AgentsCrowdStrike 2026 Global Threat Report AI Attacks Up 89%CrowdStrike·high signalAI-enabled adversary ops up 89% YoY. Fastest breakout 27 seconds. DeepSeek-R1 produces 50% more vulnerable code on politically sensitive prompts. 90+ orgs exploited via prompt injection.SourceSource pageCrowdStrike↳ Follow the threadPolicy dependency / Stack layerHalluSquatting weaponizes LLM hallucinations to push botnet malware into agentsThe Hacker NewsStack layer / Threat patternPick your agent sandbox primitive by threat model: Firecracker microVM vs gVisor vs V8 isolateNorthflankStack layer / Threat patternCounter-Narrative: Atlassian and Figma Report Stable-to-Strong Seat Expansion, Showing the 'SaaSpocalypse' Isn't UniversalAtlassian 8-K (SEC)Stack layer / Threat patternVaronis discloses 'Rogue Agent' — a Dialogflow CX flaw letting one permission poison a shared agent runtimeNxCodeStack layer / Threat patternMitigating Taint-Style MCP Server Vulnerabilities Without Touching Server Code (SPELLSMITH)arXivStack layer / Threat patternGhostcommit hides prompt injection in PNG files to make AI coding agents exfiltrate repo secretsSecNewsStack layer / Threat patternsqlite-utils 4.0 Was Mostly Written by Claude Fable Across 37 Prompts for ~$149Simon WillisonStack layer / Threat patternVercel Adds Granular Observability to Sandbox and Makes Flag Evaluation 10x FasterVercel (Releasebot)