In early 2026, a supply chain attack called ClawHavoc targeted users of the OpenClaw AI agent platform through its community skill repository. Malicious packages disguised as trading bots and developer utilities deployed information-stealing malware the moment they were installed. The attack vector was MCP — Model Context Protocol — the standard that connects AI agents to external tools and services. Most developers integrating MCP servers into their AI applications have never security-reviewed them. My breakdown of why this is the…
Monday, May 11, 2026
Agentic AI Security Risks in 2026 — The Attack Surface Every Organisation Needs to Understand
In March 2026, an AI system called CyberStrikeAI compromised more than 600 FortiGate firewalls across 55 countries. No human operator directed the attack. The AI autonomously planned the campaign, identified vulnerable targets, executed exploitation, and maintained persistence — all within hours. This is not a prediction about future AI capabilities. It is a documented incident from 30 days ago. Agentic AI — AI that takes autonomous real-world actions — has crossed from research demonstration to operational attack tool. My analysis…
What Is AI Jailbreaking? How People Break AI Safety Rules
Every major AI assistant has safety guidelines — rules about what it will and will not help with. Jailbreaking is the practice of crafting prompts that convince an AI to ignore those rules. It does not require technical skills, just creative prompt writing. The AI does not get "hacked" in any traditional software sense — it is persuaded through text alone. Here is exactly how it works, why AI companies take it seriously, what the documented techniques look like at…
Prototype Pollution Bug Bounty 2026 — Client-Side, Server-Side & RCE Escalation | BB Day 28
🎯 BUG BOUNTY COURSE FREE Part of the Bug Bounty Mastery Course — 60 Days Day 28 of 60 · 46.7% complete ⚠️ Authorised Targets Only. Test prototype pollution only against systems you own or have explicit written permission to test. All exercises target PortSwigger labs or your own local Node.js environment. Prototype pollution is the bug that keeps paying — I have found it on three separate engagements on the same application category. My go-to detection is a quick…
SET Social Engineering Toolkit 2026 — Spear-Phishing, Credential Harvesting & Payloads | Kali Linux Day 26
🗡️ KALI LINUX COURSE FREE Part of the 180-Day Kali Linux Mastery Course Day 26 of 180 · 14.4% complete ⚠️ Authorised Engagements Only. SET automates attacks that look convincingly real. Every exercise targets your own lab environment. Phishing real targets without written authorisation is illegal. ✅ Before You Start Day 25 — BeEF-XSS — browser hooking via XSS. SET takes the same attack surface into the human layer: instead of hooking a browser through a vulnerability, we deliver the…
Nation-State AI Cyberwarfare 2026 — How Governments Use LLMs to Attack
The most significant change in nation-state cyber operations over the past two years isn't a new exploit technique or a novel malware family. It's the integration of large language models into every phase of the attack lifecycle — from initial reconnaissance through spear-phishing generation, vulnerability research, lateral movement planning, and disinformation at scale. I track these campaigns because understanding what the most well-resourced threat actors are doing today defines what every organisation will face tomorrow. The AI tools nation-states are…
Sunday, May 10, 2026
Will AI Replace Cybersecurity Jobs in 2026? The Honest Answer
The short answer is no — but the more useful answer is "it depends on what you do." AI is already changing specific security tasks, making some roles more productive and making others less necessary at current staffing levels. My experience working with security teams: organisations are hiring security professionals who understand AI, not replacing teams with AI. Here is the honest breakdown of what is changing, what is not, and exactly what to do if you are building or…
Subscribe to:
Posts (Atom)