← AM·PM Brief

Supply Chain Threat: Scrap Hijacking Hits AI Coding Tools; Linux GhostLock Bug Uncovered After 15 Years - JustSayAI AI Daily Brief (Jul 12, 06:00)

· Morning brief · 10 news · 7:01

Audio in Mandarin Chinese · English transcript below

AI hijack,Linux 15y bug,Sec low,Pwr reform,Ant cause,CN LLM war,DS dual,Merge off

AI is unleashing a massive wave on both offense and defense in cybersecurity. AI tools can unearth Linux root vulnerabilities that have lain dormant for fifteen years, while the hallucinations of AI coding assistants give rise to new supply chain threats like "trash hijacking." Notably, as offensive and defensive technologies advance in lockstep, the security governance of the world's major AI companies has collectively failed—none received an A-grade rating. This gap between expanding capabilities and missing accountability poses a systemic risk far more dangerous than any single vulnerability.

Today's Top 3 Headlines

  1. AI Industry News

    🤖 Junk Hijacking: AI Coding Tools Trigger Software Supply Chain Threats, Vulns Up 98% YoY

    Security research shows "trash-jacking" attacks from AI coding tools exploit LLM hallucinations to inject malicious code, with vulnerability reports growing 98% annually, far exceeding 25% for open-source packages. Developers must beware of fake packages when relying on AI coding assistants, or risk backdoors from the start.

    Source
  2. AI Industry News

    🤖 AI discovers Linux root vulnerability hidden for 15 years, earns $92,337 bounty

    Nebula Security's AI-driven vulnerability hunting tool VEGA uncovered a 15-year-old critical Linux kernel flaw, GhostLock (CVE-2026-43499), enabling any user to escalate to root and escape containers. For the cybersecurity community, this signals AI in automating re...

    Source
  3. AI Industry News

    🤖 Global top 9 AI safety ratings: No A grade, Anthropic highest at C+, Mistral last

    FLI's semi-annual safety ranking: none of 9 top AI firms got A; Anthropic led with C+ but criticized for military tech use. It exposes safety gaps against AGI threats, and many firms have reversed earlier pledges.

    Source

+7 more headlines

  • 🤖 AI data centers face power crisis: 800V HVDC savior, NVIDIA plans adoption by 2027
  • 🤖 Ant's Robiant launches Lingbao-Video Action 2.0, a physics AI native causal model
  • 🤖 Goldman Sachs report reveals parameter sizes of DeepSeek V4 Pro, Zhipu GLM5.2, etc.
  • 🤖 DeepSeek develops AI inference chips, challenging Nvidia and Huawei
  • 🤖 DeepSeek vs Nvidia: The Business Model War Behind China's Chip Plans
  • 🤖 NVIDIA faces dual pressure from memory price hikes and DeepSeek inference chips
  • 🤖 Oregon AG drops effort to delay Paramount-Warner Bros merger
Unlock all 10 headlines + deep analysis →Free 3-day trial · cancel anytime
Browse all past briefings →