Invisible HTML comments in GitHub Issues could trick Claude Code AI into reading protected environment variables like ANTHROPIC_API_KEY due to insufficient restrictions on the Read tool.
Uncontrolled AI usage by employees jeopardizes data security and compliance – network monitoring and clear AI policies are essential for risk mitigation.
An unknown espionage actor exfiltrated the complete email mailbox of a stock exchange executive over five months using disguised malware and cloud services without detection.
Hades is a supply-chain malware that infects Python packages with specialized prompt-injection logic to compromise both automated LLM scanners and systems with memory access.