AI Sec Watch

OpenAI has delayed the launch of its 'adult mode' feature for ChatGPT, which was designed to give verified adult users access to adult content including erotica. The delay, the second postponement from the originally announced December launch, is attributed to the company prioritizing work on core features like intelligence, personality, and proactive functionality.

OpenAI has rolled out Codex Security, an AI-powered security agent that scans code repositories to identify and propose fixes for vulnerabilities. During beta testing, Codex Security scanned over 1.2 million commits and found 792 critical and 10,561 high-severity vulnerabilities across open-source projects, with false positive rates declining by over 50%.

CVE-2026-30834 is a Server-Side Request Forgery (SSRF) vulnerability in PinchTab, an HTTP server that provides AI agents with Chrome browser control. Prior to version 0.7.7, the /download endpoint allowed users with API access to make arbitrary requests to internal network services and local files, potentially exfiltrating sensitive response content.

Anthropic is in a dispute with the U.S. Department of Defense over safety restrictions on its Claude AI model, specifically refusing to allow its use for domestic mass surveillance or autonomous weapons systems. The Pentagon has declared Anthropic a supply chain risk due to this refusal, while Anthropic has vowed to challenge the designation in court, raising questions about how AI will be regulated in military applications.

OpenClaw, an open-source AI assistant platform created by Peter Steinberger in November 2025, held a fan convention called ClawCon in Manhattan that attracted hundreds of attendees. The event celebrated the platform's popularity in the tech industry, featuring interactive elements like sponsor stations and a demo stage.

Pentagon CTO Emil Michael reported disagreements with AI company Anthropic regarding autonomous warfare capabilities. The military is developing procedures to enable varying levels of autonomy in warfare based on assessed risk levels.

Anthropic discovered 22 new security vulnerabilities in Firefox (14 high-severity, 7 moderate, 1 low) using its Claude Opus 4.6 AI model during a two-week security partnership with Mozilla in January 2026. Most of these vulnerabilities have been addressed in Firefox 148, released in late February 2026, with the remainder scheduled for upcoming releases.

President Trump's cybersecurity strategy emphasizes offensive cyber operations as a central pillar of US policy, alongside deregulation of industry and accelerated AI adoption. The seven-page blueprint outlines six pillars including disrupting adversaries, promoting deregulation, modernizing federal networks with zero-trust architecture and AI-powered defenses, securing critical infrastructure, and maintaining technological superiority. The strategy represents a significant shift from past approaches by prioritizing offensive operations and AI integration while addressing federal system defense and critical infrastructure protection.

WeKnora contains a critical Remote Code Execution vulnerability in its SQL validation framework where the validateNode() function in Phase 5 fails to recursively inspect PostgreSQL ArrayExpr and RowExpr node types, allowing attackers to smuggle dangerous functions like pg_read_file() inside array expressions and bypass all SQL injection protections. An unauthenticated attacker can chain these functions with large object operations to achieve arbitrary code execution on the database server.