A North Korea-linked threat actor has deployed Gaslight, a Rust-compiled macOS backdoor that harvests browser credentials from Chrome, Brave, Firefox, and Safari and uses Telegram Bot API for C2. The implant notably embeds a 38-message prompt injection payload designed to blind AI-assisted malware triage tools, creating a detection gap in security operations pipelines that rely on LLM-based first-pass analysis. Organizations with significant macOS populations among developers, finance, and IT staff, and those using AI-assisted triage in their SOC workflows, face elevated risk.