Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform’s frontend following a breach at a third-party vendor.

The company states in a brief announcement that the hack was the result of a supply-chain attack that impacted a dependency on its website.

Polymarket is one of the world’s largest cryptocurrency-based prediction markets that allows users to trade contracts with prices that reflect the market’s collective estimate of an event’s outcome.

It offers predictions for sports, economic indicators, weather patterns, awards, political and legislative outcomes, and even military conflicts.

Founded in 2020, the platform is currently valued at $9 billion, handles billions of dollars in trading volume, and serves as an influential source of information on market expectations.

During the attack, unsuspecting users were tricked into approving fraudulent transactions on the official Polymarket website after malicious JavaScript was injected through a frontend vendor.

Polymarket’s own servers and backend infrastructure were not impacted by the incident.

The company did not share many details about the event, but independent blockchain intelligence firms estimate the losses at roughly $3 million, stolen from a small number of accounts.

According to blockchain security firm PeckShield, the incident was a phishing campaign that stole approximately $3 million worth of ParyonUSD from users. The stolen funds were later swapped for 1,893 Ether.

“The attacker bridged the stolen funds from #Polygon to #Ethereum and swapped them into ~1,893 $ETH,” PeckShield says.

Based on visual analytics company Bubblemaps, the incident has impacted less than 15 accounts. The company published a list of some of the affected accounts as well as the wallets holding the stolen funds.

BleepingComputer has contacted Polymarket to request more details about the incident, but we have not received a response by publication time.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

security

Researchers warn many AI coding assistants now execute commands from project configurations

A high-severity flaw in Amazon’s AI coding assistant for Visual Studio Code meant that opening the wrong Git repository could allow an attacker to execute code on a developer’s machine and potentially hand them the keys to the dev’s cloud environment.

The bug, tracked as CVE-2026-12957 and assigned a CVSS 4.0 score of 8.5, centers on how Amazon Q handled Model Context Protocol (MCP) server configurations. Wiz found the extension would automatically load a repository’s .amazonq/mcp.json file and execute the commands it contained when a developer opened the project and activated Amazon Q.

“The security model assumes the user explicitly configures these servers. After all, you’re granting an AI assistant permission to run arbitrary commands on your machine. This should require informed consent,” the researchers write. “The vulnerability arose when this assumption was violated: Amazon Q automatically loaded MCP configurations from .amazonq/mcp.json within the workspace – no prompt, no consent, no workspace trust check.”

MCP lets AI assistants launch local processes to carry out tasks. In Amazon Q’s case, those processes inherited the developer’s environment, giving them access to AWS credentials, API keys, authentication tokens, SSH agent sockets, and other secrets already loaded into the session.

“The combination meant that a single malicious config file could execute arbitrary commands with full access to the developer’s credentials – no user interaction required beyond opening the folder and activating Amazon Q,” Wiz said.

To prove the attack worked, Wiz built a repository with a malicious MCP configuration. Opening the project and activating Amazon Q caused the extension to execute a command against AWS using the developer’s existing credentials.

Amazon fixed the bug in version 1.65.0 of its language server, which powers Amazon Q’s IDE integrations. Existing installations should receive the patched component automatically unless you’ve blocked automatic updates.

“We would like to thank Wiz for collaborating with us on this issue. We have remediated this issue in language server version 1.65.0,” Amazon said in an advisory, though it didn’t respond to The Register’s questions. 

Wiz argues the bug is less an Amazon problem than an industry one. More and more AI coding assistants are adopting MCP to connect models to local tools and services, allowing them to execute commands on developers’ machines. 

According to the researchers, similar workspace configuration flaws have recently surfaced in other AI coding tools. It suggests attackers have found a new place to lurk: the hidden files that developers rarely think twice about trusting. ®

Nvidia has dominated the AI chip market for years, but the era of total dependence might be ending.  

OpenAI just shared its plans to spice things up with Jalapeño, its custom inference chip built with Broadcom, joining Google, Apple, and SpaceX in a growing list of companies building their way out of single-supplier risk. The goal is less of a clean break and more of a hedge. Custom silicon means more control, hardware tuned to specific needs, and the kind of performance gains Apple unlocked when it ditched Intel. 

