Modern Cyber with Jeremy Snyder

In this episode for May 14, 2026, Jeremy breaks down a watershed moment in cybersecurity: the first confirmed case of hackers using AI to discover and weaponize a zero-day vulnerability in the wild. We also explore a major self-reported PII leak in the banking sector and the expanding attack surface of AI development environments.

Key Episode Highlights:
The First AI-Generated Zero-Day: Google Threat Intelligence confirms hackers used AI to discover and weaponize a 2FA bypass in an open-source admin tool, marking a transition from theoretical risk to documented reality.
Banking Sector PII Leak: Community Bank (operating in PA, OH, and WV) filed an 8-K reporting that sensitive customer data, including SSNs and dates of birth, leaked into an AI application during training.
The "Beagle" Backdoor: Sophos uncovered a fake Claude-Pro website pushing trojanized installers that deploy a memory-resident backdoor targeting AI coding environments.
Framework Exploitation: Research reveals how prompt injection in popular frameworks like Semantic Kernel, LangChain, and CrewAI can escalate to full remote code execution (RCE).
Phonetic Obfuscation: New proof-of-concept research shows that LLMs can navigate phonetic misspellings to interpret malicious intent, effectively bypassing standard text filters.
Pixel-Perfect Phishing: Vercel’s v0.dev tool is being used by attackers to generate nearly perfect brand impersonations for Nike, Adidas, and Microsoft, making phishing detection significantly harder.
Secure AI Across Your Entire Organization
Unregulated AI usage and data leaks are the biggest threats to your organization's reputation. Get full visibility into your AI environment and block sensitive data exfiltration in 15 minutes. Book your FireTail demo: https://www.firetail.ai/schedule-your-demo

Episode Links
https://cloud.google.com/blog/products/identity-security/beyond-source-code-the-files-ai-coding-agents-trust-and-attackers-exploit
https://www.microsoft.com/en-us/security/blog/2026/05/07/prompts-become-shells-rce-vulnerabilities-ai-agent-frameworks/
https://www.bleepingcomputer.com/news/security/fake-claude-ai-website-delivers-new-beagle-windows-malware/
https://www.infosecurity-magazine.com/news/researchers-10-wild-indirect/
https://www.darkreading.com/cloud-security/hackers-ai-exploit-dev-attack-automation
https://www.darkreading.com/ics-ot-security/worlds-first-ai-driven-cyberattack-couldnt-breach-ot-systems
https://hackread.com/hackers-exploit-vercel-genai-phishing-sites/
https://bishopfox.com/blog/cve-2026-42208-pre-authentication-sql-injection-in-litellm-proxy
https://securityaffairs.com/191888/data-breach/braintrust-security-incident-raises-concerns-over-ai-supply-chain-risks.html
https://shape-of-code.com/2025/06/29/an-attempt-to-shroud-text-from-llms/
https://databreaches.net/2026/05/12/us-bank-reports-itself-for-revealing-customer-data-to-unauthorized-ai-application/

In this episode for May 7, 2026, Jeremy reports from the sidelines of BSides Luxembourg. This week marks a significant shift in AI-driven vulnerability research, moving from source code analysis to the successful reverse engineering of closed-source compiled binaries.

Key Episode Highlights:
GitHub Backend RCE: Researchers from Wiz used AI-augmented binary analysis to find an X-stat header injection vulnerability in GitHub’s Git push pipeline, achieving a CVSS score of 8.7 on closed-source code.
The "Copyfail" Crisis: A critical Linux security flaw dating back to 2017 was uncovered using AI-assisted tools. The story highlights the tension between automated discovery and the rise of "AI slop" in automated vulnerability disclosures.
CISA Patching Mandates: CISA is considering lowering the required "mean time to patch" from 14 days to just 3 days in response to AI’s ability to find vulnerabilities at an "apocalypse" scale.
Shadow AI Exposure: A study by Intruder found over 1 million exposed AI services via certificate transparency logs, with 31% of Meta Llama servers requiring zero authentication.
Google "Cosmo" Leak: A massive 1.13 GB system-level agent for Android briefly leaked on the Play Store, revealing an autonomous browser agent with deep system permissions.
The Criminal Skill Gap: New research from the University of Edinburgh suggests that while AI is boosting professional developers, most cybercriminals currently lack the skills to weaponize AI at a "weaponizable scale".

