The AI-security vertical of the Nirad Bharat Threat Feed. Twice weekly, Bharat-first, for CISOs, SOCs and AI builders — as CERT-In's AI-exploitation blueprint puts AI security on the compliance clock.
1CriticalCVSS 9.9
LiteLLM AI-gateway takeover chain — full server compromise (CVE-2026-47101, CVE-2026-47102, CVE-2026-40217; plus exploited CVE-2026-42271)
Obsidian Security disclosed a CVSS 9.9 chain that walks a default low-privilege user up to admin and remote code execution on the LiteLLM proxy, exposing every configured provider key (OpenAI, Anthropic, Gemini, Bedrock, Azure), master/salt keys, the database URL and all prompt/response traffic. A separately exploited LiteLLM flaw (CVE-2026-42271, on CISA's KEV list) reaches RCE on the same product.
Why it matters for IndiaIndian banks, fintechs and GCCs are standardising on LLM gateways to broker multiple model providers — one compromised proxy hands over the keys to the entire AI estate and everything that has passed through it.
Actionupgrade to LiteLLM v1.83.14-stable or later; rotate all provider, master, salt and DB credentials; restrict the proxy to authenticated, segmented networks.
SourceObsidian Security; The Hacker News (11 Jun 2026).
2
I4C / MHA warns of deepfakes built to defeat video-KYC and biometric onboarding
India's Cyber Crime Coordination Centre (I4C), under the Home Ministry, advised that fraudsters harvest facial and voice data via fake video calls, interviews and dating/job lures, then generate deepfakes that bypass liveness detection, video-KYC and account recovery — with low-cost open models driving the surge.
Why it matters for Indiavideo-KYC underpins digital account opening across Indian BFSI and wallets; defeating liveness turns identity itself into the attack surface, enabling fraudulent onboarding and account takeover at scale.
Actionadd deepfake/liveness-spoof detection to onboarding; require multi-signal verification (device, behavioural, out-of-band) for high-risk actions; warn customers never to "blink/turn-head" on unsolicited calls.
SourceI4C / MHA advisory, via ETV Bharat and Business Standard (11 Jun 2026).
3
Supply-chain worms are now hunting AI-developer and cloud secrets
Microsoft detailed the "Miasma" worm in malicious @redhat-cloud-services npm packages harvesting GitHub, npm, AWS, Azure, GCP, Vault and Kubernetes credentials; Socket then found 37 malicious PyPI wheels in the same Shai-Hulud / "Hades" lineage — several targeting AI-assistant configuration files.
Why it matters for IndiaIndia's large developer and GCC base heavily consumes npm/PyPI SDKs inside CI jobs that often hold LLM and cloud keys; one poisoned dependency leaks the credentials guarding production and customer data.
Actionpin and lock dependencies, disable install-time scripts, scan for malicious packages and AI-config tampering, and rotate any secrets exposed during installs.
SourceMicrosoft Threat Intelligence (2 Jun 2026); Socket (7 Jun 2026).
4HighCVSS 8.7
Prompt injection is reaching agentic CI/CD pipelines (CVE-2025-66032)
Researchers showed untrusted GitHub issues and PR comments can steer AI coding agents — the Claude Code GitHub Action (CVE-2025-66032, CVSS 8.7, fixed in 2.1.128), with Gemini CLI and Copilot variants — into leaking workflow secrets or pushing malicious commits; OWASP still rates indirect prompt injection the top cause of agentic-AI failures in production.
Why it matters for IndiaAI code-review and issue-triage bots are entering Indian engineering pipelines faster than their trust boundaries are being designed.
Actionmake agent workflows read-only and secretless by default; pin actions by commit SHA; require human approval before writes; treat all model-ingested content as untrusted.
SourceGMO Flatt Security (1 Jun); Microsoft Security Blog (5 Jun); Help Net Security / OWASP (11 Jun 2026).
AI defender tip: in 2026 the credential, not the model, is the crown jewel. Inventory every place an LLM key lives — gateways, agents, notebooks, CI/CD — and put each on a rotation schedule; and treat every AI agent as a privileged workload (explicit identity, tool allowlist, egress control, human approval before state-changing actions).
Nirad AI Threat Watch | Bharat-first threat intelligence
