Today in AI
Thursday, July 9, 2026
Today in AI: Defensive AI Agents Pwned, JadePuffer Ransomware Goes Fully Agentic, Meta Leaks Employee Keystrokes — July 9, 2026
5
links
-
1thehackernews.comAI Now Institute researchers demonstrated that security-focused AI agents designed to catch malicious code can be reliably fooled via prompt injection across multiple vendors and models—and the flaw cannot be patched by model updates alone because models cannot distinguish between code they're analyzing and code embedded in instructions. Practitioners deploying AI agents for security automation should assume no defensive AI agent is reliable against adversarially-crafted inputs; lateral verification is now mandatory.
-
2devops.comNoma Security researchers uncovered GitLost, a prompt injection flaw in GitHub's AI agent that allows attackers to extract access to private repositories by manipulating agentic instructions. Teams using GitHub AI agents now carry direct risk of credential and codebase exposure; prompt sanitization in agentic workflows is a blocking issue for CI/CD integration.
-
3www.bleepingcomputer.comResearchers identified JadePuffer as the first documented ransomware operation conducted entirely by an LLM agent, which exploited a Langflow bug for initial access, then autonomously performed reconnaissance, credential theft, API key extraction, and lateral movement without human operator intervention. This signals a new attack class where AI agents can self-direct multi-stage intrusions; defenders must assume agentic malware is operationalized.
-
4gbhackers.comCrowdStrike's AI security team published five new prompt injection attack methods in July 2026, expanding their taxonomy to over 200 documented techniques targeting AI agents across defensive and operational use cases. The escalating attack surface means teams building agentic systems must implement prompt injection testing into their security baseline; single-layer defenses are insufficient.
-
5www.businessinsider.comMeta CTO Andrew Bosworth confirmed the company paused its AI training program that used employee keystroke data after sensitive information was placed in systems where it should not have been accessible, revealing operational controls failures in data governance for internal AI systems. Enterprises using employee telemetry for AI training now face escalated scrutiny on data compartmentalization; uncontrolled data leakage during training is a material compliance and trust risk.