OFFENSIVE AI
(15)15 hack(s).
1,000 captured agent logs: a low-skill attacker breached 14 firms with Claude and Codex
OALABS recovered over 1,000 Claude Code and Codex sessions from a careless attacker. Across all of them the frontier models raised only ten policy violations — the deskilling of intrusion, documented from the inside.
LLMjacking evolves: stolen Ollama compute now drives autonomous attack agents
A June 17, 2026 Sysdig report documents a captured incident: an exposed, unauthenticated Ollama server used as the reasoning engine for a multi-stage offensive pipeline. The fix is operational, not model-side.
Criminal AI-as-a-Service in 2026: how the underground operationalizes cybercrime
A June 11, 2026 Rapid7 report finds the criminal AI market has shifted from 'evil chatbots' to a productivity layer: jailbreak wrappers, stolen accounts and deepfake-for-KYC services that scale ordinary crime.
An LLM agent that pentests Salesforce Experience Cloud end-to-end
On June 8, 2026, Reco published an agent that maps, fuzzes and exploits Salesforce Experience Cloud sites with no human in the loop — the same misconfigurations ShinyHunters has been mining since 2025, now driven by a model.
How agentic AI compresses the cyber attack lifecycle
A May 2026 arXiv paper models how agentic AI lowers the cost of every attack stage — from reconnaissance to post-compromise — compressing the kill chain and shifting defensive priorities for enterprises.
Hands-free firmware VR: an LLM agent reverse-engineers an OT intercom end-to-end
On June 2, 2026, Claroty Team82 ran Claude Opus 4.6 with a Ghidra MCP server against a Zenitel intercom firmware image and re-found a set of known CVEs in under ten minutes — a preview of commoditized firmware vulnerability research.
Adaptive AI worms: when malware runs its own local LLM
A June 2026 University of Toronto paper demos a worm that runs open-weight LLMs on the machines it compromises, adapting its exploit per target and weaponising advisories published after the model's training cutoff.
AI threat actors mapped to MITRE ATT&CK: the ARiES score and what it breaks
Anthropic's June 3, 2026 report maps a year of AI-enabled cyberattacks to MITRE ATT&CK. The finding for defenders: sophistication, technique count and interface no longer predict an actor's risk — orchestration does.
CAESAR: coordinated LLM agents beat the single-model reasoning ceiling
A May 9, 2026 arXiv paper shows that splitting an LLM attacker into five typed roles outperforms a single agent on 25 CTF tasks across four models — the gain comes from coordination structure, not raw capability.
Agent at the wheel: detecting LLM-driven post-exploitation
On May 10, 2026, Sysdig captured its first intrusion where an LLM agent drove the post-exploitation in real time — CVE-2026-39987 on marimo to a full PostgreSQL dump in under an hour. The forensic tell is the command shape.
AI-authored zero-days: how GTIG fingerprinted the first AI-built exploit
On May 11, 2026, Google's GTIG disclosed the first zero-day it believes was AI-built — a 2FA-bypass script betrayed by a hallucinated CVSS score and textbook docstrings. Here's how to read the tells.
Apple's May 2026 bulletin formally credits Claude on two macOS CVEs
On May 11, 2026, Apple's macOS Tahoe 26.5 advisory named Claude alongside its researchers on two CVEs — a kernel integer overflow and a WebKit use-after-free. AI-assisted vulnerability research is now in the official changelog.
The first CVE wave: AI-assisted discovery is reshaping disclosure volumes
VulnCheck's May 14, 2026 analysis shows year-to-date CVE issuance up +563% on Chrome, +476% on GitHub, +180% on VMware, +170% on Apache. The systemic shift behind the Apple, Mozilla and ActiveMQ headlines is now visible in the numbers.
AI-assisted ICS attack: lessons from the Monterrey water utility intrusion
Dragos' May 2026 report on Servicios de Agua y Drenaje de Monterrey documents the first publicly analysed campaign in which a commercial LLM — Claude — was the primary technical operator of an attempted OT intrusion.
OpenAI Daybreak and GPT-5.5-Cyber: a permissive security model behind a verified-identity gate
Between May 7 and 12, 2026, OpenAI launched Daybreak — a cybersecurity platform built on GPT-5.5, Codex Security and a 'cyber-permissive' sibling, GPT-5.5-Cyber. UK AISI's prior evaluation found a universal jailbreak in six hours.