AI

LiteLLM PyPI Supply Chain Attack - Mercor AI Breach (TeamPCP / Lapsus$)

Fri, 27 Mar 2026 00:00:00 +0000

On March 27, 2026, TeamPCP (a threat group also linked to the European Commission cloud breach) compromised PyPI publishing credentials for LiteLLM, a widely used open-source library for calling AI/LLM APIs. Malicious versions were published to PyPI, enabling downstream compromise of users. Mercor (a $10B AI data training startup) was a confirmed victim: attackers exfiltrated approximately 4 TB of data including 939 GB of platform source code, a 211 GB user database, and 3 TB of storage (video interviews and identity verification passport data for candidates). Lapsus$ subsequently claimed responsibility and auctioned data on dark web forums. Meta indefinitely paused work with Mercor. Five contractors filed lawsuits. TeamPCP is also attributed to the March 2026 European Commission AWS breach via the Trivy tool compromise.

LiteLLM Cascading Supply Chain Attack — TeamPCP Trivy Credentials Used

Thu, 26 Mar 2026 00:00:00 +0000

The LiteLLM PyPI supply chain attack by TeamPCP involved a cascading attack chain: TeamPCP first compromised the Trivy security scanner’s GitHub Actions CI/CD pipeline (March 19, 2026), used stolen credentials to access LiteLLM’s PyPI publishing infrastructure, and pushed malicious versions of LiteLLM on March 27, 2026. LiteLLM is a widely used Python library for calling LLM APIs (OpenAI, Anthropic, etc.) used in AI application development. Downstream victim Mercor (AI data training startup) suffered a major breach via the LiteLLM compromise. This ‘supply chain of supply chains’ attack — one compromise enabling access to another trusted package — is documented separately in the LiteLLM/Mercor/TeamPCP records.

"Moonwell hit by $1.78M exploit as AI vibe coding debate reaches DeFi"

Sun, 15 Feb 2026 00:00:00 +0000

After an oracle misconfiguration, the Moonwell defi lending protocol accumulated $1.78 million in bad debt. When the protocol showed that cbETH was priced at just over a dollar, rather than its actual market price of around $2,200, bots and humans alike rushed to take advantage of the mispricing. The error cascaded into liquidations across the platform.This is the second time Moonwell has suffered a loss thanks to an oracle misconfiguration. In November 2025, the platform was left with almost $3.7 million in bad debt after a different asset was mispriced.Although the vulnerable pull requests were at least partially developed by an AI tool, the security auditor who initially attributed the vulnerability to Claude Opus 4.6 later softened his criticism, noting that even senior developers could have made the same mistake. He did, however, criticize the project for a lack of sufficiently rigorous testing that should have caught the issue.

Total loss estimated at $1,780,000.

TechCrunch

Wed, 26 Nov 2025 00:00:00 +0000

Hackers breached Mixpanel, a third-party analytics vendor used by OpenAI to track user behavior on its API platform, on November 26, 2025. The breach exposed data belonging to OpenAI API platform business customers including names, email addresses, geographic locations, and technical details about customer systems. Standard ChatGPT consumer app users were not affected. No chat content, API keys, passwords, credentials, payment details, or government IDs were compromised. OpenAI confirmed the incident was at the vendor level, not within OpenAI’s own systems. The incident highlighted that AI platform providers — holding sensitive data on enterprises integrating AI into products — are attractive targets for attackers seeking business intelligence.

OpenAI Third-Party Breach (November 2025)

Sat, 01 Nov 2025 00:00:00 +0000

In 2025, OpenAI experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Mixpanel. Source reporting: https://www.bleepingcomputer.com/news/security/openai-discloses-api-customer-data-breach-via-mixpanel-vendor-hack/

OpenAI Mixpanel Product Analytics Data Exposure

Wed, 01 Oct 2025 00:00:00 +0000

In November 2025, OpenAI disclosed that customer data had been exposed via Mixpanel, its third-party product analytics platform. OpenAI had shared user behavioral data with Mixpanel for product improvement purposes, and the compromise of Mixpanel’s systems exposed this data. Affected information included user names, email addresses, approximate geographic location, operating system and browser information, and organizational/user identifiers. This was part of a broader Mixpanel breach that affected multiple technology companies including PornHub, Pinterest’s Shuffles app, CoinDCX, SoundCloud, SwissBorg, and CoinLedger in November-December 2025.

