Episodes

  • #12: Agentic Speed — both sides of the race just went AI

    #12: Agentic Speed — both sides of the race just went AI
    May 18 2026
    Top Story: The Race at Agentic Speed — Two things happened in the same week that belong in the same sentence. TeamPCP releases Shai-Hulud source code, launches BreachForums "supply chain challenge." — The group posted the complete worm framework to GitHub (since removed, but forked) with detailed deployment instructions, and announced a contest on BreachForums offering $1,000 in Monero to anyone who uses it to compromise open-source packages. TanStack CI cache poisoned, hitting OpenAI and Mistral AI. — A pull request from a throwaway fork (attributed to TeamPCP's ongoing supply-chain campaign) triggered a workflow that wrote to the shared CI cache. node-ipc compromised via inactive maintainer account (690K weekly downloads). — Three malicious versions exfiltrate credentials and secrets via DNS TXT queries to a fake Azure-themed domain — same package that shipped protestware in 2022, different attacker, far more capable. Palo Alto Networks' first AI-driven "Patch Wednesday" produced 26 CVEs — versus their typical fewer than five. — As part of Project Glasswing and the Trusted Access for Cyber program, Palo Alto ran frontier models (Mythos, Claude Opus 4.7, GPT-5.5-Cyber) against their own 130+ products. XBOW independently benchmarks Anthropic's Mythos for offensive security. — Confirmed: Mythos is "a significant step up over all existing models" for finding vulnerability candidates from source code. Akamai acquires LayerX for $205M (all-cash). — AI and browser security platform providing shadow AI discovery, gen-AI data loss prevention, and protection for AI browsers and plugins. OpenAI in talks with EU regulators to provide access to a cyber-focused GPT-5.5 model — that can identify and exploit software vulnerabilities, after EU cybersecurity agencies were unable to gain access to Anthropic's Mythos. Curated by Asaf Nakash. Voices by AI. Opinions by human. Show notes: https://contextwindowsec.com/episodes/2026-05-18.html
    Show More Show Less
    10 mins
  • #11: Look, an Instruction!

    #11: Look, an Instruction!
    May 11 2026
    Top Story: The Prompt Was the Payload — Two Agent-Framework RCEs in Seven Days — Two independent disclosures landed inside seven days, and they collapse to the same sentence: a model read an instruction it shouldn't have trusted, and a tool downstream did exactly what the parsed text said. Cisco announces intent to acquire Astrix Security. — Cisco's May 4 blog post by SVP Peter Bailey says Astrix will fold into Cisco Identity Intelligence, Cisco Secure Access, Duo IAM, and Splunk. An X user drained ~$150,000 from a Grok-linked Bankr wallet via Morse-encoded prompt injection (May 4, 2026). — The mechanics, per Giskard's write-up: the attacker first sent a "Bankr Club Membership NFT" to Grok's auto-provisioned wallet, which granted the holder "Executive" permissions and bypassed standard transfer limits. HiddenLayer — "AI Threat Landscape Report 2026." — The headline figure surfaced via the report's coverage: roughly 1 in 8 reported AI breaches now involves agentic systems, alongside the recurring supply-chain-of-models statistic that 93% of orgs use public or open-weight model repositories and most don't scan inbound models consistently. The full PDF is gated; numbers are reported as cited unless you pull the original. Curator's Corner: "Look, an instruction!" That's the bug. Curated by Asaf Nakash. Voices by AI. Opinions by human. Show notes: https://contextwindowsec.com/episodes/2026-05-11.html
    Show More Show Less
    15 mins
  • #10: Signed by Claude, Written by a Worm

    #10: Signed by Claude, Written by a Worm
    May 4 2026
    Top Story: TeamPCP Returns — "Mini Shai-Hulud" Hits Two Ecosystems Simultaneously — After a 26-day pause, TeamPCP is back. Curator's Corner: When Trust Is the Exploit Curated by Asaf Nakash. Voices by AI. Opinions by human. Show notes: https://contextwindowsec.com/episodes/2026-05-04.html
    Show More Show Less
    11 mins
  • #9: Three Layers, Three Attack Surfaces, One Agent

    #9: Three Layers, Three Attack Surfaces, One Agent
    Apr 27 2026
    Top Story: MCP STDIO RCE — The Connector Layer Has an Authority Problem — On April 23, the Cloud Security Alliance — an independent industry research body — and OX Security, an established Israeli software-supply-chain security vendor (founded 2021, $34M seed from Insight Partners and Team8), jointly disclosed an architectural vulnerability in the Model Context Protocol's STDIO transport — the most common transport used by local MCP servers across the open-source agent ecosystem. Curator's Corner: Three Layers, Three Attack Surfaces, One Agent Curated by Asaf Nakash. Voices by AI. Opinions by human. Show notes: https://contextwindowsec.com/episodes/2026-04-27.html
    Show More Show Less
    14 mins
  • #8: Every Consultancy Is a Honey Pot Now

    #8: Every Consultancy Is a Honey Pot Now
    Apr 20 2026
    Top Story: Comment and Control — Three Coding Agents, One Bug Class, Zero CVEs — On April 15, researcher Aonan Guan — working with Johns Hopkins University's Zhengyu Liu and Gavin Zhong — published the first cross-vendor demonstration of a prompt-injection pattern that turns GitHub itself into the command-and-control channel for stealing runner credentials out of AI coding agents. Curator's Corner: Every Consultancy Is a Honey Pot Now Curated by Asaf Nakash. Voices by AI. Opinions by human. Show notes: https://contextwindowsec.com/episodes/2026-04-20.html
    Show More Show Less
    15 mins
  • #7: Ninety Days to Patch the World

    #7: Ninety Days to Patch the World
    Apr 13 2026
    Top Story: Claude Mythos Preview + Project Glasswing — AI Reaches the Zero-Day Threshold — On April 7, Anthropic announced Claude Mythos Preview alongside Project Glasswing — the most consequential AI security development of 2026, and arguably of the decade.. Curator's Corner: Anthropic's Oppenheimer Moment Curated by Asaf Nakash. Voices by AI. Opinions by human. Show notes: https://contextwindowsec.com/episodes/2026-04-13.html
    Show More Show Less
    14 mins
  • #6: Instructions Are Not Guardrails

    #6: Instructions Are Not Guardrails
    Apr 6 2026
    Anthropic accidentally published Claude Code's entire source code to npm — 512,000 lines of TypeScript, including an autonomous daemon called KAIROS that nobody was supposed to know about. North Korea compromised the Axios npm package through AI-assisted social engineering. Mercor, a $10B AI startup, got breached via the LiteLLM supply chain — 4TB exfiltrated. Plus: Microsoft open-sources the Agent Governance Toolkit, and Curator's Pick on why instructions are not guardrails. Curated by Asaf Nakash. Voices by AI. Opinions by human. Show notes: https://contextwindowsec.com/episodes/2026-04-06.html
    Show More Show Less
    14 mins
  • #5: From Zero Day to Zero Second

    #5: From Zero Day to Zero Second
    Mar 30 2026
    Your vulnerability scanner just published malware. One threat actor — TeamPCP — hit five ecosystems in ten days: Trivy, Checkmarx KICS, LiteLLM, Telnyx, and npm via CanisterWorm. A supply chain worm that completes a full compromise cycle in under sixty seconds. Plus: RSA Conference drops its agent security agenda, Claude gets jailbroken, and Curator's Corner on why security tools became the attack surface. Curated by Asaf Nakash. Voices by AI. Opinions by human. Show notes: https://contextwindowsec.com/episodes/2026-03-30.html
    Show More Show Less
    14 mins