Lemma Critical Brief

threat intelligence × trust infrastructure.

Lemma's structured analysis of major incidents across AI, cryptographic infrastructure, supply chains, and regulated attributes. Each Brief makes the gap between detection and proof explicit — a reference for risk assessment, regulatory response, and trust-infrastructure design.

RSS feed · Methodology · Newsletter
AI ATTACK LAB

The strongest AI broke into enterprise systems. What changes after Lemma?

See the results →

Most-read Briefs

  1. 1 Both Sides Cited Cases That Never Existed AI Decision Integrity · No. 060
  2. 2 AI Agent Forwarded Credentials Before Verifying the Sender (OpenClaw / Varonis) AI Decision Integrity · No. 047
  3. 3 Noroboto: embedded "lying fonts" made AI's document review read different text AI Decision Integrity · No. 005
  4. 4 GTG-1002: AI agent autonomously executed 80–90% of a cyberattack Agent Runaway · No. 009
  5. 5 Syscoin Bridge: an invalid SPV proof was read as "valid" and minted 5B SYS with no burn Bridge Config Trust · No. 067

Browse by threat type

76 All Briefs
No. 080 · 2026-06-23

Replit: an AI agent broke a code freeze, wiped production data, then fabricated records to cover it

Agent Runaway Brief →
No. 079 · 2026-06-23

Common Crawl: about 12,000 live credentials embedded in a public corpus used to train LLMs

Training Data Provenance Brief →
No. 078 · 2026-06-23

TennCare Connect: an automated eligibility system illegally cut thousands off Medicaid

AI Decision Integrity Brief →
No. 077 · 2026-06-23

IDMerit: about a billion identity-verification records left publicly exposed

KYC / AML Disclosure Brief →
No. 076 · 2026-06-23

A 93% Facial-Recognition 'Match' Led Straight to Arrest Without Independent Verification (Robert Dillon Wrongful Arrest Suit)

AI Decision Integrity Brief →
No. 075 · 2026-06-23

A Dormant, Un-Revoked Credential Turned a Trusted Integration into Mass Salesforce Extraction (Klue)

Identity & Auth Brief →
No. 074 · 2026-06-23

Taiko Bridge: Forged Withdrawals Passed as Valid After a Prover Signing Key Leaked

Bridge Config Trust Brief →
No. 073 · 2026-06-19

ShadowMQ: one unsafe pattern (unauthenticated ZMQ + pickle) copied across AI inference frameworks

Agent Infrastructure Brief →
No. 072 · 2026-06-19

Hugging Face LeRobot: a robotics framework executed untrusted data received over an unauthenticated channel

Agent Infrastructure Brief →
No. 071 · 2026-06-19

DJI ROMO: one authenticated client reached 7,000 robot vacuums' cameras

Identity & Auth Brief →
No. 070 · 2026-06-19

Unitree (UniPwn): one shared key across the fleet

Identity & Auth Brief →
No. 068 · 2026-06-19

Universal Robots PolyScope: unauthenticated network access yields RCE on industrial robots

Identity & Auth Brief →
No. 067 · 2026-06-19

Syscoin Bridge: an invalid SPV proof was read as "valid" and minted 5B SYS with no burn

Bridge Config Trust Brief →
No. 066 · 2026-06-19

LiteLLM AI Gateway: from low-privilege user to admin and RCE

Identity & Auth Brief →
No. 065 · 2026-06-17

NHO Hokkaido Hospitals: assumed shredded, sold online

Attribute Proof Bypass Brief →
No. 061 · 2026-06-17

Hyundai: driver-assist AI braked on a threat that wasn't there

AI Decision Integrity Brief →
No. 042 · 2026-06-17

Waymo: the robotaxi drove past a stopped school bus

AI Decision Integrity Brief →
No. 064 · 2026-06-16

Salesloft Drift: a trusted integration's OAuth tokens stolen, hundreds of Salesforce tenants queried

Agent Infrastructure Brief →
No. 063 · 2026-06-16

Bright Data SDK: your living-room TV became a relay node for AI-scraping

Data Provenance Brief →
No. 062 · 2026-06-16

Claude Code GitHub Action: one issue claiming "[bot]" led the agent to privileged execution

Agent Infrastructure Brief →
No. 060 · 2026-06-16

Both Sides Cited Cases That Never Existed

AI Decision Integrity Brief →
No. 059 · 2026-06-16

When "Allow All" OAuth to an AI Tool Becomes the Breach Path (Vercel / Context.ai)

Agent Infrastructure Brief →
No. 058 · 2026-06-16

From State Store to RCE

Agent Infrastructure Brief →
No. 057 · 2026-06-15

Reachable Meant Readable

Identity & Auth Brief →
No. 056 · 2026-06-15

No Check on Who Was Authorized

Identity & Auth Brief →
No. 055 · 2026-06-15

Internal Data Exfiltrated Without Verifying the Instruction's Origin

AI Decision Integrity Brief →
No. 054 · 2026-06-13

Generated Until the Rightsholder Said No

Data Provenance Brief →
No. 053 · 2026-06-12

200 Million Views of Fake Celebrities

Data Provenance Brief →
No. 052 · 2026-06-12

70,000 Government IDs Leaked to Prove Age

Attribute Proof Bypass Brief →
No. 051 · 2026-06-12

Asking the AI Support Bot Was Enough

Identity & Auth Brief →
No. 050 · 2026-06-12

Generated Without Consent or Age Verification

Attribute Proof Bypass Brief →
No. 049 · 2026-06-12

Tesla Robotaxi Crash Records

AI Decision Integrity Brief →
No. 048 · 2026-06-12

TrapDoor Plants Hidden Directives in AI Assistant Instruction Files Across npm, PyPI, and Crates.io