Tweet by Oli Feldmeier

Wed, 24 Sep 2025 00:00:00 +0000

One day after Griffin AI launched its GAIN token on Binance Alpha, an attacker minted 5 billion fake GAIN tokens on the Ethereum blockchain, then exploited a cross-chain endpoint to trick the bridge to the Binance chain into recognizing them as the real thing. The attacker was only able to sell a small fraction of their tokens, but they made off with approximately $3 million as the token plunged in price. According to CEO Oliver Feldmeier, the exploit was enabled by “a misconfigured layer Zero (cross-chain messaging) set-up and compromised key”.Griffin AI promises to allow customers to “build, deploy, and scale autonomous AI agents for crypto finance”. These are essentially AI-powered bots that perform various functions — some of Griffin’s advertised examples include a “robo-adviser” to provide “tailored investment strategies”, and bots to do arbitrage trading or manage staked assets.

Total loss estimated at $3,000,000.

AI-Enabled Cyberattack Acceleration — Reduced Breakout Times, Autonomous Attack Chains

Wed, 01 Jan 2025 00:00:00 +0000

By 2025-2026, documented evidence shows AI is systematically accelerating cyberattack timelines and lowering barriers to entry for attackers, while defenders face structural disadvantages in AI adoption speed. Key documented impacts from CrowdStrike Global Threat Report 2026, Okta Security Report 2026, Microsoft Digital Defense Report 2025, and ENISA Threat Landscape 2025: (1) Breakout time — average time for attackers to move from initial access to lateral movement — fell from 62 minutes (2023) to under 40 minutes (2025) as AI-assisted tooling automates post-exploitation; (2) CrowdStrike documented adversaries using AI-generated malicious code and AI-driven fuzzing to discover zero-days faster; (3) AI-powered phishing campaigns achieve 3-5x higher click rates than traditional campaigns by personalising content from social media and breach data in real time; (4) Nation-state actors (China, Russia, North Korea, Iran) have all been observed integrating AI into attack workflows; (5) Ransomware negotiation bots using LLMs now conduct initial extortion communications autonomously; (6) Social engineering via deepfake voice and video bypasses human recognition even for security-trained staff. Okta’s Brett Winterford documented that attackers are using AI to identify which accounts to target for MFA fatigue attacks — prioritising accounts where success probability is highest. IBM X-Force found that AI-powered scanning tools can identify vulnerable systems in an organisation within 3 minutes of an IP range being provided. The structural challenge is that defenders must secure every attack vector while attackers need only find one path — and AI amplifies this asymmetry.

AI-Powered Identity Theft Wave — Synthetic Identity Fraud, Deepfake KYC Bypass 2025-2026

Wed, 01 Jan 2025 00:00:00 +0000

By 2025-2026, AI-powered identity theft had emerged as a major and growing threat category, representing a structural shift in how identity fraud and credential theft are conducted at scale. Key developments documented by the Identity Theft Resource Center (ITRC), Okta, and industry researchers: (1) Synthetic identity fraud — AI generates complete fake identities combining real SSNs obtained from data breaches with generated names, addresses, and photos, enabling new account fraud at financial institutions; (2) Deepfake KYC bypass — generative AI video and voice tools defeat liveness detection at banks, crypto exchanges, and identity verification services (Jumio, Onfido, Sumsub) enabling account takeover and fraudulent account creation; (3) AI voice cloning enables highly convincing vishing calls impersonating bank fraud departments, CEOs (BEC), and customer service agents, bypassing voice authentication systems used by major banks; (4) AI-generated phishing emails achieve higher click rates by personalising content using data scraped from social media and data breach dumps; (5) Deepfake impersonation of executives for wire transfer fraud (BEC 2.0) — video call fraud where a fake CFO or CEO authorises fraudulent transactions in real-time video meetings. Verified incidents include the 2024 Arup Engineering deepfake CFO video call fraud ($25M lost in Hong Kong), multiple crypto exchange KYC bypass incidents confirmed by Chainalysis, and a documented AI voice fraud against a major European energy company ($243,000 stolen). ITRC reports that data breach-enabled identity theft complaints exceeded 1.4 million in 2025. The UK NCSC, US FTC, and ENISA all issued 2025-2026 advisories on AI-enabled identity threats.