On this episode of TechCrunch’s Equity podcast, hosts Kirsten Korosec, Anthony Ha, and Sean O’Kane dig into what the custom chip trend means for the industry and a few deals of the week worth watching. 

Subscribe to Equity on YouTube, Apple Podcasts, Overcast, Spotify and all the casts. You also can follow Equity on X and Threads, at @EquityPod. 

The announcement comes amid a race between organisations to build semiconductors that can handle increasingly demanding AI workloads.

Multinational technology giant IBM has announced the creation of what it claims is the world’s first ​technology capable of producing chips smaller than one nanometre.  

According to IBM, the chip has a transistor architecture of 0.7 nanometres and can hold nearly 100bn transistors on a “fingernail”-sized surface, achieving roughly double the density of its 2-nanometre chip unveiled in ​2021. 

In order to create the chip, IBM reportedly developed a new transistor design called a nanostack, which lays transistors on top of each other in three dimensions, rather than the standard method of laying them flat, effectively fitting more into the same amount of available space.  

Commenting on the achievement, Jay Gambetta, a director of IBM Research, said, “With our new nanostack architecture, we’re not just making smaller transistors, we’re reinventing how chips are built to deliver ​dramatically more power and ​energy efficiency.”

According to IBM, the new nanostack technology will also be capable of shrinking a type of memory circuit called SRAM by 40pc when compared to its previous chip technology. Production is expected to begin within the next five years and the organisation has yet to name a manufacturing partner for this technology, if there is one. 

IBM’s announcement comes at a time when many organisations all over the globe are racing to become the most prominent name in the manufacturing of advanced chip technology and artificial intelligence. 

In late May, leading chipmakers Micron and SK Hynix both surpassed $1trn in market value. Global semiconductor company Infineon Technologies announced earlier in June that it is set to open a new €5bn chip factory in Dresden, Germany, representing Infineon’s single largest investment. Last month, Analog Devices announced it was acquiring AI power delivery provider Empower Semiconductor in a deal valued at $1.5bn.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

from the good-deals-on-cool-stuff dept

flowkey is a fun, interactive piano learning platform that helps anyone go from absolute beginner to confident player — at their own pace. It combines step-by-step courses with thousands of songs you know and love, tailored for every skill level, from first-time learners to advanced pianists. The app listens as you play and gives instant feedback so you can improve faster, practice technique, and master sheet music with confidence. Whether you’re learning scales or your first full song, flowkey makes piano practice easy, fun, and rewarding. A one year subscription is on sale for $40, two years for $60, or five years for $80.

Note: The Techdirt Deals Store is powered and curated by StackSocial. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Filed Under: daily deal

from the glorified-lapdogs dept

You might recall that one of the conditions of the FCC’s approval of The Ellison family’s $8 billion acquisition of CBS was that the agency would install a “ombudsman” at the network to ensure CBS journalism was appropriately feckless and deferential to our mad, idiot king.

This was particularly ironic given decades of whining by Republicans about stuff like the “fairness doctrine,” and other short-lived government attempts to set acceptable contours for journalistic speech. The appointment didn’t even really appear necessary, given Bari Weiss’ pretty obvious loyalty to oligarchs and autocrats like Trump and Netanyahu.

The guy they appointed, Kenneth Weinstein, unsurprisingly had no qualifications for the role. Weinstein had been the head of the faux-academic right wing Hudson Institute “think tank,” and has absolutely no experience in journalism or television whatsoever.

Similarly unsurprisingly, a new New York Times report indicates that Weinstein has largely been invisible and pointless since his appointment. He doesn’t issue statements, he doesn’t appear to help anybody dealing with internal chaos being caused by Weiss, he doesn’t respond to direct questions from politicians, and he barely shows up at the office:

“In the nine months since he was hired, Mr. Weinstein has issued no public statements about CBS News’s coverage or its controversies. He has not issued any guidance or feedback in staffwide emails or memos, three employees said. He has told some employees that he is scheduled to work only one day per month, two people said, though one said he responded to queries outside his monthly workday.”

