1 article
The Pwn2Own Berlin 2026 AI category results — five products exploited — have a compounding implication for organisations where AI coding agents are integrated with CI/CD pipelines, code repositories, and cloud deployment infrastructure. An exploited AI agent running in a pipeline is not a developer workstation compromise; it is a supply chain entry point.
Two supply chain attacks this week — one against a widely-used vulnerability scanner, another poisoning an AI framework via PyPI — targeted the tools developers trust without question. CI/CD pipelines and open-source tooling are not peripheral attack surfaces. They are the path of least resistance into production.
CipherWatch Editorial
Security Intelligence Platform