Category: AI Infrastructure Risk

Taiwan’s TWCERT/CC reports a technical evolution in the “Contagious Interview” campaign: instead of relying on victims to manually execute a file, attackers embed a malicious VS Code workspace configuration so code runs automatically when developers open a project folder in Trusted Mode. The technique abuses VS Code’s tasks.json automation (including a run-on-folder-open behavior) and social engineering around Workspace Trust prompts. The activity primarily targets cryptocurrency software engineers and freelancers via recruiting outreach on LinkedIn and gig platforms, then directs them to download test projects from GitHub/GitLab. TWCERT/CC says the resulting payload has been identified as a newer BeaverTail variant (Type 701), with noted functional overlap with OtterCookie (sometimes referred to as “OtterCandy”), and is focused on stealing crypto-related browser extension and wallet data as well as high-value browser-stored secrets. Read more

OWASP’s Top 10 for Large Language Model (LLM) Applications has been published as a community security baseline that catalogs common failure modes in GenAI applications—ranging from prompt injection to model theft. OWASP says the effort has expanded beyond a list into the OWASP GenAI Security Project, a broader open initiative covering risks across LLMs, agentic systems, and AI-driven applications, with a large global contributor community and separate project resources and participation tracks. Read more

NIST’s AI Risk Management Framework (AI RMF) established a shared, voluntary vocabulary and process model for managing AI risks across the lifecycle—supporting “trustworthiness” goals such as safety, security, and resilience. Since the AI RMF 1.0 release on Jan. 26, 2023, NIST has expanded implementation support via the AI RMF Playbook and Resource Center, published a Generative AI Profile (NIST-AI-600-1) in July 2024, and, as of Apr. 7, 2026, issued a concept note for a forthcoming profile focused on Trustworthy AI in Critical Infrastructure—signaling growing expectations that AI governance and security controls will be tailored to high-consequence environments. Read more

In a Security Blog post, AWS outlines how it approaches “AI sovereignty” as an extension of digital sovereignty, centered on data sovereignty (including residency and operator access restrictions) and operational sovereignty (including resilience and independence). AWS positions its sovereignty offering as “control and choice” across the AI stack—deployment location options (including on-premises and isolated deployments), model/service selection, and governance controls. The post highlights AWS Nitro System isolation properties for EC2 instances (including AI accelerator instances), a commitment that Amazon Bedrock customer inputs/outputs are not used to train Amazon Nova or third-party models, and references third-party validation of Nitro’s design by NCC Group. AWS also notes its ISO/IEC 42001 accredited certification coverage for certain AI services and a 2025 surveillance audit with no findings, framing these as assurance mechanisms for customers with sovereignty and compliance requirements. Read more