Skip to content
Threat Feed
Subscribe

Product

Gemini CLI

5 briefs RSS
high advisory

AI Agent Data Theft via Indirect Prompt Injection

Attackers are leveraging indirect prompt injection against AI agents with access to private data, untrusted content, and external communication channels to steal sensitive information by embedding malicious instructions in content processed by the agent.

GitHub Copilot Agent +4 ai-agent prompt-injection data-theft ai-security
1r 2t
critical advisory

AI Coding Agents Vulnerable to Supply Chain Attacks via Malicious Repositories

AI coding agents like Claude Code, Gemini CLI, Cursor CLI, and GitHub Copilot Agents can be manipulated to introduce malicious code into software supply chains by accessing attacker-controlled repositories, leading to potential remote code execution and supply chain compromises.

Claude Code +3 supply chain ai remote code execution
2r 1t
critical advisory

Gemini CLI Vulnerability Leads to Potential Supply Chain Attack

A critical vulnerability in Google's Gemini CLI, an open-source AI agent, could have enabled attackers to inject malicious prompts into GitHub issues, leading to code execution and a supply chain compromise.

Gemini CLI +2 supply-chain prompt-injection code-execution
2r 3t
critical advisory

Gemini CLI Remote Code Execution via Workspace Trust and Tool Allowlisting Bypasses

Gemini CLI is vulnerable to remote code execution via workspace trust and tool allowlisting bypasses, impacting headless mode and GitHub Actions workflows.

Gemini CLI +1 rce supply-chain github-actions
2r 1t
medium advisory

GenAI Process Connection to Unusual Domain on macOS

This rule detects GenAI tools on macOS connecting to unusual domains, potentially indicating command and control activity, data exfiltration, or malicious payload retrieval following compromise via prompt injection, malicious MCP servers, or poisoned plugins.

Copilot +22 genai command and control macos network connection
2r 1t