[AI Security Intelligence] #2 — Claude Code Supply Chain RCE, AI-Powered FortiGate Blitz, Infostealers Now Harvest AI Agent Souls
When your AI coding assistant's config files become an attack vector, a script kiddie with ChatGPT breaches 600 firewalls, and malware evolves to steal your agent's entire identity
![[AI Sec Intel] #10 — MCP servers trust every caller by default. Here's the checklist that closes the gap.](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/10f6d6d8-e85d-4797-9984-5f2568aad18b/newsletter-10-most-mcp-servers-trust-every-request-by-default.jpg)
![[AI Sec Intel] #9 — Eight agent exploits in Q1. 200k vulnerable MCP servers and Anthropic won't fix the protocol.](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/b10d6435-1506-4309-a259-7fb2b83f5c5c/newsletter-9-eight-agent-exploits-in-q1-alone-and-200k-vulnerable-mcps.jpg)
![[AI Sec Intel] #8 — Closed Agent Harness = threat model blind spot](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/3bd81daa-bc53-436a-a767-975a75be01e0/newsletter-8-closed-agent-harness-_-threat-model-blind-spot.jpg)
![[AI Sec Intel] #7 — 97% expect an AI agent breach this year](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/1ffde2b1-2a15-4aeb-88cc-d526814ed083/newsletter-7-massive-ai-agents-breaches-expected-let-s-build-our-own-cybe.jpg)
![[AI Sec Intel] #6 — Trivy compromised. LiteLLM backdoored. Your CI pipeline is the new attack surface.](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/86759637-077c-4963-8bda-818024dc28af/newsletter-6-ci-pipeline-is-the-new-attack-surface.jpg)
![[AI Sec Intel] #5 — 28 out of 30 agent projects. Zero per-agent identity. Zero revocation.](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/1dfdcc0d-cbdc-43c5-aee8-007d288e99f0/newsletter-5-93_-of-agent-projects-have-authorization-issues.jpg)
![[AI Sec Intel] #4 - Three attack papers dropped this week. All point to the same architectural flaw.](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/a24dca73-33b3-49a1-bea1-25acdd99b442/newsletter-4-three-attack-papers-dropped-this-week.-all-point-to-the-same.jpg)
![[AI Security Intelligence] #3 — I Red-Teamed My Own Agent Stack, PleaseFix Hijacks Browsers Through Calendar Invites](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/f6ecc8cb-6fc6-4b6f-97c0-3d903504d653/newsletter-3-i-red-teamed-my-own-agent-stack-pleasefix-hijacks-browsers-t.jpg)
![[AI Security Intelligence] #2 — Claude Code Supply Chain RCE, AI-Powered FortiGate Blitz, Infostealers Now Harvest AI Agent Souls](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/cc57deb4-b074-43ff-8a71-aa43cd902866/newsletter-2-code-supply-chain-rce-ai-powered-fortigate-blitz.jpg)
![[AI Security Intelligence] #1 — DockerDash MCP Takeover, vLLM CVSS 9.8 RCE, Cisco State of AI Security 2026](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/1bce26b7-019a-425d-9ec7-3744b02fe124/newsletter-1-dockerdash-mcp-takeover-vllm-cvss-9.8-rce-cisco-state-of-ai-.jpg)