AI Security
Langflow CVE-2026-55255 KEV: AI Agent Flaw Explained
The Langflow CVE-2026-55255 KEV entry, added by CISA on July 7, marks the first time an AI agent orchestration platform has ever appeared in the Known Exploited Vulnerabilities catalog. The flaw carries a CVSS score of just 6.1 from CISA, yet KEVIntel and CIRCL independently score the same bug 9.9, because it lets an authenticated…
Read MoreJADEPUFFER Agentic AI Ransomware Attack
JADEPUFFER agentic AI ransomware is, according to Sysdig’s Threat Research Team, the first publicly documented case of a ransomware attack executed start to finish by an autonomous AI agent — from initial access through a Langflow vulnerability to database encryption and extortion, with no human operator directing any step. What Happened Sysdig identified JADEPUFFER, this…
Read MoreAI Agent Finds 21 FFmpeg Zero-Days for $1,000 — Chrome 149 Patches Record 429 Bugs
An AI agent just did what would take a skilled security researcher months — and it cost $1,000. Security startup depthfirst ran an autonomous AI agent against FFmpeg, the media processing library embedded in virtually every video call platform, streaming service, and recording tool. The agent scanned 1.5 million lines of C code and found…
Read MoreYou locked down your dependency pipeline. You audit your npm packages. Your CI/CD is hardened.
You locked down your dependency pipeline. You audit your npm packages. Your CI/CD is hardened. Your AI coding agent still executes whatever ends up in your error logs. Researchers at Tenet Security disclosed a new attack class this week called Agentjacking. Here is how it works: your team uses an AI coding agent — Claude…
Read More
