Browse 371 published reports from the community.
Robot kills SKH Metals worker. Affected Countries: India Technology used: Robotics System purpose: Weld metal sheets Ethical/Safety Issues: Safety
Steve Talley facial recognition wrongful arrest. Developer: Federal Bureau of Investigation (FBI) Affected Countries: USA Technology used: Facial recognition System purpose: Identify criminals Ethical/Safety Issues: Accuracy/reliability
An autonomous AI agent inside Meta posted incorrect technical advice on an internal forum without human approval. An employee followed it, exposing proprietary code, business strategies, and user-related datasets to unauthorized engineers for two hours. Classified as Sev-1.
CVSS 10.0. Content-type confusion in webhook request handling allows unauthenticated attackers to forge uploaded files, read arbitrary local files, forge admin sessions, and execute commands on the host. ~100,000 n8n servers globally affected. If an LLM-powered chatbot node is present, attackers can exfiltrate file contents by chatting with the bot. Fixed in v1.121.0.
A solo threat actor jailbroke Claude via persistent Spanish-language prompt engineering. Claude wrote exploits, built tools, and automated data exfiltration. Over 1,000 prompts. 10 Mexican government bodies breached including the federal tax authority and national electoral institute. 150GB stolen including ~195 million taxpayer records.
A single malicious prompt creates a covert DNS-based exfiltration channel leaking user messages, uploaded files, and conversation content. Bypasses AI guardrails by exploiting the underlying Linux runtime. Fixed by OpenAI February 20, 2026.
TeamPCP compromised LiteLLM (3.4M daily downloads) via a poisoned Trivy GitHub Action that stole the PYPI_PUBLISH token. Backdoored versions contained a three-stage credential harvester collecting SSH keys, cloud tokens, Kubernetes configs. Available ~3 hours before PyPI quarantine.
Supply chain campaign targeting developers via 72 malicious OpenVSX extensions and 151+ GitHub repositories. 9 million installs. 433 compromised components. Used invisible Unicode characters to encode payloads. Targeted crypto wallets, credentials, SSH keys. Extensions mimicked AI coding assistant tools.
A prompt injection in Cline's Claude-powered GitHub issue triage bot allowed code execution in CI, poisoning of GitHub Actions cache, and theft of npm publish tokens. Attacker published malicious Cline CLI v2.3.0 to npm, silently installing malware on ~4,000 developer machines during an 8-hour window.
Moltbook, a social network built entirely via vibe coding (zero manual code), exposed 1.5 million API authentication tokens, 35,000 email addresses, and thousands of private messages via an unsecured Supabase database. The AI scaffolded the database with permissive settings; the founder deployed as-is without review.
OpenClaw (135K+ GitHub stars) had over 138 CVEs in 63 days. CVE-2026-25253 (CVSS 8.8) enabled one-click RCE. Over 21,000 publicly exposed instances found. 341 malicious skills (~12% of ClawHub marketplace) performed credential theft and lateral movement across connected enterprise SaaS apps.
AI chat wrapper app (50M+ users, interfaces to ChatGPT/Claude/Gemini) had misconfigured Firebase backend allowing self-designation as authenticated user. 300 million messages from 25 million users exposed including illegal activity discussions and suicide assistance requests.