AI Weakly #01 — The perimeter is lying to you
AI Weakly is the weekly newsletter for those who make decisions on AI and security without time to waste. Every Tuesday: the facts that matter without the noise.
Issue #1
Top Story —
The positive story of the week. AI finding 14x more bugs in production code is the flip side of AI being used to find and exploit vulnerabilities in enterprise software. The attackers already have these tools — defenders need to catch up.
Weekly Digest —
01 — PAN-OS RCE (CVE-2026-0300) — root access, active exploitation
🔴 Critical patch
Palo Alto's User-ID Authentication Portal has a CVSS 9.3 unauthenticated RCE that threat actors have been exploiting since April. If the portal is internet-exposed, you're already a target. Patch first, audit exposure second.
Editor's note: This one stings because PAN-OS is the perimeter. An unauthenticated RCE on the device you trust to keep attackers out is about as bad as it gets. Also check: are your User-ID portals exposed? Many orgs don't know.
02 — Ivanti EPMM zero-day — CISA says patch in 4 days
🔴 Critical patch
CISA issued an emergency directive for federal agencies on a critical Ivanti Endpoint Manager Mobile zero-day actively being exploited against government networks. Mobile MDM infrastructure is quietly becoming a top attack vector.
Editor's note: Ivanti is having a really rough year. If your org runs EPMM, the 4-day federal deadline is a reasonable private-sector benchmark too — don't wait for the next quarterly patch cycle.
03 — TrustFall — malicious repos trigger code execution in AI coding tools
🟣 AI security
A vulnerability called TrustFall affects Claude Code, Cursor CLI, Gemini CLI, and GitHub Copilot CLI: clone a malicious repo and the AI tool executes attacker-controlled code with minimal user interaction. All four vendors have been notified.
Editor's note: AI coding assistants are now part of your attack surface. Developers clone repos constantly — this is a realistic, low-friction attack. Your security policy needs to address AI tool usage in the dev pipeline, not just in production.
04 — "Bleeding Llama" — Ollama CVE-2026-7482 leaks process memory to the internet
🟣 AI infrastructure
A CVSS 9.1 out-of-bounds read in Ollama lets unauthenticated remote attackers dump process memory — model weights, API keys, whatever's loaded. Researchers estimate 300,000+ exposed instances globally.
Editor's note: If you're running Ollama locally for testing, fine. If it's on a server with any network exposure, this is a fire drill. The "300k exposed instances" number is horrifying — most are probably homelab setups, but enterprise AI teams need to audit too.
05 — Mozilla used Claude Mythos to find 423 Firefox vulns in one month
🟢 Research
Mozilla's typical monthly rate is 20-30 vulnerabilities. In April, using Claude Mythos preview for AI-assisted testing, they found 423 — real bugs, not false positives. Some were years old. This is what AI-assisted security research looks like at maturity.
Editor's note: The positive story of the week. AI finding 14x more bugs in production code is the flip side of AI being used to find and exploit vulnerabilities in enterprise software. The attackers already have these tools — defenders need to catch up.