Modena360 Blog

blog image

April 2026's Wave of AI-Tool Attacks: What Your Business Needs to Know

Over roughly two weeks in April 2026, a cluster of security incidents delivered the same uncomfortable message from several directions at once: the AI tools and integrations that businesses are rushing to adopt have quietly become a primary attack surface. The centrepiece was the LiteLLM/Mercor breach. LiteLLM — an open-source "AI gateway" used to route requests to different AI models, downloaded tens of millions of times a month and present in an estimated third of cloud environments — was poisoned on the public package repository, with malicious versions that quietly stole cloud credentials, SSH keys and secrets. The tainted package flowed straight into the build pipelines of any organisation whose systems pulled the update. One casualty was Mercor, a US$10 billion AI startup, which had roughly 4 terabytes of data stolen — including contractors' personal information (passport scans, identity numbers, interview recordings) along with source code. Meta paused its AI data work with Mercor in the aftermath.

It didn't happen in isolation. In the same window, cloud platform Vercel disclosed a breach that began when an employee granted a third-party AI productivity tool broad "Allow All" access to their corporate Google Workspace — handing attackers (who had earlier infected that tool's vendor with credential-stealing malware) an inherited path straight into Vercel's systems. Researchers also flagged a protocol-level remote-code-execution flaw across the popular framework used to connect AI agents to tools and data — affecting its official SDKs and a supply chain of more than 150 million downloads — which some compared to Log4Shell for the AI era. Different companies, different entry points, but one pattern: the AI layer has become the soft underbelly of the modern technology stack.

Why This Matters for Your Business

You don't have to be a frontier AI lab for this to reach you. A few realities now apply to organisations of every size:

  1. "Shadow AI" is expanding your attack surface invisibly. Staff are signing up for AI tools and clicking through permission screens that grant sweeping access to email, files and accounts — often without IT's knowledge. Each over-broad grant is a door an attacker can walk through, as the Vercel incident showed.
  2. Your software supply chain now includes AI components. Modern applications are assembled from hundreds of open-source building blocks. When one popular AI library is poisoned, the malicious code can reach everyone who uses it within hours — long before anyone realises.
  3. You inherit your vendors' breaches. The Mercor incident rippled outward to the major labs that relied on it. If a supplier holding your data is compromised, your business and customers are exposed too. A compliance certificate on paper is not the same as security in practice.
  4. Machine-to-machine traffic is a blind spot. Traditional firewalls were built to inspect human users coming in from outside. They are largely blind to the automated, system-to-system traffic AI tools and agents generate internally — exactly where these attacks operated.

What Every Business Should Do Now

  • Inventory and govern your AI tools. Know which AI tools your staff use, review the permissions each has been granted, restrict third-party app access to the minimum required, and put a simple approval process around new tools to curb "shadow AI."
  • Secure your software supply chain. Track the components your systems rely on, pin and verify trusted versions, monitor for compromised packages, and lock down the build and deployment pipelines attackers increasingly target.
  • Assess third-party and vendor risk. Understand which suppliers hold your data and what their security actually looks like — not just what their certificates claim. Limit the data you share to what they genuinely need.
  • Apply least-privilege to tools and agents. Treat AI tools and automated agents like any other privileged user: give them the narrowest access possible, and keep a human in the loop for sensitive or irreversible actions.
  • Watch machine and API traffic, not just users. Extend monitoring and behavioural analytics to non-human, system-to-system activity so unusual automated behaviour is detected early.
  • Patch fast — and isolate what you can't. When a critical flaw is announced in an AI component or integration, apply the fix urgently. Where an immediate patch isn't possible, isolate the affected system to limit exposure.
  • Keep tested backups and a ready response plan. Regularly tested, off-site backups and a rehearsed incident-response plan keep a single compromise from becoming a crisis.

How a Managed Service Provider (MSP) Helps

  • AI tool & SaaS governance — discovering which tools are in use, reviewing their permissions, and putting sensible guardrails around how AI is adopted.
  • Vulnerability & patch management — continuous scanning, prioritisation and remediation across your stack, including the AI and dependency layer attackers now target.
  • Third-party & vendor risk management — ongoing assessment of the suppliers who hold your data, so a breach at a vendor doesn't blindside your business.
  • 24/7 security monitoring — analysts and tooling watching for intrusion around the clock, including the machine-to-machine activity traditional defences miss.
  • Incident response planning — ready-made playbooks and expert support to contain and recover quickly.
  • Policy & compliance management — guidance on adopting AI responsibly, with policies and controls tailored to your industry.

The April 2026 incidents are a preview of the environment every business now operates in: one where the AI tools delivering real productivity gains also widen the attack surface in ways most organisations haven't accounted for. The technology is worth adopting — but it has to be adopted securely. It is no longer a question of if an AI tool or supplier in your orbit will be targeted, but whether you'll have the visibility and controls in place when it is. By adopting a defence-in-depth strategy and partnering with a trusted MSP like Modena360, your business can embrace AI with confidence and stay resilient.


Adopting AI tools and unsure how to do it safely?

Let us build a secure, well-governed approach to AI — before the next threat strikes.

Talk to Modena360