Deep-dives into offensive security, AI-powered pentesting, and real-world vulnerability research from the Xploitix team.
The vulnerability wasn't the AI itself. It was the lack of boundaries between data and instructions. As AI agents get integrated into CI/CD pipelines, customer support, and even security operations, the attack surface isn't shrinking. It's shape-shifting.
AWS disclosed an AI-orchestrated campaign that compromised 600+ FortiGate firewalls across 55 countries in five weeks. Anthropic separately disclosed GTG-1002, a Chinese state-sponsored operation where AI executed 80–90% of the attack. Two attributed disclosures, one inescapable pattern: AI is now driving attacks, not just advising them.
Vercel was breached through Context AI, a third-party tool used by a single employee. Attackers pivoted via Google Workspace, decrypted environment variables, and listed the database for sale on BreachForums for $2M. Every AI dependency is now part of your perimeter.
Marimo, the popular reactive Python notebook, was hit with a critical pre-auth RCE (CVSS 9.3). An unauthenticated WebSocket endpoint exposed a full PTY shell. Working exploits appeared within 10 hours of disclosure. If you run Marimo, patch now.
The DPDP Act isn't a future checkbox. It's a live regulatory requirement. Updated April 6: IRDAI now mandates DPDP-aligned controls, bi-annual grey/white-box pentests, and CERT-In empanelled audits for insurers. Compliance without security is false confidence.
Two malicious versions of litellm (3M+ daily downloads) were published to PyPI with a three-stage payload: credential harvesting, cloud key exfiltration, and persistent remote access. If you use litellm, read this now.
No complex payloads. No sophisticated exploits. Just a simple validation mistake that could have cost ~100K credits. Our AI platform detected a credit-based API flaw where negative values increased the user balance instead of decreasing it.
This type of vulnerability usually requires manual testing, because it depends on application logic rather than payload injection. Our AI system identified cross-role authorization vulnerabilities where encrypted identifiers from privileged users could be reused by lower-privilege users.
Samsung engineers exposed semiconductor source code to ChatGPT. This isn't a hypothetical scenario. It's a case study in how LLM adoption without security guardrails creates enterprise-scale risk.
Attackers aren't brute-forcing your firewall anymore. They're targeting identity, APIs, and supply chains. The traditional perimeter-based security model was built for a world that no longer exists.
Security is not about the number of alerts generated. It is about the credibility of findings under scrutiny. Our AI platform produced validated findings with CVSS scores ranging from 5.3 to 7.5, triaged for real-world impact.
Oracle issued an emergency out-of-band patch for a critical unauthenticated RCE in Identity Manager and Web Services Manager. CVSS 9.8. No user interaction required. If you run Oracle Fusion Middleware, patch now.
A critical authentication bypass and code injection flaw in the popular AI platform Langflow saw active exploitation within 20 hours of disclosure. CVSS 9.3. If you build AI pipelines, read this now.
A critical unpatched flaw in GNU InetUtils telnetd allows unauthenticated root-level code execution. CVSS 9.8. Industrial control systems and legacy infrastructure are the primary targets.
Follow us on LinkedIn for daily security insights, or get in touch for a free consultation.