
In this episode, Jeremy explores the fallout of the first US government-mandated global model kill switch, an unprecedented action taken against Anthropic's new Fable model. We also examine CISA's radical new 3-day vulnerability remediation timeline and how autonomous threats are now weaponizing application monitoring software.
Key Episode Highlights:
- The Global Kill Switch: Just five days after launch, the US Department of Commerce invoked a sweeping export control directive against Anthropic's Claude Fable model after an Amazon-discovered jailbreak was flagged to national security officials. This action triggered a total global deactivation, limiting access exclusively to US citizens.The "Lethal Trifecta" of Agent Hijacking: Toxic researchers define the critical conditions where AI agents become highly weaponizable: concurrent access to sensitive data, exposure to untrusted external content, and the ability to execute outbound actions.Sentry "Agentjacking": Attackers are injecting malicious Markdown into standard Sentry error logs to bypass WAF and EDR tools, silently hijacking the AI agents developers deploy to automatically triage and fix code errors.CISA BOD 2026-04: As the "Vulnpocalypse" pushes the projected 2026 vulnerability count to 66,000, CISA has issued an emergency Binding Operational Directive that slashes the required patching timeline for critical software flaws down to a blistering 3 days.Hugging Face Framework RCE: A newly disclosed critical vulnerability (CVE-2026-4372) proves that a single polluted line in a Hugging Face configuration file can grant full Remote Code Execution on enterprise inference servers.The Shai-Hulud Miasma: A sophisticated 4.6MB payload is now exploiting static code analysis within AI development pipelines. The worm intentionally embeds instructions regarding heavily restricted topics (e.g., bomb-making) into error logs to intentionally trigger LLM safety halts, effectively blinding AI security monitoring tools.
Episode Links
https://unit42.paloaltonetworks.com/hijacking-vertex-ai-model/
https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html
https://blog.securityjoes.com/post/shai-hulud-miasma-when-a-supply-chain-worm-learned-to-hijack-ai-coding-agents
https://thehackernews.com/2026/06/litellm-vulnerability-chain-lets-low.html
https://thehackernews.com/2026/06/144-mastra-npm-packages-compromised-via.html
https://www.brinztech.com/breach-alerts/brinztech-ai-infrastructure-alert-authentication-evasion-broken-access-controls-and-automated-agent-manipulation-the-in-the-wild-scanning-exploitation-loop-of-praisonai-cve-2026-44338
https://www.toxsec.com/p/agentic-ai-attacks-explained-lethal-trifecta
https://cyberscoop.com/cisa-vulnerability-remediation-directive-bod-26-04/
https://www.helpnetsecurity.com/2026/06/15/first-2026-cve-forecast/
https://pluto.security/blog/unauthenticated-remote-code-execution-in-huggingface-transformers-via-config-injection/
https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html
https://thehackernews.com/2026/06/malicious-jetbrains-plugins-steal-ai.html