Cyber Alert Security News Daily

AI-driven vuln discovery crisis & novel attack vectors

AI-driven vuln discovery crisis & novel attack vectors

Key Questions

How effective is AI at discovering vulnerabilities compared to patching?

Anthropic's Mythos found 23,019 candidates with only 97 patched (6%), and it can convert patches to exploits in minutes. AI agents also discovered 21 FFmpeg zero-days and FreeBSD kernel issues.

What novel attack vectors involve AI exploitation?

Vectors include AI trust exploitation, Sysdig's first LLM-agent intrusion, EDRChoker QoS evasion, and Tenet's 'Agentjacking'. ClickFix campaigns now abuse claude.ai shared chats.

Are there unpatchable Apple BootROM exploits?

Yes, usbliter8 targets A12/A13 chips via USB DMA requiring physical access, with no patch possible. Migration to newer hardware is the only mitigation as SEP remains secure.

What critical Splunk vulnerability is under active exploitation?

CVE-2026-20253 allows unauthenticated RCE on exposed systems with PoCs available shortly after disclosure. Immediate patching is required.

How has AI impacted the vulnerability patch window?

Project Glasswing shows AI collapsed the window by weaponizing text-only advisories into exploits rapidly. CISA BOD 26-04 now mandates 3-day patching for some issues.

What new Linux kernel vulnerability was found with AI assistance?

CVE-2026-31431 ('Copy Fail') is a 9-year-old local privilege escalation discovered via AI-assisted tracing, with a patch now available.

Which malware campaigns are leveraging AI hype or tools?

Threat actors use AI hype to deliver AsyncRAT, while ClickFix variants tied to Rapid Brigantine ransomware use fake updates. MetaStealer added new DGAs.

What reports highlight risks with AI credentials and tools?

Orca Security notes widespread AI credential exposure, and a Claude Code sandbox bypass provides evidence of AI agent toolchain attacks. Anthropic banned Mythos AI.

AI outpacing patching: Mythos 1 (23k+ vulns, 6% patched). Anthropic Mythos found 23,019 vulnerability candidates, only 97 patched. Mythos can turn patches into exploits in minutes. AI agent found 21 FFmpeg zero-days. Apple zero-click kernel CVE-2026-43668. Chrome zero-day CVE-2026-11645 actively exploited. Novel attack vectors: AI trust exploitation, Sysdig first LLM-agent intrusion, EDRChoker (QoS-based EDR evasion). 'Patch Apocalypse' concept. CISA BOD 26-04 – 3-day patching. PoisonX Driver Campaign in Japan. Threat actors weaponize AI hype to deliver AsyncRAT. AI-driven 2FA bypass discovered. Trail of Bits' Buttercup system with 90% patch accuracy. Splunk CVE-2026-20253 unauthenticated RCE – critical, actively exploited with PoC, patch immediately. Tenet's 'Agentjacking' attack. ClickFix campaigns evolve with new loaders (BabaDeda, Lorem Ipsum, Potemkin). ClickFix variant linked to Rapid Brigantine ransomware ecosystem (BlueVoyant) – fake browser updates delivering ransomware. ClickFix variant abusing claude.ai shared chat. Hola VPN abuse for malware delivery. UnregStealer Chrome extension campaign. Linux kernel 7.1 patches root exploit CVE-2026-23111. Anthropic banned Mythos AI. Anthropic and White House clash over Fable 5 restrictions. Phantom Stealer – fileless credential stealer. Azul offers free JVM risk assessment. Study finds 46% of exposed databases already compromised. Critical MariaDB Community Server vulnerability (shell command execution) – patch immediately. AI agent (Claude Code) found FreeBSD kernel zero-days. AI supercharged Microsoft's Patch Tuesday – record 206 vulns. Project Glasswing analysis shows AI collapsed patch window – text-only advisories now weaponizable. MetaStealer campaign adds new DGA (wordlist-based). Microsoft details Windows Clipper malware 'CryptoBandits' using USB LNK worm and Tor C2. Unpatchable BootROM exploit for Apple A12/A13 chips (usbliter8) – physical access required, SEP remains secure, migration to newer hardware only mitigation. New: CVE-2026-31431 'Copy Fail' – 9-year-old Linux kernel local privilege escalation discovered with AI-assisted tracing, patch available. New: Claude Code sandbox bypass incident – concrete evidence of AI agent toolchain attacks. Orca Security report on widespread AI credential exposure. Patch/WAF urgent.

Sources (25)
Updated Jun 24, 2026