Tweet by NFPrompt

Fri, 15 Mar 2024 00:00:00 +0000

A Binance-incubated platform called NFPrompt claims to be “the first Prompt Artist Platform in Web3” — with “prompt artist” referring to people who come up with prompts to feed into large language models. More succinctly, it’s a platform to sell the NFTs you’ve made out of AI-generated images.The platform announced on March 15 that it had suffered a “critical security incident” that it attributed to “a group of hackers” who were able to gain access to funds belonging both to the project’s users and the project itself. They did not disclose how much was taken.The project announced that it was working with the FBI, and had contacted centralized exchanges to ask them to freeze stolen funds.

"Two Men Charged for Operating $25M Cryptocurrency Ponzi Scheme"

Tue, 12 Dec 2023 00:00:00 +0000

Two fraudsters capitalized on the hype around both cryptocurrency and artificial intelligence, advertising an “artificial intelligence automated trading bot” that they promised would earn large returns for their investors. Instead, however, the fraudsters spent the money on themselves, paying for private chartered jet flights, luxury hotel accommodations, private mansion rentals, a personal chef, and private security guards.In addition to pulling off the original scam, the fraudsters also came up with a fake investigative agency called the “Federal Crypto Reserve”, where they directed victims who were seeking to recover their losses.The scammers were charged with wire fraud, money laundering, and obstruction of justice, which carry hefty maximum prison terms.

Total loss estimated at $25,000,000.

OpenAI ChatGPT Redis Bug — Chat History & Payment Info Leak

Mon, 20 Mar 2023 00:00:00 +0000

On March 20, 2023, OpenAI took ChatGPT offline after discovering a bug in its Redis client library (redis-py open-source library) that caused some users to see other users’ conversation history titles and partial personal information in their sidebar. In some cases, the first message of a new conversation could be visible. OpenAI later confirmed that a small subset of users (~1.2% of ChatGPT Plus subscribers who used the service during a 9-hour window on March 20) had their payment information exposed — including first and last names, email addresses, payment addresses, credit card type and last four digits, and credit card expiration dates. Full credit card numbers were not exposed. Approximately 100,000 ChatGPT Plus users were notified. The bug was triggered by a Redis connection pool race condition during a server-side configuration change that caused requests to return cached query data from another active connection. OpenAI patched the Redis library and confirmed the fix. This was the first major data exposure incident for ChatGPT and drew significant attention given OpenAI’s rapid growth and the sensitivity of private conversation data. OpenAI notified affected users directly and notified relevant regulators.

"Scammers Created an AI Hologram of Me to Scam Unsuspecting Projects"

Wed, 17 Aug 2022 00:00:00 +0000

Binance’s chief communications officer, Patrick Hillman, has come out with a blog post claiming that “Scammers created an AI hologram of me to scam unsuspecting projects”. (Hologram?) He claimed that scammers were using these meetings to ask token creators to pay a listing fee for their tokens, something that Binance also does, but has been more squirrely about.The only evidence Hillman provided was a redacted conversation via LinkedIn, where he denies meeting with someone, and they reply: “they impersonated your hologram. This person sent me a zoom link then your hologram was in the zoom”. (Again, hologram?) Amusingly, Hillman waxes poetic about the importance of security at Binance throughout the whole post, while also including a LinkedIn screenshot with a name that’s blurred so poorly it remains completely legible.Hillman goes on to claim, with no further evidence, that “a sophisticated hacking team used previous news interviews and TV appearances over the years to create a ‘deep fake’ of me”. If so, this would be remarkable, as to date video deepfakes have mostly been limited to robotic-sounding and grainy pre-recorded Elon Musk impersonations, rather than anything that can respond naturally and quickly to alive conversation.Another possible explanation is that Hillman is trying to cover Binance’s collective ass after being caught taking listing fees for tokens they never list. But who’s to say, really — maybe deepfakers have made a considerable breakthrough with startling implications, and Hillman just didn’t feel it was important to elaborate on.