As I predicted, there’s just not much for him to actually do at a company that’s innately so dutifully loyal to the nation’s richest assholes. The New York Times at one point seems confused by the idea this “watchdog” does do any useful watchdogging:

“As CBS News has been shaken by infighting between management and its star correspondents this year, Mr. Weinstein’s silence is being criticized by media experts. They say Paramount, the parent company of CBS News, has essentially hired a watchdog who doesn’t bark.”

Of course Weinstein wasn’t appointed to be a “watchdog” or to help the network or its employees. He was hired so that the Trump administration could be ensured a direct line to the leadership of a media company being converted into a propaganda mill, something that’s likely not even necessary due to the ample close connections between the Ellisons, CBS leadership, and the administration.

Weinstein’s other job was to simply ensure that CBS was remaining dutifully loyal to the president, a role that’s also not really necessary since folks like Bari Weiss have no integrity.

The New York Times doesn’t mention how much Weinstein is being paid for his single day of “work” a month, and how many shitcanned CBS journalist salaries it would have paid for.

Filed Under: bari weiss, cbs news, fcc, kenneth weinstein, media, ombudsman, propaganda, the hudson institute

By Maril Vernon, GRC Engineering Evangelist, Anecdotes.

Every vendor on every panel right now is saying the word “agentic.” But most of them can’t explain what actually changes when you stop treating GRC like a filing cabinet and start treating it like a fluid system.

I spent years on the offensive side, red and purple teaming, breaking the controls that GRC teams swore were working. Same findings, same gaps, different quarters. So when I tell you agentic AI is about to reshape how GRC operates, I’m not selling you a buzzword. I’m telling you what I’d be paying attention to if I were still trying to get past your controls.

Here is the honest version of where this goes, and what one of these agents actually looks like when you build it.

What “Agentic” Actually Means Here

Automation is not new to GRC. We have been scripting evidence collection and bolting RPA onto workflows for years. The problem is that most of it just moved the busywork around faster. It still produced static artifacts, still ran on a schedule, still answered the only question legacy GRC knows how to ask: “Did this control pass?”

An agent is different in three specific ways. It has autonomy, so it acts when a condition is met instead of waiting for a human to kick off a task. It has context, so it works against the actual state of your program rather than a screenshot from last quarter. And it executes multiple steps, so it can analyze, decide, and act in sequence rather than dumping a row into a report for you to deal with later.

The systems we are governing have already gone agentic. Cloud is elastic, identity is fluid, infrastructure is ephemeral, AI is non-deterministic, and CI/CD never stops. Attackers figured that out a long time ago but too many compliance programs are still trying to govern real-time systems with point-in-time assumptions.

Now, agentic does not mean handing judgment to a stochastic parrot, in fact most of the work should remain deterministic. The model provides reasoning, summarization, and orchestration. Your controls, thresholds, and policy decisions should still come from humans.

Frankly, this is one of the best use cases for AI in cybersecurity. GRC is full of high-volume, repeatable work performed against known baselines. That’s exactly the kind of problem machines excel at. We already trust AI to help us detect anomalies, prioritize alerts, and sift through mountains of telemetry.

Using it to help analysts identify evidence gaps or trace control drift is hardly the radical leap some people make it out to be.

Bottom line: AI should not replace judgment. It should give practitioners more opportunities to creatively apply it.

Three Things That Actually Change

The analyst’s job shifts from collecting to managing. Nobody gets into GRC because they dream of chasing screenshots and manually updating spreadsheets. The analyst’s job changes, but not in the way people fear.

Agents don’t turn practitioners into passive supervisors. Agents don’t replace practitioners; they give them back the time to apply judgment where it actually matters.

Compliance moves from periodic to continuous. Historically, annual and quarterly cycles existed because humans couldn’t continuously evaluate every control and every change. Agents dramatically expand that capability, making continuous assessment practical where periodic reviews once were the only option.

The moment that constraint goes away, “are we compliant right now” becomes a question you can actually answer, not a snapshot you defend three months after it stopped being true.

Trust becomes the bottleneck. Keep in mind: pass/fail is a compliance outcome. Confidence is a security outcome.

