This Week in AI Security - 20th November 2025

In this week's episode, Jeremy covers two major and critical developments that underscore the need to harden the foundational components of AI systems and recognize the reality of AI-orchestrated attacks.First, we analyze Shadow MQ, a vulnerability discovered by Oligo that affects multiple popular AI tools, including those from Nvidia and Meta Llama. The flaw stems from the mass reuse of core, insecure components—specifically, an unsafe Python pickle deserialization technique—in the underlying plumbing of various LLMs. This vulnerability allows attackers to inject malicious commands, potentially leading to Remote Code Execution (RCE) and Privilege Escalation at the API layer.Second, we dive deep into the first publicly confirmed, AI-orchestrated cyber espionage campaign, detailed in a threat intelligence report from Anthropic. The state-sponsored campaign used a frontier AI model to accelerate nearly every phase of the attack, including:Weaponized System Prompts: Attackers defined a persona ("senior cyber operations specialist") to guide the LLM's malicious behavior.AI-Driven Evasion: The AI was used to refine malware and bypass EDR solutions.AI-Powered Reconnaissance: The model performed vulnerability research on obscure protocols and orchestrated lateral movement within networks.Jeremy emphasizes that this report is a wake-up call, validating the core risks around AI adoption and proving that malicious AI usage is now a real-world reality.Episode Links:https://www.oligo.security/blog/shadowmq-how-code-reuse-spread-critical-vulnerabilities-across-the-ai-ecosystemhttps://assets.anthropic.com/m/ec212e6566a0d47/original/Disrupting-the-first-reported-AI-orchestrated-cyber-espionage-campaign.pdf------Worried about AI security? Get Complete AI Visibility in 15 Minutes. Discover all of your shadow AI now. Book a demo of Firetail's AI Security & Governance Platform: https://www.firetail.ai/request-a-demo