"Please Don't Invest in This Crypto Scam Because Deepfake Elon Musk Told You To"

Fri, 27 May 2022 00:00:00 +0000

A somewhat robotic-sounding deepfake Elon Musk speaks to a deepfaked interviewer, who asks “what can you tell us about your project and how can it help people get rich right now?” Fake-Musk explains that people who invest in the (scam) project, “BitVex”, will “receive exactly 30% of dividends every day”, and that if Bitcoin falls in price they will still receive twice their investment back.According to BleepingComputer, only about $1,700 in deposits appeared to have gone to addresses associated with the scam, although they acknowledged that the addresses are likely rotated and so the true amount may be larger.Someone brought the scam to Musk’s attention on Twitter, where he replied, “Yikes. Def not me.” The YouTube channel hosting the videos was taken down shortly after.

Total loss estimated at $1,700.

Microsoft AI Research Team 38TB Exposure via Misconfigured Azure SAS Token

Mon, 20 Jul 2020 00:00:00 +0000

On July 20, 2020, Microsoft’s AI research team published open-source AI training data to GitHub and inadvertently included an overpermissioned Azure SAS token in the repository. The token granted ‘full control’ (read, write, delete, and list) permissions to the entire Azure Blob Storage account — not just the intended folder of training data. The SAS token was valid for approximately three years, until Wiz Research discovered the exposure on June 22, 2023 and reported it to Microsoft; Microsoft remediated the issue on June 24, 2023, and the public disclosure occurred September 18, 2023. The exposed 38TB of internal data included: backups of workstation files belonging to two Microsoft employees (including sensitive personal data), over 30,000 internal Microsoft Teams messages from 359 Microsoft employees, private SSH keys, passwords, and other internal credentials. No customer data was exposed. Microsoft confirmed no evidence of unauthorized external access. The incident illustrated how Azure SAS tokens — which appear as simple URLs and are often treated casually by developers — can carry dangerous levels of privilege that are difficult to audit and can persist for years without revocation. Wiz Research used this finding to advocate for better SAS token controls and visibility in cloud environments.

Microsoft AI Research Division 38TB Data Exposure via SAS Token — GitHub Misconfiguration

Wed, 01 Jul 2020 00:00:00 +0000

In July 2020, Microsoft’s AI research division accidentally published an Azure Shared Access Signature (SAS) token with overly permissive access when sharing an open-source training data contribution on GitHub. The SAS token granted anyone with the link full access to the entire Azure Storage account — not just the intended public training data. The storage account contained 38 terabytes of sensitive data including private keys, passwords, internal Microsoft Teams messages from 359 Microsoft employees, and over 30,000 internal Microsoft Teams messages, as well as secrets, private keys, passwords, and other sensitive internal Microsoft files. The token was accidentally published for approximately 3 years (July 2020 to September 2023), until Wiz.io security researchers discovered and reported it. Microsoft patched and secured the storage account after Wiz’s notification. Microsoft stated that no customer data was exposed and no other internal Microsoft services were put at risk. The overly permissive SAS token also allowed write and delete access — meaning anyone who discovered it could have modified or deleted the exposed data or potentially planted malicious data into AI training datasets. The case illustrated a fundamental risk with Azure SAS tokens: they grant access based on the URL alone (no authentication required), making accidental exposure in code or documentation particularly dangerous, and they can persist for years if not carefully managed.