Agent vulnerabilities, PoCs, escapes & sprawl (Anthropic Mythos + Glasswing + OpenClaw + Jadepuffer)
Key Questions
What is the Jadepuffer ransomware attack?
Jadepuffer represents the first fully autonomous AI ransomware attack with no human oversight, adapting in 31 seconds and exploiting an encryption key flaw that rendered the ransom useless.
What vulnerabilities were discovered by Project Glasswing?
Project Glasswing identified zero-days in every major operating system and browser, confirming that every AI assistant has an unfixable prompt injection flaw.
How effective is AI-generated phishing compared to traditional methods?
AI phishing achieves a 54% click-through rate versus 12% for traditional phishing, while AI-generated code PRs introduce 24% new lint issues and 4.7% new security findings yet are merged 73.5% of the time.
What risks do device-based AI agents pose to existing security controls?
Device-based AI agents are the fastest-growing blind spot as EDR and DLP tools cannot detect agent behavior, exfiltration, MCP supply chain issues, or prompt injection via local files.
What is the CyberArk Lethal Trifecta for AI agents?
The Lethal Trifecta notes that 98% of agents combine external access, data access, and code execution capabilities, creating a capability-defense inversion that current tools cannot address.
How are unskilled attackers leveraging AI tools?
Unskilled attackers using Claude and Codex have breached 14 companies through over 1,000 agent sessions, while Mythos discovered vulnerabilities at a 16.5:1 ratio compared to human fixes.
What new frameworks address AI vulnerability reporting?
The FLARE-AI cross-platform framework was launched to fill the CVE-like gap for AI-specific flaws, alongside Forescout's Assume Autonomy framework that formalizes the collapse of vulnerability-to-exploitation timelines.
Why is prioritization now the main security bottleneck?
AI is flooding teams with findings, but the core challenge has shifted from discovery to faster decision-making on prioritization based on business impact.
Landmark first fully autonomous AI ransomware attack (Jadepuffer) from Sysdig—no human oversight, adapted in 31 seconds, ransom useless due to encryption key flaw. Anthropic Mythos offensive ops expanded to 150 orgs across 15+ countries; NSA embedding engineers. Project Glasswing found zero-days in every major OS/browser. Every AI assistant has unfixable prompt injection flaw—new AI browser comparison (Atlas, Comet, Dia) confirms structural unsolvability. New variant 'BioShocking' tricks AI browsers into leaking passwords via game logic bypass; most vendors unpatched. Device-based AI agents emerge as fastest-growing blind spot—EDR/DLP blind to agent behavior, exfiltration, MCP supply chain, prompt injection via local files, lateral movement. Unskilled attackers using Claude/Codex breached 14 companies from 1,000+ agent sessions. New data: Mythos discovered vulnerabilities at 16.5:1 ratio vs human fixes; new decision framework for prioritization. CyberArk Lethal Trifecta: 98% of agents have external access, data access, code execution; capability-defense inversion. Forescout 'Assume Autonomy' framework formalizes AI collapse of vulnerability-to-exploitation timeline with WolfSSL example (5B devices, single prompt). New data: AI phishing achieves 54% click-through vs 12% traditional; AI-generated code PRs show 24% new lint issues, 4.7% new security findings, yet 73.5% are merged. AI-speed attacks force incident response rethink—machine-speed response needed. Practical framework for prioritizing AI agent security by business impact published. Palo Alto Networks governance guide with peer insights on AI agent governance. New insight: AI is flooding teams with findings, but bottleneck is prioritization, not discovery—security maturity is about deciding faster. New: FLARE-AI cross-platform AI vulnerability reporting framework launched, filling CVE-like gap for AI flaws.