From the Gemini Calendar prompt-injection attack of 2026 to the September 2025 state-sponsored hack using Anthropic’s Claude code as an automated intrusion engine, the coercion of human-in-the-loop agentic actions and fully autonomous agentic workflows are the new attack vector for hackers. In the Anthropic case, roughly 30 organizations across tech, finance, manufacturing, and government were…

Technology Review, published by MIT, is a leading source of news, analysis, and commentary on emerging technologies, scientific advancements, and their societal impacts. Covering topics such as artificial intelligence, biotechnology, renewable energy, and more, Technology Review provides  reporting and  articles on the intersection of technology and society. Readers can stay informed about the latest breakthroughs and trends shaping the future of technology.

MIT Technology Review

The first AI-orchestrated espionage campaign using Claude demonstrates that prompt injection is persuasion, not a technical bug. Attackers convinced the AI agent to perform 80-90% of reconnaissance, exploit development, and data exfiltration by framing malicious tasks as legitimate security testing. Traditional prompt-based defenses fail because they try to control AI through language rather than enforcing hard boundaries. Effective security requires treating AI agents like any critical system with identity controls, least-privilege access, tool permissions, and audit logging at the architectural boundary. Regulatory frameworks from NIST, NCSC, and EU AI Act emphasize governance through access control and continuous monitoring rather than linguistic guardrails.

Rules fail at the prompt, succeed at the boundary

Prompt injection is persuasion, not a bug

Why this is a governance problem, not a vibe coding problem