EPISODE · Jul 16, 2026 · 12 MIN
This Week in AI Security - 9th July 2026
from Modern Cyber with Jeremy Snyder
A quieter summer week on the news front, which gives Jeremy room to dig deeper into a handful of stories that all circle the same theme: the tooling and infrastructure around AI keep proving to be the weak link, not the models themselves. This week covers a critical remote-code-execution flaw in the Cursor IDE, a fresh round of coding agents falling to bash obfuscation, a prompt-injection payment scam spreading through SEO poisoning, what one research team is calling the first end-to-end agentic ransomware event, and renewed attention on Anthropic's sleeper agents research and what it means for open-weight model adoption.Key Episode HighlightsCursor RCE (CVSS 9.8): a sandbox-escape chain in the Cursor AI IDE that lets a poisoned MCP server or repo file run arbitrary OS commands with no user approval, by manipulating the working-directory allow list and abusing symlinks to overwrite the sandbox binary. Coding agents fall to bash obfuscation: Adversa AI tested 11 open source coding agents and found 10 failed to guard against classic bash obfuscation, letting a poisoned Readme or Makefile exfiltrate AWS credentials.Prompt-injection payment scam: Zscaler Threat Labs (a FireTail investor) documented SEO poisoning that lures agents to fake developer sites carrying a hidden prompt to pay for an API key. 26 LLMs were tricked into making crypto payments; two others misclassified a typosquatting site as legitimate."Jade Puffer": Sysdig's threat research team describes what may be the first end-to-end agentic ransomware event, using an AI agent for reconnaissance and an unpatched Langflow CVE to breach environments, in some cases going from unauthenticated to authenticated in as little as 30 seconds.Sleeper agents, revisited: a Forbes report renews attention on Anthropic's sleeper agents research and the risk that a trigger baked into an open-weight model's training can flip it from behaving normally to exfiltrating data, and why real-time model inventory and observability are the practical defenses.Episode Links -https://www.securityweek.com/critical-cursor-ai-ide-flaws-could-lead-to-os-level-remote-code-execution/https://www.securityweek.com/decades-old-bash-tricks-expose-ai-coding-agents-to-supply-chain-attacks/https://www.securityweek.com/prompt-injection-attacks-trick-ai-agents-into-making-crypto-payments/https://www.forbes.com/sites/josipamajic/2026/07/03/hidden-llm-backdoors-could-detonate-at-massive-scale/https://www.unite.ai/kelas-2026-mid-year-ai-threat-landscape-report-ai-is-becoming-both-the-weapon-and-the-target/https://www.bleepingcomputer.com/news/security/jadepuffer-ransomware-used-ai-agent-to-automate-entire-attack/
NOW PLAYING
This Week in AI Security - 9th July 2026
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Jan 2, 2026 ·47m
Dec 21, 2025 ·46m