AI Sec Watch

The U.S. government allowed Anthropic to release its Mythos 5 AI model to about 100 companies and federal agencies after a two-week standoff, during which Anthropic had disabled access to its latest models due to export control restrictions (government rules limiting what technology can be shared internationally). The Commerce Department said the decision was made to keep America competitive in AI while protecting national security.

Zhipu's GLM 5.2, a Chinese open source AI model (a model that can be freely downloaded and modified), has achieved performance comparable to top U.S. models like Anthropic's Opus 4.8 while costing significantly less, making it attractive to companies concerned about AI spending. Unlike proprietary models from OpenAI and Anthropic that face government restrictions, GLM 5.2 can be run on companies' own servers without risk of being revoked, positioning open source AI as a more reliable and cost-effective alternative for enterprise use.

A researcher ran a public challenge where 2,000 people attempted to hack an AI assistant by sending emails containing prompt injection attacks (tricks to make an AI ignore its safety rules and reveal secrets). After 6,000 total attempts, nobody successfully leaked the system's secrets, suggesting that modern AI models are becoming more resistant to these attacks through better training.

Attackers are creating fake OpenAI organizations impersonating real companies and sending legitimate-looking invitations to employees to trick them into sharing sensitive information like source code and internal documents in chats. The fraudulent invitations come from OpenAI's real email servers and include payment methods attached, making them difficult to spot even though OpenAI includes a warning that the inviter's email domain doesn't match the recipient's company.

Cisco is acquiring companies called Astrix and WideField to add NHI (network hygiene intelligence, which monitors and maintains network health) to its security products. The company believes that securing AI agents (autonomous software programs that perform tasks with minimal human input) requires making identity, which verifies who or what is accessing a system, the main control system.

The fluent-plugin-opentelemetry plugin's HTTP input lacks size limits, allowing attackers to send huge or highly compressed files that consume excessive memory when decompressed, causing a DoS (denial of service, a type of attack that makes a service unavailable) attack by crashing the Fluentd logging process. If the OpenTelemetry endpoint (a connection point that accepts telemetry data) is exposed to untrusted networks, an attacker can exploit this to disrupt all log collection on the affected server.

OpenAI has confidentially filed documents with the SEC (Securities and Exchange Commission, the government agency that oversees stock market listings) but has not yet held investor meetings or announced an official timeline for going public, though reports suggest a potential 2027 IPO. The company is intentionally downplaying expectations about when it will list on the stock market, with CEO Sam Altman stating that going public is a 'financing event' rather than a near-term priority.

AutoGPT versions before 0.6.32 contain a DoS (denial of service, where a system is overwhelmed and stops working) vulnerability in its AITextSummarizerBlock component. A malicious user can input a small amount of content that causes the server to consume massive amounts of memory, exhausting resources and crashing the system, for example turning 10K of input into 50G of memory usage.

OpenAI announced a limited preview of three new GPT-5.6 models: Sol (high-performance), Terra (balanced), and Luna (fast and affordable), with pricing ranging from $1-$30 per million tokens depending on the model and whether the input or output is being processed. The company is starting with a limited preview for trusted partners approved by the U.S. government before making the models more broadly available, and the new models include improved prompt caching (a feature that stores frequently used inputs to speed up responses) with explicit cache breakpoints and longer minimum cache duration.