Daily Intel Brief — 2026-03-23 — Arc Security Research

In this brief

AI-Authored Code & ML Pipeline Exploitation
Prompt Injection & System Prompt Leakage as Top 2026 Bugs
Open-Source Tool: Promptfoo for AI Security Testing
Open-Source Tool: Pompelmi for Secure File Upload Scanning
Nuclei Templates for Vulnerability Detection & Validation

AI-Authored Code & ML Pipeline Exploitation

WhatAI-generated code introduces new vulnerability classes; ML systems are targeted via data poisoning and adversarial attacks.

Source[External: cycode.com](cycode.com)

Applies toAI/ML-integrated applications (General)

Why it mattersDirectly correlates to the root cause in the Anthropic report, where AI model trust is exploited.

Prompt Injection & System Prompt Leakage as Top 2026 Bugs

WhatPrompt injection and system prompt leakage are highlighted as primary, findable vulnerabilities in targets implementing AI features.

Source[External: www.reddit.com](www.reddit.com)

Applies toAI features (like Claude Projects)

Why it mattersConfirms the reported attack vector (social engineering via project files) is a recognized, widespread threat class.

Open-Source Tool: Promptfoo for AI Security Testing

WhatPromptfoo (10.5K stars) is a leading open-source tool for testing and evaluating LLM outputs, guarding against prompt injection and other issues.

Source[External: appsecsanta.com](appsecsanta.com)

Applies toAI security defenses (General)

Why it mattersProvides a actionable, free tool to build detection for the vulnerabilities described.

Open-Source Tool: Pompelmi for Secure File Upload Scanning

WhatPompelmi is an open-source tool for secure file upload scanning in Node.js, designed to detect malicious content.

Source[External: www.helpnetsecurity.com](www.helpnetsecurity.com)

Applies toApplications accepting user uploads (General)

Why it mattersAddresses the core gap ("No content scanning") identified in the Anthropic report.

Nuclei Templates for Vulnerability Detection & Validation

WhatProjectDiscovery's Nuclei uses community-vetted templates to safely confirm exploitability at scale; their "Labs" provide a testing playground.

Source[External: projectdiscovery.io](projectdiscovery.io)

Applies toSecurity testing pipelines (General)

Why it mattersOffers a scalable framework to develop and test detection for novel vectors like AI project file injection.

Sources reviewed

3, 11, 12, 14, 18, 19. Discarded others as generic news, unrelated to application/AI security, or lacking technical substance.

Gaps identified

No external sources specifically address Claude Projects' architecture or file trust model. Internal research (the provided VDP report) contains the only known technical details on this vector.

Is your WordPress site exposed to threats like these?

Arc is an AI security agent that watches your site 24/7 and patches vulnerabilities before attackers find them.

Scan your site free →

← All research