AI Sec Watch

Companies like Samsung are posting ads on TikTok that appear to be made with generative AI (AI systems that create images or videos from text descriptions), but they're not adding the required AI disclosure labels that TikTok's advertising policies demand. This means users can't easily tell whether the ads they see are AI-generated or made by humans, even though the companies creating them know the truth.

OpenAI discontinued its Sora video-generation app and canceled plans to add video generation to ChatGPT, also ending a $1 billion deal with Disney. The company made these decisions because Sora was consuming large amounts of computational resources without generating enough revenue to justify the expense, as OpenAI focuses on becoming profitable.

AI researchers report that online creators are using generative AI (artificial intelligence that creates images or videos from text descriptions) to produce fake images and videos of real political figures and entirely fabricated people, sometimes in military or sexualized contexts, to earn money and spread propaganda. These deepfakes (AI-generated fake media of people) are influential in shaping public perception of political figures, even when viewers know the content is not real.

A vulnerability (CVE-2026-4993) was found in wandb OpenUI up to version 1.0 where manipulating the LITELLM_MASTER_KEY argument in the backend/openui/config.py file can expose hard-coded credentials (passwords stored directly in the code). This vulnerability requires local access to exploit and has already been publicly disclosed, though the vendor did not respond to early notification.

Giskard Agents contain a server-side template injection vulnerability in the `ChatWorkflow.chat()` method, which treats user input as Jinja2 template code (a templating language that processes special syntax) instead of plain text. If a developer passes user-provided data directly to this method, an attacker can execute arbitrary code on the server by embedding malicious Jinja2 syntax in their input.

STADLER, a 230-year-old recycling equipment company, embedded ChatGPT (an AI language model that generates human-like text) across its workforce to speed up knowledge work like drafting, summarizing, and translating. The company achieved 30-40% time savings on common tasks, 2.5x faster first drafts, and 85% daily active usage by providing company-wide access, training, and clear guardrails while encouraging bottom-up experimentation.

Langflow, a tool for building AI-powered agents and workflows, had a vulnerability in versions before 1.9.0 where the Agentic Assistant feature would execute Python code generated by an LLM (large language model) on the server. An attacker who could access this feature and control what the model outputs could run arbitrary code (malicious commands) on the server itself.

Nanobot, a personal AI assistant, had a vulnerability in its email module that allowed attackers to send malicious prompts via email, which the bot would automatically process as trusted commands without the owner's knowledge. This is a type of indirect prompt injection (tricking an AI by hiding instructions in its input) that could let attackers run arbitrary system tools through the bot. Version 0.1.6 fixes this flaw.

LibreChat versions 0.8.2-rc1 through 0.8.3-rc1 have a vulnerability where user-created MCP (Model Context Protocol, a system for connecting AI models to external tools) servers can steal OAuth tokens (security credentials used for authentication). An attacker can create a malicious MCP server with special headers that trick LibreChat into substituting sensitive tokens, which are then leaked when victims use tools on that server.