.svg)
Key Points
Welcome to issue #6 of The Vulnerabulletin - your guide through the industry noise! With essential cyber-sec news, top-tier thought leadership and a meme or two to take the edge off, you can enjoy a doom-free scroll on us.
This month we dive into the world of AI infrastructure - the good, the bad and the frightening - plus we look at how the security industry is attempting to keep up with the pace of AI CVEs being generated. We're unpacking the container security mess that's quietly growing inside modern stacks, including what four recent breaches tell us about how attackers are getting in. And our CEO Chris Wallis sits with CyberRiskTV to share real-world examples of AI-powered security catching what traditional tools miss. All that, plus the stories and features we've been desperate to talk about all month!
OpenClaw is averaging 2.1 new CVEs per day ⚠️
AI tooling is shipping with vulnerabilities at a pace we haven't seen before - authentication gaps, missing sandboxing, and broken access controls are showing up across the board.
When we scanned 1 million exposed AI services earlier this year, the picture was bleak: unauthenticated APIs, exposed credentials, wide-open agent platforms. Read Security Engineer Ben Marr's research on the state of exposed AI infrastructure to see why, on average, it's more vulnerable and misconfigured than any other software we’ve investigated.
We also built an OpenClaw CVE tracker because, honestly, those security advisories are getting hard to keep count...
What containers changed about cloud security 👀
Gartner estimates 99% of cloud security failures are the customers' fault, not the providers'.
Containers have made that responsibility harder to manage. They made it easier to ship fast, but where you once secured a single application, you now have hundreds of microservices — each with its own dependencies, configs, and blind spots.
What does AI-powered security actually look like? 🤖
At RSAC 2026, Intruder CEO Chris Wallis joined Adrian Sanabria to explore real ways we've seen AI genuinely transform exposure management.
When we fed Intruder's own internal vulnerability data and cloud architecture into an LLM, it spotted that one of our developers had an unpatched Chrome vulnerability and elevated cloud access. The AI understood that if that person gets compromised, the attacker would gain access to our entire cloud environment: so we should patch that first.
It's an early example, but it shows how AI can help bridge the gap between what a human might reason to and what traditional tools have been able to do.
The Vulnerabulletin Board 📌
What our security team has been reading (and meme-ing) this month...
💊 AI attributes medical symptoms to a completely fictional disease (Nature) - a 2024 experiment to test the spread of misinformation via LLMs has led to dozens of people being diagnosed with a bogus illness, with generated images to boot.
👩💻 White supremacist dating site hacked by female activist (The Guardian) - how one kick-ass woman successfully took down the far-right romance site, and exposed a network of neo-Nazis in the process.
🍹 The red-teaming rave that helped protect the Trans community (404Media) - how a venue in Queens combined DJs, cocktails and cybersecurity to teach Trans folks how to find and secure personal info like selfies, passwords and aliases left exposed online.
🏆 Our meme of the month:
.png)
What's new in Intruder 💡
☁️ Container Image Scanning - Registry-level integrations with cloud providers handle container discovery and scanning automatically - no agents to install, no configurations to babysit. Get time back to focus on what matters.
Vulnerabulletin
