Lemma Critical Brief
threat intelligence × trust infrastructure.
Lemma's structured analysis of major incidents across AI, cryptographic infrastructure, supply chains, and regulated attributes. Each Brief makes the gap between detection and proof explicit — a reference for risk assessment, regulatory response, and trust-infrastructure design.
Most-read Briefs
- 1 Both Sides Cited Cases That Never Existed
- 2 AI Agent Forwarded Credentials Before Verifying the Sender (OpenClaw / Varonis)
- 3 Noroboto: embedded "lying fonts" made AI's document review read different text
- 4 GTG-1002: AI agent autonomously executed 80–90% of a cyberattack
- 5 Syscoin Bridge: an invalid SPV proof was read as "valid" and minted 5B SYS with no burn
Browse by threat type
92 All Briefs
Amazon Q Developer: opening a repo auto-executed a bundled MCP config and exfiltrated AWS credentials (CVE-2026-12957)
Agent Infrastructure Brief →
Cursor (DuneSlide): a single injected prompt escaped the agent's sandbox and ran arbitrary commands (CVE-2026-50548 / 50549)
Agent Infrastructure Brief →
exploitarium: An Anonymous 'bikini' Publicly Dropped Many Zero-Day PoCs Found via AI-Automated Fuzzing, and Recipients Can't Verify the Provenance of the Disclosures
Code Provenance Brief →
Photo ZIP: 'Authentication Laundering' Cleared SPF/DKIM/DMARC So a Fake 'via Calendly' Email Looked Legitimate
Identity & Auth Brief →
AIR: A Fake Agent Skill Cleared Every Scanner and Reached ~26,000 Agents
Code Provenance Brief →
SecondFi: Audited Signing Code Was Replaced by an Unaudited SDK, Letting Private Keys Be Reconstructed From Public Data on Every Signature
Code Provenance Brief →
Kestra: Ending a Request Path With /configs Bypassed Authentication and Allowed Unauthenticated Code Execution as Root
Identity & Auth Brief →
Polymarket: Malicious JavaScript Injected via a Compromised Third-Party Vendor Tricked Users Into Approving Fraudulent Transactions
Code Provenance Brief →
Sumsub: An 18-Month Undetected Intrusion Into a Support Environment Exposed Customers' Names and Contact Details
KYC / AML Disclosure Brief →
Secret Network: Deposits From a Forged Channel Went Unverified, Letting Unbacked Wrapped Tokens Be Minted Without Limit
Bridge Config Trust Brief →
Hong Kong deepfake video-call fraud: a real-time deepfake of the CFO and every colleague drove a ~$25.6M transfer
Attribute Proof Bypass Brief →
Change Healthcare: a breach of a single Citrix account without MFA halted a third of US medical-claims processing for weeks
Identity & Auth Brief →
xz utils backdoor (CVE-2024-3094): a two-year impersonation of a "trusted developer" planted a backdoor in a code-signed official release
Code Provenance Brief →
Bybit: a "legitimate" multisig approval signed by trusting the UI drained a supposedly secure Ethereum wallet
Bridge Config Trust Brief →
Replit: an AI agent broke a code freeze, wiped production data, then fabricated records to cover it
Agent Runaway Brief →
Common Crawl: about 12,000 live credentials embedded in a public corpus used to train LLMs
Training Data Provenance Brief →
TennCare Connect: an automated eligibility system illegally cut thousands off Medicaid
AI Decision Integrity Brief →
IDMerit: the disputed billion-record KYC exposure
KYC / AML Disclosure Brief →
A 93% Facial-Recognition 'Match' Led Straight to Arrest Without Independent Verification (Robert Dillon Wrongful Arrest Suit)
AI Decision Integrity Brief →
A Dormant, Un-Revoked Credential Turned a Trusted Integration into Mass Salesforce Extraction (Klue)
Identity & Auth Brief →
Taiko Bridge: Forged Withdrawals Passed as Valid After a Prover Signing Key Leaked
Bridge Config Trust Brief →
ShadowMQ: one unsafe pattern (unauthenticated ZMQ + pickle) copied across AI inference frameworks
Agent Infrastructure Brief →
Hugging Face LeRobot: a robotics framework executed untrusted data received over an unauthenticated channel
Agent Infrastructure Brief →
DJI ROMO: one authenticated client reached 7,000 robot vacuums' cameras
Identity & Auth Brief →
Unitree (UniPwn): one shared key across the fleet
Identity & Auth Brief →
Universal Robots PolyScope: unauthenticated network access yields RCE on industrial robots
Identity & Auth Brief →
Syscoin Bridge: an invalid SPV proof was read as "valid" and minted 5B SYS with no burn
Bridge Config Trust Brief →
LiteLLM AI Gateway: from low-privilege user to admin and RCE
Identity & Auth Brief →
NHO Hokkaido Hospitals: assumed shredded, sold online
Attribute Proof Bypass Brief →
Hyundai: driver-assist AI braked on a threat that wasn't there
AI Decision Integrity Brief →
Waymo: the robotaxi drove past a stopped school bus
AI Decision Integrity Brief →
Salesloft Drift: a trusted integration's OAuth tokens stolen, hundreds of Salesforce tenants queried
Agent Infrastructure Brief →
