Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.

This Week’s Cyber Insights

• 🤖 Hundreds of MCP Servers Expose AI Models to Rem …

• 🔏 Critical Authentication Bypass Vulnerability Ex …

• ⚡ "Skynet" Malware Pioneers First AI-Targeted Cybe …

• 📰 Further Alerts & Insights

🤖 Hundreds of MCP Servers Expose AI Models to Remote Code Execution

A critical security flaw has emerged in the rapidly expanding ecosystem of Model Context Protocol (MCP) servers, with researchers discovering that hundreds of these AI-connecting systems are wide open to cyberattacks. Backslash Security estimates there are already more than 15,000 MCP servers worldwide, with around 7,000 found publicly accessible and 200+ completely unauthenticated. The vulnerability represents the first major security crisis in AI infrastructure designed specifically for enterprise and building management applications.

• Around 70 scanned MCPs possess serious vulnerabilities including path traversal issues and lack of input data sanitization

• Attackers with network adjacency could run malicious code, delete host system data, or completely take over systems

• MCP servers allow AI tools to work with private organizational data beyond their training datasets

• Security specifications are still being defined, with authentication not part of basic specifications

• Organizations are deploying MCPs faster than security knowledge can keep pace

🤔 The Bigger Picture:

MCP servers bridge AI models and real-world infrastructure data including HVAC systems, security cameras, and building automation networks. When compromised, attackers gain AI-powered access to sensitive operational technology, potentially manipulating building systems or launching broader infrastructure attacks. Organizations must immediately audit AI implementations connecting to building management systems and implement strict network segmentation.

Read the full article

🔏 Critical Authentication Bypass Vulnerability Exposes 27 Mitsubishi Electric HVAC Models

Mitsubishi Electric disclosed CVE-2025-3699 with a maximum CVSS score of 9.8, affecting air conditioning systems deployed across commercial buildings and industrial facilities worldwide. Security researcher Mihály Csonka discovered the "Missing Authentication for Critical Function" weakness that enables attackers to bypass authentication mechanisms entirely and gain unauthorized control over building HVAC systems without any user interaction.

• Complete system control possible, allowing attackers to illegally control air conditioning, access sensitive information, and tamper with firmware

• Affects 27 different models across G-50, GB-50, AE-200, AE-50, EW-50 series and multiple other product lines

• No patches planned for most affected products, with Mitsubishi Electric announcing improved versions only for select AE, EW, TE, and TW series models

• Greatest risk exists for systems directly accessible from internet without VPN protection

• Attack requires no user interaction and can be executed remotely over network connections

🤔 The Bigger Picture:

This vulnerability exposes risks in connected building automation systems designed for internal networks but often internet-accessible. Successful exploits could result in climate control manipulation, disrupted tenant comfort, increased energy costs, or safety hazards in critical environments. Organizations must rely entirely on network-level protections given the lack of available patches.

Read the full article

⚡ "Skynet" Malware Pioneers First AI-Targeted Cybersecurity Evasion

Check Point researchers have uncovered the first documented malware specifically designed to evade AI-powered cybersecurity tools through prompt injection techniques. The "Skynet" malware, discovered after anonymous upload from the Netherlands, marks a significant evolution in adversarial tactics as cybercriminals adapt to the growing use of AI in security operations and building management systems.

• Novel evasion mechanism embeds language mimicking authoritative user instructions to hijack AI analysis streams

• Experimental proof-of-concept attempts to manipulate AI models like GPT-4 and Google Gemini into outputting fabricated verdicts

• Coincides with rapid adoption of AI large language models in cybersecurity workflows for automated malware analysis

• Prompt injection technique seeks to influence AI-driven analysis rather than deceive human analysts

• Researchers predict attacks will become more sophisticated as attackers learn to exploit LLM-based detection nuances

🤔 The Bigger Picture:

As facility managers increasingly rely on AI-powered security tools for threat detection and building monitoring, this development signals a new arms race. Organizations deploying AI for facility security must implement multi-layered validation, avoid over-reliance on AI-only analysis, and ensure human oversight remains integral to security operations.

Read the full article

Further Alerts & Insights