エピソード

  • #8: Every Consultancy Is a Honey Pot Now

    #8: Every Consultancy Is a Honey Pot Now
    2026/04/20
    Top Story: Comment and Control — Three Coding Agents, One Bug Class, Zero CVEs — On April 15, researcher Aonan Guan — working with Johns Hopkins University's Zhengyu Liu and Gavin Zhong — published the first cross-vendor demonstration of a prompt-injection pattern that turns GitHub itself into the command-and-control channel for stealing runner credentials out of AI coding agents. Curator's Corner: Every Consultancy Is a Honey Pot Now Curated by Asaf Nakash. Voices by AI. Opinions by human. Show notes: https://contextwindowsec.com/episodes/2026-04-20.html
    続きを読む 一部表示
    15 分
  • #7: Ninety Days to Patch the World

    #7: Ninety Days to Patch the World
    2026/04/13
    Top Story: Claude Mythos Preview + Project Glasswing — AI Reaches the Zero-Day Threshold — On April 7, Anthropic announced Claude Mythos Preview alongside Project Glasswing — the most consequential AI security development of 2026, and arguably of the decade.. Curator's Corner: Anthropic's Oppenheimer Moment Curated by Asaf Nakash. Voices by AI. Opinions by human. Show notes: https://contextwindowsec.com/episodes/2026-04-13.html
    続きを読む 一部表示
    14 分
  • Instructions Are Not Guardrails

    Instructions Are Not Guardrails
    2026/04/06
    Anthropic accidentally published Claude Code's entire source code to npm — 512,000 lines of TypeScript, including an autonomous daemon called KAIROS that nobody was supposed to know about. North Korea compromised the Axios npm package through AI-assisted social engineering. Mercor, a $10B AI startup, got breached via the LiteLLM supply chain — 4TB exfiltrated. Plus: Microsoft open-sources the Agent Governance Toolkit, and Curator's Pick on why instructions are not guardrails. Curated by Asaf Nakash. Voices by AI. Opinions by human. Show notes: https://contextwindowsec.com/episodes/2026-04-06.html
    続きを読む 一部表示
    14 分
  • From Zero Day to Zero Second: When Security Tools Become the Weapon

    From Zero Day to Zero Second: When Security Tools Become the Weapon
    2026/03/30
    Your vulnerability scanner just published malware. One threat actor — TeamPCP — hit five ecosystems in ten days: Trivy, Checkmarx KICS, LiteLLM, Telnyx, and npm via CanisterWorm. A supply chain worm that completes a full compromise cycle in under sixty seconds. Plus: RSA Conference drops its agent security agenda, Claude gets jailbroken, and Curator's Corner on why security tools became the attack surface. Curated by Asaf Nakash. Voices by AI. Opinions by human. Show notes: https://contextwindowsec.com/episodes/2026-03-30.html
    続きを読む 一部表示
    14 分
  • Episode 4: AI Sandboxes Are Broken — Two Platform Escapes in One Week

    Episode 4: AI Sandboxes Are Broken — Two Platform Escapes in One Week
    2026/03/23
    Two major AI platform sandbox escapes dropped this week on the eve of RSA Conference. AWS Bedrock's "isolated" sandbox leaks DNS queries — researchers built a full reverse shell. Snowflake's Cortex Code CLI got jailbroken through a GitHub README. Plus: MCP rug pulls, VoidLink (88K lines of AI-generated malware), the biggest pre-RSA funding window ever, and Curator's Corner on why AI didn't create new vulnerabilities — it made old ones affordable. Curated by Asaf Nakash. Voices by AI. Opinions by human. Show notes: https://contextwindowsec.com/episodes/2026-03-23.html
    続きを読む 一部表示
    14 分
  • Episode 3: An AI Agent Hacked McKinsey's Chatbot in Under 2 Hours

    Episode 3: An AI Agent Hacked McKinsey's Chatbot in Under 2 Hours
    2026/03/16
    A red-team agent compromised a Big Four consultancy's customer-facing chatbot in under two hours. The Chrome Gemini hijack lets browser extensions take over Google's built-in AI. Plus the biggest M&A week in AI security history — Google closed the $32B Wiz deal, OpenAI bought Promptfoo, and three stealth startups emerged with a quarter-billion in combined funding. Curated by Asaf Nakash. Voices by AI. Opinions by human. Show notes: https://contextwindowsec.com/episodes/2026-03-16.html
    続きを読む 一部表示
    15 分
  • Episode 2: AI Security Gets Real — Breaches, Budgets, and the Agent Problem

    Episode 2: AI Security Gets Real — Breaches, Budgets, and the Agent Problem
    2026/03/08
    The week AI security shifted from theoretical to operational. Major breaches, new funding rounds, and the emerging challenge of securing autonomous AI agents. Curated by Asaf Nakash. Voices by AI. Opinions by human. Show notes: https://contextwindowsec.com/episodes/2026-03-08.html
    続きを読む 一部表示
    14 分
  • Pilot Episode: Welcome to Context Window

    Pilot Episode: Welcome to Context Window
    2026/03/01
    The pilot episode of Context Window — your weekly AI security briefing in under 15 minutes. Curated by Asaf Nakash. Voices by AI. Opinions by human. Show notes: https://contextwindowsec.com/episodes/2026-03-01.html
    続きを読む 一部表示
    12 分