Google says attackers are using AI for zero-day research, malware development, reconnaissance, and access to premium AI tools.

The deal gives Anthropic tighter control over how developers connect Claude to software and business systems as AI vendors ...

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

Why it matters: Automating security tasks reduces human error, speeds up detection, and ensures consistent reporting for vulnerability management, compliance, and proactive threat mitigation. What’s ...

AI is collapsing the security boundaries between code, pipeline, and runtime. These startups are racing to fill the gaps.

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...

GGUF parser vulnerabilities disclosed May 15, 2026 include a critical integer overflow that lets any malicious model file trigger arbitrary memory reads — affecting Ollama, LM Studio, and every local ...

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...

Organizations need to internalize a simple principle: Calling an LLM API is a data transfer. You're trusting the provider with every piece of information included in that context window. The data ...

When (and why) does AI coding flip from promising to a security nightmare? Let's look under the coding hood.