Shadow AI and unsecured AI models are the new frontier of enterprise risk. 31% of exposed AI servers are operating with zero authentication. Don't let your infrastructure be the next headline. Get full visibility into your AI environment in 15 minutes. Book your FireTail demo: https://www.firetail.ai/schedule-your-demo

Episode Links
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
https://cyberscoop.com/copy-fail-linux-vulnerability-artificial-intelligence/
https://www.reuters.com/legal/litigation/us-officials-weigh-cutting-deadlines-fix-digital-flaws-amid-worries-over-ai-2026-05-01/
https://venturebeat.com/security/ai-agent-runtime-security-system-card-audit-comment-and-control-2026
https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html
https://www.euronews.com/next/2026/05/05/cybercriminals-gave-ai-a-go-and-came-away-disappointed-study-finds
https://www.bleepingcomputer.com/news/security/learning-from-the-vercel-breach-shadow-ai-and-oauth-sprawl/
https://azat.tv/en/google-cosmo-ai-leak-privacy-safety/https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

In this episode for April 30, 2026, Jeremy breaks down a week where the "human-in-the-loop" failed spectacularly. From a production environment deleted in just nine seconds to "Abliterated" models providing kidnapping instructions to Congress, the risks of autonomous AI agents are no longer theoretical. They are live.
Key Episode Highlights:
Abliterated Models on Capitol Hill: OpenAI and Anthropic briefed House lawmakers on "abliterated" models - versions with safety guardrails stripped - demonstrating how they can provide step-by-step instructions for criminal acts.
Entra ID Hijacking: Researchers at Silverfort discovered that the new "Agent ID" role in Microsoft Entra ID can be exploited to hijack service principals, leading to a full Global Admin takeover.
The 9-Second Disaster: An AI agent at PocketOS, attempting to fix a staging environment, fetched production credentials and deleted both the production environment and its backups in under ten seconds.
LiteLLM SQL Injection: A critical vulnerability in the LiteLLM gateway saw targeted exploitation within 36 hours of disclosure, specifically aiming for provider API keys.
Vercel Breach Update: The recent Vercel data breach is traced back to a "Luma Stealer" malware infection at a third-party AI analytics partner.
Episode Links
https://www.politico.com/news/2026/04/22/ai-chatbots-jailbreak-safety-00887869
https://security.googleblog.com/2026/04/ai-threats-in-wild-current-state-of.html
https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026/
https://hackread.com/microsoft-entra-agent-id-flaw-tenant-takeover/
https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-a-critical-litellm-pre-auth-sqli-flaw/
https://www.cbsnews.com/news/anthropic-investigates-mythos-ai-breach/
https://thehackernews.com/2026/04/vercel-breach-tied-to-context-ai-hack.html
https://x.com/lifeof_jer/status/2048103471019434248
Is your organization part of the 82% with unknown AI agents running on your network? Don't wait for a "9-second deletion" event. Get full visibility into your AI agents today.
Book your FireTail demo: https://www.firetail.ai/schedule-your-demo

In this episode for April 23, 2026, Jeremy explores a week where "first principles" in security are being forgotten in the rush to adopt AI. From guessable API endpoints exposing Anthropic’s most powerful model to a $10,000 fine for a lawyer’s AI "slop," the message of the week is clear: There is no AI without API security.
Key Stories & Developments:
The Mythos API Leak: Unauthorized actors gained access to Anthropic’s Claude Mythos model by simply guessing API naming conventions. This classic case of Broken Function Level Authorization highlights a major oversight in the rollout of sensitive models.
Shadow AI Agents: A new survey from the Cloud Security Alliance reveals that 82% of enterprises have unknown AI agents operating without security oversight.
The $10K Hallucination: An Oregon lawyer was fined $10,000 for "AI slop" in court filings, setting a firm legal precedent that AI error does not excuse professional negligence.
MCP Design Flaws: The Model Context Protocol (MCP), designed to wrap APIs in human language, is proving vulnerable to coercion. Attackers are using human language requests to probe back-end systems through NGINX.
"Logjack": New research into "Logjack" shows how malicious prompts hidden in system logs can compromise the LLMs used to analyze them.
Meta Keystroke Capturing: Reports indicate Meta is capturing employee keystrokes to refine internal AI training sets, raising massive concerns about insider risk and password exfiltration.
Shadow AI agents are the new Shadow IT. Are you part of the 82% with zero visibility into your AI agents? Discover every agent and API connection in 15 minutes. Book your FireTail demo: https://www.firetail.ai/schedule-your-demo

