John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
The 9-Second Disaster: What a Rogue AI Coding Agent Teaches Us About Production Access
A Claude-powered agent deleted an entire production database in 9 seconds. Here's why it happened and what it means for anyone using AI coding tools.
Read More
The AI Espionage Playbook: How a Hacker Used Claude and GPT-4.1 to Steal 415 Million Records
A threat actor used Claude Code and GPT-4.1 to automate a government-scale data breach in Mexico, exfiltrating 415 million records through 5,317 AI-generated commands. This is the first documented case of AI coding tools used as a nation-state espionage engine.
Read More
An AI Found a 13-Year-Old RCE in ActiveMQ in 10 Minutes
CVE-2026-34197 sat undetected in Apache ActiveMQ for 13 years. Claude found it in 10 minutes by tracing a cross-subsystem exploit chain no human auditor had connected.
Read More
Your AI Coding Tools Have an Invisible Attack Surface. One Model Falls for It Every Time.
Researchers find 63 MCP servers with hidden Unicode characters in tool descriptions, and GPT-5.4 follows the invisible instructions with 100% compliance.
Read More
Claude Found RCEs in Vim and Emacs. Only One Got Patched.
A researcher used Claude to find file-open RCEs in both Vim and Emacs. Vim patched immediately. Emacs says it's Git's problem. Meanwhile, leaked details of Anthropic's 'Mythos' model suggest AI offensive capabilities are approaching nation-state level.
Read More
AI Tools Are Now Both the Target and the Weapon, And Security Teams Haven't Caught Up
A CVSS 10.0 flaw in Langflow was exploited within 20 hours. The Claude Chrome extension let any website hijack your AI assistant. And a state-sponsored actor used autonomous AI to run 80-90% of a cyber espionage campaign. Three stories, one picture.
Read More