This week in the Wild West Roundup.

2026-04-13 · Bits and Bobs 4/13/26

This week in the Wild West Roundup.
- Paper: "A scan of approximately 2,000 MCP servers found all lacked authentication."
- Google DeepMind Researchers Map Web Attacks Against AI Agents.
- GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data.
- Mythos escaped its sandbox in testing.
- Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain.
  - "26 LLM routers are secretly injecting malicious tool calls and stealing creds. One drained our client $500k wallet.
  - We also managed to poison routers to forward traffic to us. Within several hours, we can directly take over ~400 hosts."
- Apple Intelligence AI Guardrails Bypassed in New Attack.
- ChatGPT, Claude, and Gemini Among 11 AI Models Vulnerable to One-Line Jailbreak.
  - The idea that you can trust the model to behave as intended in all situations just seems fundamentally broken.
- The non-engineering press is also picking up on some of this:
  - "I ran Nvidia's NemoClaw to see if OpenClaw is finally safe, but it still has the same problems."
  - Claude, OpenClaw and the new reality: AI agents are here — and so is the chaos.

More on this topic

From other episodes