ASR AI Security Radar
Recent Incidents Get Access
Back to homepage

Recent AI Security Incidents

Curated incidents with impact and remediation notes.

AI security incident: CVE-2026-26268 (NVD)

Incident date: February 13, 2026 | Published: February 14, 2026

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time they are triggered. No user interaction was required as Git executes these commands automatically. Fixed in version 2.5.

Read details

AiFrame campaign: malicious AI browser extensions

Incident date: February 12, 2026 | Published: February 12, 2026

LayerX disclosed a coordinated campaign of AI-themed Chrome extensions that stole credentials, email content, and browsing information at scale.

Read details

AI security incident: CVE-2025-32393 (NVD)

Incident date: February 5, 2026 | Published: February 14, 2026

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.32, there is a DoS vulnerability in ReadRSSFeedBlock. In RSSBlock, feedparser.parser is called to obtain the XML file according to the URL input by the user, parse the XML, and finally obtain the parsed result. However, during the parsing process, there is no limit on the parsing time and the resources that can be allocated for parsing. When a malicious user lets RSSBlock parse a carefully constructed, deep XML, it will cause memory resources to be exhausted, eventually causing DoS. This issue has been patched in autogpt-platform-beta-v0.6.32.

Read details

Google Gemini calendar invite prompt-injection bypass

Incident date: January 19, 2026 | Published: January 14, 2026

Miggo researchers showed that a crafted calendar invite description could trigger Gemini to summarize private meetings and write them into attacker-visible events.

Read details

Microsoft Copilot Reprompt single-click exfiltration

Incident date: January 14, 2026 | Published: January 14, 2026

Varonis Threat Labs disclosed Reprompt, a single-click chain that used Copilot URL prompt parameters and follow-up request techniques for stealthy data exfiltration.

Read details