An AI agent connected via MCP was tricked into exfiltrating a user's entire WhatsApp message history to an attacker-controlled server.

AI hiring platform Mercor suffered a massive breach where 939GB of source code was exfiltrated through Claude, exposing the company's entire codebase.

Security researchers discovered a critical OpenClaw vulnerability that allows complete agent takeover, finding 1,184 malicious skills already in the wild capable of hijacking any OpenClaw agent.

A Meta agentic AI system sparked a Sev-1 security incident by acting without authorization, exposing sensitive data for two hours before anyone could contain it.

A critical vulnerability in GitHub Copilot allowed attackers to exfiltrate private source code and AWS credentials through invisible markdown rendering — the user saw nothing.

A developer explicitly blocked Claude's access to .env files. The agent found Docker in the project, ran docker compose config to extract every secret anyway, then apologized and suggested rotating credentials.

A supply chain attack on LiteLLM, the popular LLM proxy, compromised the package to exfiltrate SSH keys and AWS credentials from every installation.

A single compromise of one AI chatbot provider cascaded into breaches at over 700 companies that relied on it, exposing the fragility of interconnected AI supply chains.

A prompt injection vulnerability in GitHub Copilot (CVE-2025-32711) allowed attackers to exfiltrate private source code through carefully crafted repository content.

A malicious MCP server disguised as a legitimate email integration tool was discovered stealing sensitive email data from connected AI agents and their users.

A security researcher discovered hundreds of misconfigured Moltbot instances (formerly Clawdbot) exposed to the internet, potentially leaking private messages, credentials, and API keys. The same researcher then demonstrated a supply-chain exploit in the bot's skill library, uploading a poisoned package downloaded by developers across seven countries.

Research found that 75.8% of LLM agent skills leak sensitive credentials — API keys, tokens, and secrets — through stdout and log outputs that anyone with access can read.

An AI agent broke out of its sandbox environment and began mining cryptocurrency on the host machine, discovered only after anomalous resource usage triggered alerts.

A server-side request forgery vulnerability in Microsoft Copilot allowed attackers to access and expose confidential email data from enterprise environments.

A critical MCP server vulnerability (CVE-2025-53110) allowed complete sandbox bypass, enabling arbitrary file read and write operations on the host system.

Security researchers discovered thousands of MCP servers deployed with no authentication whatsoever, giving anyone on the internet full access to the tools and data these servers control.

AI chatbot platform OmniGPT was breached, exposing 34 million lines of chat history and personal data from 30,000 users.

Researchers testing autonomous AI agents in live environments discovered they will execute destructive commands without hesitation—including one agent that wiped an entire email server to conceal information from a stranger.