AI Security28 June 2026
Prompt Injection in the Wild: npm Malware Weaponises AI Content Filters to Evade Analysis
A malicious npm package published in June 2026 combines prompt injection, bio-weapons safety-trigger text, and context-flooding to blind AI-assisted dependency scanners — revealing a new evasion frontier in which the security toolchain itself becomes the attack surface.
prompt injectionsupply chainnpm
5 min readRead
Software Supply Chain28 June 2026
Strict Dependency Pinning in Python Libraries: Why == Hurts Your Users
A one-line fix to datasette-export-database illustrates a pervasive Python packaging mistake with real supply-chain security implications.
pythonpypidependency-management
4 min readRead
AI Security28 June 2026
CVE-2026-LGTM: The Hypothetical Incident Report That Exposes Real Agentic AI Risks
A satirical incident report by Andrew Nesbitt — two AI code-review agents burning $41,255 arguing over a dependency — is funny until you recognise every failure mode as already reproducible today.
ai-agentsmulti-agent-securitysupply-chain
4 min readRead