People underestimate this one because once effort is cheap, the hard question is whether you trust what the agent did and can prove it, or did you simply shift the manual work to the verification tax? That is a governance problem, and it is the one worth your attention.

What It Looks Like to Build One

Theory is easy to consume and file away. Here is the concrete version, using Anecdotes Agent Studio, which is the no-code builder my team put into early access. The mechanics are the point, so follow the structure even if you use something else.

Agent development comes down to three decisions:

Pick a trigger. This is the condition that wakes the agent up. It might be a schedule (run every Monday), or it might be an event in your program (a risk level changes, or evidence for a control goes stale past a freshness threshold you set). I prefer event triggers, because they fire the moment something changes instead of waiting for the next scheduled run, which is what makes the monitoring continuous rather than periodic.

Describe the work in plain English. You write the instruction the way you would brief a junior analyst, no code needed. Take ISO 27001:2022 control A.8.5, secure authentication.

The instruction might read: “When the MFA evidence for A.8.5 is older than 24 hours, query the identity provider for the current MFA enforcement policy, compare it against the organization’s required MFA baseline, and if any group has fallen out of enforcement, open a finding and assign a remediation task to the control owner.” Start from a prebuilt recipe or write your own.

Deploy and watch. Now trace what the agent actually does when that trigger fires.

It reads the live MFA policy from your identity provider through the connected plugin (Okta, Entra ID, whatever you run), pulls the current enforcement state for each group, compares it to the A.8.5 baseline you defined, and finds that a newly provisioned admin group was created without an MFA policy attached. It opens a finding, attaches the policy snapshot it pulled as evidence, links it to A.8.5, and assigns remediation to the IAM owner.

Each of those steps lands in an execution log: the trigger event, the data it read, the comparison it ran, the decision it reached, and the action it took.

That single run is the difference between “we passed A.8.5 at the last assessment” and “A.8.5 is enforced right now, and here is the timestamped evidence.”

The Part Security People Will Push On (Correctly)

If your instinct reading this was “I am not handing compliance decisions to a black box,” good. Keep that.

Agentic GRC is defensible for one reason: the work is observable. A useful execution log captures the trigger that fired, the exact inputs the agent read, the rule or baseline it evaluated against, the decision it reached and why, the action it took, and the evidence it touched; all timestamped. That record is what lets you reconstruct any decision after the fact and hand it to an assessor without taking the agent’s word for anything.

Two scoping rules keep it safe. Give the agent least privilege: read-only access to the systems it evaluates, and write access only to the GRC objects it is allowed to create, like findings and tasks. Then gate anything consequential behind a person. Detecting drift and opening a finding can run unattended; closing a risk or marking a control effective should route to a human for sign-off.

Plan for the agent being wrong, because a non-deterministic model sometimes will be. If it opens a finding on A.8.5 that turns out to be a false positive, the log shows exactly what it read and concluded, so you fix the instruction instead of guessing.

An action you can trace is an action you can reverse, and that is why the log matters more than the model.

Where to Start

Don’t start with your highest-stakes control. Start with the task that is high-toil and low-judgment, the one your team does the same way every week and hates.

Think evidence gap detection, extracting findings from audit reports, or generating analysis rules for evidence that has no testing procedure. Prove the pattern there, read the logs, build the trust, then expand.

If you want to go deeper on this, it’s the whole agenda at the GRC Data & AI Summit 2026 on August 12, a free virtual event where security, risk, and compliance leaders work through what being agent-ready actually requires. Save your spot here.

I did not come back to GRC because it was comfortable. I came back because it was unfinished. Agents are the first time the tooling has started to match the speed, scale, and interconnected nature of the systems we’re trying to govern. If you want to see what building one feels like, Agent Studio is in early access now. 

My advice? Build the boring one first. Then tell me what changed.

Maril Vernon is a former red and purple team operator and the Principal GRC Engineering Evangelist at Anecdotes. She writes and speaks on GRC Engineering, continuous controls monitoring, and pushing compliance into the same decade as the systems it governs.

Sponsored and written by Anecdotes.