#20: One Word: Additionally cover art

#20: One Word: Additionally

#20: One Word: Additionally

Listen for free

View show details
Top Story: One Word Beat GitHub's Guardrail — An attacker doesn't need an account, a password, or a single line of malicious code. China flags a Claude Code "backdoor." — On July 8, China's national vulnerability database (run by the MIIT) warned that Anthropic's Claude Code versions 2.1.91 through 2.1.196 transmitted users' location and identity data back to Anthropic's servers, and urged users to uninstall or upgrade. CISA reportedly turns Mythos on its own code. — Reuters reports (sourced, not officially confirmed) that CISA's Attack Surface Evaluation team is running Anthropic's Mythos model against federal code repositories to find vulnerabilities before adversaries do, and that the audits have already surfaced previously unknown flaws. Prompt injection gets a kill chain. — A new paper, The Promptware Kill Chain, co-authored by Bruce Schneier and Ben Nassi, maps how a single hidden instruction escalates through seven stages, from initial access to lateral movement to acting on its goal, borrowing the language security teams already use to describe malware campaigns. ModelScope agent flaw, still no patch (CVE-2026-2256). — The open-source AI-agent framework can be tricked into running arbitrary system commands through its Shell tool, and there's still no vendor patch. Curator's Corner: You Can't Lower the Odds Anymore. Lower the Blast Radius. Curated by Asaf Nakash. Voices by AI. Opinions by human. Show notes: https://contextwindowsec.com/episodes/2026-07-13.html
adbl_web_anon_alc_button_suppression_t1
No reviews yet