Tag:AI

CovertSwarm's web testing agent identified a critical broken access control vulnerability in a retail subscription platform's GraphQL middleware. The platform enforced authentication on its auto-generated queries, but every custom action handler bypassed the permission layer entirely, returning customer PII, subscription data, and health assessments to unauthenticated requests. This is a step-by-step breakdown of how RAID found it in under two minutes.

fallback image

How RAID found unauthenticated customer data in a retail GraphQL API

CovertSwarm's web testing agent identified a critical broken access control vulnerability in a retail subscription platform's GraphQL middleware. The platform…

CREST AI charter logo

CovertSwarm is a founding signatory of the CREST AI Charter

CovertSwarm has become a founding signatory of the CREST AI Charter, endorsing nine principles for responsible AI use in cybersecurity.

Frontier AI models and offensive security - Luke Potter CovertSwarm

Frontier AI models are exciting.

CovertSwarm COO Luke Potter on why frontier AI is genuinely exciting, why most of the conversation is asking the wrong…

A lone figure walks away down a dark, empty street at night, unseen and undetected.

AI Sharpens the Question. It Doesn’t Change the Answer.

The cyber security industry has spent decades selling findings instead of answers. AI tools like Mythos make the problem faster…

Mythos ai zero day discovery

Mythos found a $20,000 bug. It won’t tell you who’s already inside. 

Anthropic's Mythos has dominated the security conversation this week. But the debate about whether it's overhyped is the wrong argument.…

Red team AI division

CovertSwarm launches RAID: Our red team AI division

CovertSwarm COO Luke Potter announces RAID, our Red Team AI Division, and why real adversaries made it non-negotiable.

City surveillance at night

Claude Jailbroken To Attack Mexican Government Agencies

A threat actor jailbroke Claude to orchestrate a month-long attack on Mexican government networks, stealing 150 GB of sensitive data.…

Silhouette of person in dark environment representing insider threat in agentic IDE security with code and terminal windows in background

When Your IDE Becomes An Insider: Testing Agentic Dev Tools Against Indirect Prompt Injection

Agentic development tools don't need to bypass your firewall. They're already inside. And if an attacker can control what they…

Modern office building at night showing AI agent security risks with autonomous systems running in corporate networks

What Moltbook reveals about AI agent security

The Moltbook launch exposed a critical gap: organizations deploying AI agents faster than they can secure them. Research shows 22%…