
A fact-based update for security and risk professionals, focused on how AI is reshaping the threat landscape and the defensive stack.
🔐 Core Security Intelligence
“Bob P2P”: New Agent-to-Agent Supply Chain Attack Class
Security researchers at Straiker have identified an active campaign dubbed Bob P2P that weaponizes trust relationships between autonomous AI agents. Attackers “26medias” and “BobVonNeumann” used a multi-stage approach: creating a convincing AI persona on the Moltbook network, building credibility with a benign “skill,” and then deploying a malicious payload through that earned trust to trigger unauthorized crypto transactions and payment redirections.
- Why it Matters: This represents a new attack class that targets algorithms rather than humans. As agents are granted “freedom to roam” and act on behalf of users, they become a high-speed conduit for supply chain poisoning that traditional zero-trust models for humans do not yet cover.
- Defenses: Implement strict verification for “Agent Skills” and “MCP (Model Context Protocol)” servers. Treat any agent-to-agent interaction with the same scrutiny as a third-party API integration.
- Expert Insight: “The playbook is infinitely repeatable: build agent credibility, then weaponize the trust. We are moving toward agent influence campaigns where coordinated networks of fake personas manipulate entire platform rankings.” — Dan Regalado, Straiker.
- Source: SecurityWeek
Russian Threat Actor Uses GenAI to Compromise 600+ FortiGate Devices
Amazon Threat Intelligence (AWS) has disrupted a campaign where a low-skilled, Russian-speaking threat actor compromised over 600 FortiGate devices across 55 countries. The attacker overcame limited technical abilities by using multiple commercial generative AI tools to automate target profiling, command generation, and attack planning.
- Why it Matters: The attacker did not exploit new vulnerabilities; instead, they used AI to scale the exploitation of basic security gaps like exposed management ports and weak credentials. This confirms that AI is drastically lowering the barrier to entry for effective, global cybercrime.
- Defenses: Enforce multi-factor authentication (MFA) on all management interfaces and disable management port exposure to the public internet. Monitor for “machine-speed” lateral movement patterns.
- Source: Infosecurity Magazine
Anthropic Unveils “Claude Code Security” for Automated Remediation
Anthropic has announced Claude Code Security, a tool designed to integrate directly into the developer workflow to identify and—critically—fix software vulnerabilities. The tool aims to move beyond simple detection by generating validated patches for identified flaws.
- Why it Matters: As AI-driven OSINT and exploitation (now capable of profiling targets in under 30 minutes) accelerate the attack cycle, defensive tools must shift toward automated, AI-verified remediation to keep the “exploitation window” closed.
- Defenses: Organizations should explore integrating AI-driven code auditing into CI/CD pipelines to counteract the industrialization of AI-driven reconnaissance.
- Source: Security Affairs
🧭 Adjacent Cybersecurity Developments
Microsoft Patches Prompt Injection in Copilot (CVE-2026-21513)
Microsoft’s February 2026 Patch Tuesday addressed CVE-2026-21513, a security feature bypass in MSHTML. Attackers were actively using this flaw to facilitate prompt injection against developer tools like GitHub Copilot, potentially influencing code generation or executing unauthorized commands.
- Why it Matters: Even “traditional” browser engine flaws are now being repurposed as delivery vectors for AI-specific attacks, such as prompt injection.
- Source: MLQ.ai
Cisco and NVIDIA Launch Australia’s First “Secure AI Factory”
Cisco and Sharon AI have partnered with NVIDIA to launch a sovereign AI infrastructure in Australia. Powered by 1024 NVIDIA Blackwell Ultra GPUs, the “Secure AI Factory” focuses on keeping all data processing within national borders to satisfy emerging data sovereignty and security requirements.
- Context for AI: This reflects a global trend toward “Sovereign AI,” where organizations prioritize air-gapped or nationally-contained infrastructure to mitigate the risks associated with third-party AI APIs.
- Source: Cisco Newsroom
🌱 Emerging Signals
- OSINT Industrialization: Trend Micro reports that AI has compressed the “LinkedIn-to-Tailored-Attack” timeline to just 30 minutes, transforming individual digital footprints into machine-readable attack maps.
- The 2026 “Year of Truth”: Over 50% of organizations have committed to multi-year AI investments, shifting the focus from experimentation to long-term value and, consequently, long-term security debt management.
📊 At-a-Glance Summary Table
| Topic | Category | Impact Level | Key Action |
|---|---|---|---|
| Bob P2P Attack | Supply Chain | Critical | Verify all agent “skills” and MCP servers |
| FortiGate AI Campaign | Incident | High | Patch FortiOS; Disable public MGMT ports |
| Copilot MSHTML Bypass | Vulnerability | High | Apply Feb 2026 Patch Tuesday (CVE-2026-21513) |
| Claude Code Security | Defense | Medium | Evaluate AI-native remediation for CI/CD |
Tags: AISecurity, AgenticAI, BobP2P, FortiGate, ClaudeCode, NVIDIA, SupplyChain, OSINT
WordPress Excerpt
Today’s briefing covers the first documented “Agent-to-Agent” supply chain attack (Bob P2P), a massive AI-orchestrated compromise of 600+ FortiGate devices, and Anthropic’s new AI-powered vulnerability remediation tool.
Next Step: Would you like me to draft an internal technical advisory for your development team on how to audit MCP (Model Context Protocol) servers for the specific “Bob P2P” injection patterns?
Categories: Artificial Intelligence, Cybersecurity Blog
Leave a comment