Lemma Critical Brief

threat intelligence
× proof layer.

Structured analysis of incidents across AI, cryptographic infrastructure, supply chain, and regulatory attributes — read through the Detection ≠ Proof thesis . Each Brief makes the failure primitive explicit and identifies the structural gap that hardening detection alone cannot close, then connects it to the pre-execution attestation design.

● 17 briefs published since 2026-05-29 · RSS feed · Methodology

About this collection

Lemma Critical Brief is a structured-incident-analysis reference collection from Lemma. Each Brief covers one incident across nine sections (TL;DR + §1–§8) , structuring the failure primitive and the structural gap that detection alone cannot close, and connecting them to the pre-execution attestation design. Series scope, citation conventions, and editorial process are consolidated on the Methodology page.

Featured · Latest Brief

No. 017

2026-05-31

Pillar 02 · Verifiable AI

McKinsey Lilli's Writable System Prompts

2026 年 2 月、レッドチーム企業 CodeWall の自律オフェンシブ AI エージェントが、McKinsey の社内向け生成 AI プラットフォーム「Lilli」を、認証情報も内部知識もない状態から 2 時間足らずで本番データベースへの完全な read/write アクセスに到達させた。露呈した最も重大な gap は、Lilli の挙動を統治する 95 件の system prompt がすべて書き込み可能だった点である。攻撃者はこれを悪用すれば、Lilli の回答・…

Read Brief →

Pillar 01

Verifiable Origin

9 briefs

The layer that independently verifies the origin of messages, data, and code.

No. 016 · 2026-05-31

The Verus-Ethereum Bridge Hack ($11.58M)

A Valid Merkle Proof, But No Verification That the Source Amount Matched the Payout

Bridge Config Trust Identity & Auth Brief →

No. 015 · 2026-05-31

The GitHub Internal Repository Breach

A Poisoned VS Code Extension, Live for 18 Minutes, Exploited the Developer Trust Surface

Code Provenance Identity & Auth Brief →

No. 014 · 2026-05-31

The TanStack npm Compromise

Malicious Packages Signed Under a Legitimate OIDC Trusted Publisher, Where a Valid Provenance Signature Did Not Mean a Trustworthy Artifact

Code Provenance Identity & Auth Brief →

No. 011 · 2026-05-31

SynthID Watermark Reverse-Engineering

How a Statistical Attack Strips the Provenance Mark from AI-Generated Content

Data Provenance AI Decision Integrity Brief →

No. 010 · 2026-05-31

Claude Code Source-Leak Lures

Weaponizing Trust Signals and GitHub Releases as a Provenance-Spoofed Delivery Channel

Code Provenance Identity & Auth Brief →

No. 008 · 2026-05-30

Discord 2.05 Billion Message Scraping via Public API

How Public Channel Data Gets Redistributed as AI Training Datasets

Training Data Provenance Data ProvenanceAttribute Proof Bypass Brief →

No. 004 · 2026-05-30

Megalodon GitHub Supply Chain

CI/CD Credential-Theft Campaign That Poisoned 5,561 Repositories in 6 Hours

Code Provenance Identity & Auth Brief →

No. 002 · 2026-05-29

Stake DAO vsdCRV Unauthorized Mint

LayerZero v2 Trust Source Rewriting via Deployer Key

Bridge Config Trust Identity & Auth Brief →

No. 001 · 2026-05-29

KelpDAO / rsETH Unauthorized Unlock

RPC Manipulation Attack on the DVN Observation Layer

Bridge Config Trust Identity & Auth Brief →

Pillar 02

Verifiable AI

3 briefs

The layer that ZK-commits the process of AI judgment.

No. 017 · 2026-05-31

McKinsey Lilli's Writable System Prompts

The Layer Governing the AI's Behavior Had No Integrity or Provenance

AI Decision Integrity Identity & AuthAgent Runaway Brief →

No. 012 · 2026-05-31

The Robert Williams Wrongful Arrest

When an AI Face-Match Drove a Government Enforcement Action Without Independent Verification

AI Decision Integrity Identity & AuthAI Bias / Harm Brief →

No. 005 · 2026-05-30

Noroboto Attack

AI Document Review Input-Integrity Forgery via Embedded Lying Fonts

AI Decision Integrity Data Provenance Brief →

Pillar 03

Agent Authority Proof

3 briefs

The layer that records and proves the delegation relationships of agents.

No. 009 · 2026-05-31

GTG-1002

The First Reported AI-Orchestrated Espionage Campaign Where the Agent Executed 80–90% Autonomously, and Agent Authority Was Never Independently Verified

Agent Runaway Identity & Auth Brief →

No. 007 · 2026-05-30