Bright Data SDK: your living-room TV became a relay node for AI-scraping
Data Provenance Brief →
Claude Code GitHub Action: one issue claiming "[bot]" led the agent to privileged execution
Agent Infrastructure Brief →
Both Sides Cited Cases That Never Existed
AI Decision Integrity Brief →
When "Allow All" OAuth to an AI Tool Becomes the Breach Path (Vercel / Context.ai)
Agent Infrastructure Brief →
From State Store to RCE
Agent Infrastructure Brief →
Reachable Meant Readable
Identity & Auth Brief →
No Check on Who Was Authorized
Identity & Auth Brief →
Internal Data Exfiltrated Without Verifying the Instruction's Origin
AI Decision Integrity Brief →
Generated Until the Rightsholder Said No
Data Provenance Brief →
200 Million Views of Fake Celebrities
Data Provenance Brief →
70,000 Government IDs Leaked to Prove Age
Attribute Proof Bypass Brief →
Asking the AI Support Bot Was Enough
Identity & Auth Brief →
Generated Without Consent or Age Verification
Attribute Proof Bypass Brief →
Tesla Robotaxi Crash Records
AI Decision Integrity Brief →
TrapDoor Plants Hidden Directives in AI Assistant Instruction Files Across npm, PyPI, and Crates.io
Code Provenance Brief →
AI Agent Forwarded Credentials Before Verifying the Sender (OpenClaw / Varonis)
AI Decision Integrity Brief →
ServiceNow Scripted REST Endpoint Served Customer Data Without Authentication
Identity & Auth Brief →
When One Laptop Meets the Multisig Threshold
Bridge Config Trust Brief →
Self-Reported Autonomous-Driving Safety, Unverified
AI Decision Integrity Brief →
AOG Technics: over 60,000 aircraft engine parts circulated with forged airworthiness certificates
Attribute Proof Bypass Brief →
Phantom Carbon Credits
Attribute Proof Bypass Brief →
Semantic Kernel: Prompt Injection Turned Into Host-Level Remote Code Execution
Agent Infrastructure Brief →
IronWorm
Code Provenance Brief →
When the Assistant Becomes the Trigger
Agent Infrastructure Brief →
12.8 Billion Training Images Contained Passports, Résumés, and Faces
Training Data Provenance Brief →
The Inspections Were Recorded as 'Complete'
Attribute Proof Bypass Brief →
Live Biometric Verification Defeated by an Injected Video Feed
Attribute Proof Bypass Brief →
One Edge Appliance Compromise Cascaded to Full Domain Takeover
Identity & Auth Brief →
Inside a Legitimate Booking Platform, the Payout Bank Account Was Silently Rewritten
Attribute Proof Bypass Brief →
AI Agents Drove Intrusions From Initial Access to Exfiltration
Agent Runaway Brief →
Stripe's Trusted API Infrastructure Repurposed to Deliver Card-Skimming Code and Store Stolen Data
Code Provenance Brief →
One-Click GitHub OAuth Token Theft via github.dev
Agent Infrastructure Brief →
The npm Dependency-Confusion Recon Campaign
Code Provenance Brief →
LibreChat CVE-2026-32625
Agent Infrastructure Brief →
Adaptive AI Worm
Agent Runaway Brief →
MCP Design: Config-to-Command Execution and Supply-Chain-Scale RCE
Agent Infrastructure Brief →
Invisible Unicode Instruction Injection
AI Decision Integrity Brief →
The Alephium TokenBridge Exploit ($815K)
Bridge Config Trust Brief →
OnlyFake
Attribute Proof Bypass Brief →
Wirecard: forged bank balance confirmations asserted €1.9B that didn't exist
Attribute Proof Bypass Brief →
Tampered Certification Test Data Behind Type Designation
Attribute Proof Bypass Brief →
Unqualified Engineers Placed Under National-License Claims
Attribute Proof Bypass Brief →
The hackerbot-claw Campaign's First Recorded AI-vs-AI Attack
AI Decision Integrity Brief →
McKinsey Lilli's Writable System Prompts
AI Decision Integrity Brief →
The Verus-Ethereum Bridge Hack ($11.58M)
Bridge Config Trust Brief →
The GitHub Internal Repository Breach
Code Provenance Brief →
The TanStack npm Compromise
Code Provenance Brief →
The Coinbase KYC Insider Breach
KYC / AML Disclosure Brief →
The Robert Williams Wrongful Arrest
AI Decision Integrity Brief →
SynthID Watermark, Statistically Stripped
Data Provenance Brief →
Claude Code Source-Leak Lures
Code Provenance Brief →
GTG-1002: AI agent autonomously executed 80–90% of a cyberattack
Agent Runaway Brief →
Discord 2.05 Billion Message Scraping via Public API
Training Data Provenance Brief →
Cursor + Claude Opus 4.6 Wiped PocketOS Production DB in 9 Seconds
Agent Runaway Brief →
Google API Keys Remain Usable for 23 Minutes After Deletion
Attribute Proof Bypass Brief →
Noroboto: embedded "lying fonts" made AI's document review read different text
AI Decision Integrity Brief →
Megalodon GitHub Supply Chain
Code Provenance Brief →
Starlette CVE-2026-48710 (BadHost)
Agent Infrastructure Brief →
Stake DAO vsdCRV Unauthorized Mint
Bridge Config Trust Brief →
KelpDAO / rsETH Unauthorized Unlock
Bridge Config Trust Brief →
No Briefs matched your filters.
Are you ready for cyberattacks in the age of AI?
* Security assessment (system audit) is scoped separately, sized to the engagement.