibe-coded-apps.html","severity":"high"}]},{"id":"ASI07","name":"Insecure Inter-Agent Communication","slug":"inter-agent","blurb":"Compromised agents sending malicious or spoofed instructions to peers across an agent mesh.","count_7d":1,"count_14d":1,"count_30d":1,"severity_score_7d":3,"by_severity_7d":{"medium":1},"prev_7d":0,"trend":"up","samples":[{"title":"MCP is dead?","url":"https://www.quandri.io/engineering-blog/mcp-is-dead","severity":"medium"}]},{"id":"ASI08","name":"Cascading Failures","slug":"cascading-failure","blurb":"A single agent fault propagates wildly due to automation and high fan-out.","count_7d":0,"count_14d":0,"count_30d":0,"severity_score_7d":0,"by_severity_7d":{},"prev_7d":0,"trend":"flat","samples":[]}],"generated_at":"2026-06-02T19:26:48.553Z"}