Weekly Threat Intelligence: vLLM Embedding Abuse, Agentic Worms, Dynamic RBAC, and BYOVD Drift

This weekly run covered June 20 through June 27 and processed 216 high-signal items across CISA KEV, NVD, the Go Vulnerability Database, and 10 editorial or research sources. The dependency lane stayed clean for the current engine: no matching Go dependency advisories landed against the audited bill of materials.

The pressure moved into AI infrastructure and operational trust boundaries. The strongest signals were sparse tensor and multimodal embedding abuse in model inference paths, agentic worm behavior through poisoned markdown, dynamic MCP server registration, unrestricted API key minting, and fresh BYOVD tradecraft. That is a familiar 2026 shape: the exploit may start as data, configuration, or metadata, but the impact lands in memory allocation, identity, or agent autonomy.

This cycle shipped the fresh P0 item from the report: tensor metadata validation in the Data Poisoning Guard. The implementation stays inside the existing module, uses only the Go standard library, and does not add runtime dependencies or a seventeenth module.

Several P1 items in the generated action list were real threats but not clean new implementation gaps. The LLM Firewall already decompresses PDF FlateDecode streams using Go standard-library flate and zlib readers, then routes the plaintext through existing prompt-injection checks. API Fortress already catches dynamic mcpServers configuration attempts and external MCP server registration patterns. The Rust sidecar already scans TCP payloads beyond the preview window for embedded ELF, PE, and 7zXZ signatures, including boundary-offset tests.

The right move was not to add another parser or dependency just because the report repeated the theme. The useful work was to verify the existing coverage, avoid duplicate code paths, and spend the implementation budget on the new P0 tensor metadata gap.

The strategic items are still worth tracking. Agentic worm defense needs deeper cross-module taint propagation between markdown ingestion and later output rendering. Dynamic RBAC and API key escalation needs enterprise scope modeling rather than a hardcoded role ladder. BYOVD defense should continue moving from short static driver lists toward configuration-driven or feed-driven hashes and filenames.

Those are larger design changes. They should land as careful extensions to existing modules, not as rushed weekly bolt-ons. The discipline remains the same: strengthen the engine without letting the security architecture sprawl.

This cycle kept the line: one engine, sixteen modules, optional Rust sidecar, and no new external runtime dependencies. The new detection is deterministic and local. It does not ask another model whether a tensor looks scary. It validates the metadata that would drive allocation and inference behavior, then emits a normal 1-SEC alert for the existing enforcement pipeline.

That is how weekly threat intelligence stays useful. The report can be expansive; the implementation should be exact.

The weekly script completed successfully and generated the June 27 report with 8 action items. The implementation pass then ran focused Data Poisoning Guard and core schema tests, followed by the full Go quality line: build, vet, gofmt check, and race-enabled tests across the repository. The Rust sidecar also passed fmt, clippy with warnings denied, and the full pcap-enabled test suite with 188 tests.

The repeated dependency check remained clear: no Go vulnerability database advisories matched the current engine dependencies.