Code Provenance Brief →
No. 047 · 2026-06-12

AI Agent Forwarded Credentials Before Verifying the Sender (OpenClaw / Varonis)

AI Decision Integrity Brief →
No. 046 · 2026-06-12

ServiceNow Scripted REST Endpoint Served Customer Data Without Authentication

Identity & Auth Brief →
No. 045 · 2026-06-11

When One Laptop Meets the Multisig Threshold

Bridge Config Trust Brief →
No. 043 · 2026-06-09

Self-Reported Autonomous-Driving Safety, Unverified

AI Decision Integrity Brief →
No. 040 · 2026-06-09

Phantom Carbon Credits

Attribute Proof Bypass Brief →
No. 038 · 2026-06-09

IronWorm

Code Provenance Brief →
No. 037 · 2026-06-09

When the Assistant Becomes the Trigger

Agent Infrastructure Brief →
No. 036 · 2026-06-08

12.8 Billion Training Images Contained Passports, Résumés, and Faces

Training Data Provenance Brief →
No. 035 · 2026-06-08

The Inspections Were Recorded as 'Complete'

Attribute Proof Bypass Brief →
No. 034 · 2026-06-08

Live Biometric Verification Defeated by an Injected Video Feed

Attribute Proof Bypass Brief →
No. 033 · 2026-06-08

One Edge Appliance Compromise Cascaded to Full Domain Takeover

Identity & Auth Brief →
No. 032 · 2026-06-08

Inside a Legitimate Booking Platform, the Payout Bank Account Was Silently Rewritten

Attribute Proof Bypass Brief →
No. 031 · 2026-06-08

AI Agents Drove Intrusions From Initial Access to Exfiltration

Agent Runaway Brief →
No. 030 · 2026-06-06

Stripe's Trusted API Infrastructure Repurposed to Deliver Card-Skimming Code and Store Stolen Data

Code Provenance Brief →
No. 029 · 2026-06-06

One-Click GitHub OAuth Token Theft via github.dev

Agent Infrastructure Brief →
No. 028 · 2026-06-05

The npm Dependency-Confusion Recon Campaign

Code Provenance Brief →
No. 027 · 2026-06-05

LibreChat CVE-2026-32625

Agent Infrastructure Brief →
No. 026 · 2026-06-05

Adaptive AI Worm

Agent Runaway Brief →
No. 025 · 2026-06-05

MCP Design: Config-to-Command Execution and Supply-Chain-Scale RCE

Agent Infrastructure Brief →
No. 024 · 2026-06-05

Invisible Unicode Instruction Injection

AI Decision Integrity Brief →
No. 023 · 2026-06-05

The Alephium TokenBridge Exploit ($815K)

Bridge Config Trust Brief →
No. 022 · 2026-06-04

OnlyFake

Attribute Proof Bypass Brief →
No. 021 · 2026-06-03

Wirecard: forged balance confirmations asserted €1.9B that didn't exist

Attribute Proof Bypass Brief →
No. 020 · 2026-06-03

Tampered Certification Test Data Behind Type Designation

Attribute Proof Bypass Brief →
No. 019 · 2026-06-03

Unqualified Engineers Placed Under National-License Claims

Attribute Proof Bypass Brief →
No. 018 · 2026-05-31

The hackerbot-claw Campaign's First Recorded AI-vs-AI Attack

AI Decision Integrity Brief →
No. 017 · 2026-05-31

McKinsey Lilli's Writable System Prompts

AI Decision Integrity Brief →
No. 016 · 2026-05-31

The Verus-Ethereum Bridge Hack ($11.58M)

Bridge Config Trust Brief →
No. 015 · 2026-05-31

The GitHub Internal Repository Breach

Code Provenance Brief →
No. 014 · 2026-05-31

The TanStack npm Compromise

Code Provenance Brief →
No. 013 · 2026-05-31

The Coinbase KYC Insider Breach

KYC / AML Disclosure Brief →
No. 012 · 2026-05-31

The Robert Williams Wrongful Arrest

AI Decision Integrity Brief →
No. 011 · 2026-05-31

SynthID Watermark, Statistically Stripped

Data Provenance Brief →
No. 010 · 2026-05-31

Claude Code Source-Leak Lures

Code Provenance Brief →
No. 009 · 2026-05-31

GTG-1002: AI agent autonomously executed 80–90% of a cyberattack

Agent Runaway Brief →
No. 008 · 2026-05-30

Discord 2.05 Billion Message Scraping via Public API

Training Data Provenance Brief →
No. 007 · 2026-05-30

Cursor + Claude Opus 4.6 Wiped PocketOS Production DB in 9 Seconds

Agent Runaway Brief →
No. 006 · 2026-05-30

Google API Keys Remain Usable for 23 Minutes After Deletion

Attribute Proof Bypass Brief →
No. 005 · 2026-05-30

Noroboto: embedded "lying fonts" made AI's document review read different text

AI Decision Integrity Brief →
No. 004 · 2026-05-30

Megalodon GitHub Supply Chain

Code Provenance Brief →
No. 003 · 2026-05-30

Starlette CVE-2026-48710 (BadHost)

Agent Infrastructure Brief →
No. 002 · 2026-05-29

Stake DAO vsdCRV Unauthorized Mint

Bridge Config Trust Brief →
No. 001 · 2026-05-29

KelpDAO / rsETH Unauthorized Unlock

Bridge Config Trust Brief →

Are you ready for cyberattacks in the age of AI?

See the latest AI attack experiments → Request a demo →

* Security assessment (system audit) is scoped separately, sized to the engagement.

Lemma Critical Weekly Structural analysis of major risk incidents — weekly, by email.