Episode Links
https://www.inc.com/kevin-haynes/faulty-ai-leads-to-record-10000-fine-for-oregon-lawyer/91322007
https://www.nytimes.com/2026/04/17/us/oregon-winery-ai-legal-fight.html
https://techcrunch.com/2026/04/21/meta-will-record-employees-keystrokes-and-use-it-to-train-its-ai-models/
https://cloudsecurityalliance.org/press-releases/2026/04/21/new-cloud-security-alliance-survey-reveals-82-of-enterprises-have-unknown-ai-agents-in-their-environments
https://techcrunch.com/2026/04/20/app-host-vercel-confirms-security-incident-says-customer-data-was-stolen-via-breach-at-context-ai/
https://www.securityweek.com/by-design-flaw-in-mcp-could-enable-widespread-ai-supply-chain-attacks/
https://www.theregister.com/2026/04/16/anthropic_mcp_design_flaw/
https://www.darkreading.com/application-security/critical-mcp-integration-flaw-nginx-risk
https://www.helpnetsecurity.com/2026/04/16/llm-router-security-risk-agent-commands/
https://oddguan.com/blog/comment-and-control-prompt-injection-credential-theft-claude-code-gemini-cli-github-copilot/
https://arxiv.org/abs/2604.15368
https://venturebeat.com/security/microsoft-salesforce-copilot-agentforce-prompt-injection-cve-agent-remediation-playbook
https://techcrunch.com/2026/04/21/unauthorized-group-has-gained-access-to-anthropics-exclusive-cyber-tool-mythos-report-claims/
https://aisle.com/blog/ai-cybersecurity-after-mythos-the-jagged-frontier
https://www.darkreading.com/vulnerabilities-threats/every-old-vulnerability-ai-vulnerability
https://www.theregister.com/2026/04/20/lovable_denies_data_leak/

This week, Jeremy breaks down a sophisticated bypass of Apple Intelligence and explores a hardware-level GPU threat that turns "vandalism" into full system takeovers. We also look at the massive data fallout from the Mercor supply chain breach and why "Claude Mythos" is officially ending the era of slow vulnerability management.
Key Stories & Developments:
NeuralExec vs. Apple: Researchers reveal a 76% success rate in bypassing Apple Intelligence safety filters using Right-to-Left (RTL) Unicode overrides.
The 4TB Mercor Leak: The fallout from the LiteLLM supply chain attack is confirmed: 4 terabytes of data stolen, leading Meta to pause contracts and OpenAI to investigate exposure.
GPU-Breach: A new technique from the University of Toronto moves beyond "bit-flipping" to gain God-mode over GPU memory, threatening cryptographic secrets.
Secret Sprawl Explosion: GitGuardian reports a 34% jump in exposed secrets, with AI service credentials (like OpenRouter and Google API keys) being the fastest-growing category.
The Death of the Patch Cycle: "Claude Mythos" has flipped the script—99% of its AI-discovered zero-days are now valid, forcing a realization that this is no longer an AI security problem, but a high-speed vulnerability management crisis.
Episode Links
https://9to5mac.com/2026/04/09/researchers-detail-how-a-prompt-injection-attack-bypassed-apple-intelligence-protections/
https://securityboulevard.com/2026/04/bypassing-llm-supervisor-agents-through-indirect-prompt-injection/
https://cybersecurityjournal.ca/techtalk/83883-flowise-cve-2025-59528-rce-exploitation-ai-agent-builder-2026-04-08/
https://cyberscoop.com/grafanaghost-grafana-prompt-injection-vulnerability-data-exfiltration/
https://techcrunch.com/2026/04/09/after-data-breach-10b-valued-startup-mercor-is-having-a-month/
https://www.helpnetsecurity.com/2026/04/14/gitguardian-ai-agents-credentials-leak/
https://securityaffairs.com/190455/security/gpubreach-exploit-uses-gpu-memory-bit-flips-to-achieve-full-system-takeover.html
https://aisle.com/blog/system-over-model-zero-day-discovery-at-the-jagged-frontier
https://openai.com/index/scaling-trusted-access-for-cyber-defense/
https://www.npr.org/2026/04/11/nx-s1-5778508/anthropic-project-glasswing-ai-cybersecurity-mythos-preview
https://labs.cloudsecurityalliance.org/wp-content/uploads/2026/04/mythosready.pdf
https://www.businessinsider.com/andon-market-luna-ai-agent-managed-store-san-francisco-2026-4#

Worried about AI security?
Get Complete AI Visibility in 15 Minutes. Discover all of your shadow AI now. Book a demo of Firetail's AI Security & Governance Platform: https://www.firetail.ai/request-a-demo