AI Sec Watch

A BBC program discusses engaging chatbots and interviews NVIDIA about AI chat technology, exploring how to make AI conversations sound more human and examining emotional connections between people and AI systems. The program also covers how new technology is assisting stroke survivors.

Skill-scanner versions 1.0.1 and earlier have a vulnerability in their API Server (a network interface that lets external programs communicate with the software) where the server is incorrectly exposed to multiple network interfaces without proper authentication. An attacker could send requests to this server to cause a denial of service attack (making it unavailable by exhausting its resources) or upload files to unintended locations on the device.

OpenClaw's Slack integration had a vulnerability where Slack channel descriptions could be injected into the AI model's system prompt (the instructions that tell the AI how to behave). This allowed attackers to use prompt injection (tricking an AI by hiding instructions in its input) to potentially trigger unintended actions or expose data if tool execution was enabled.

Anthropic released Claude Sonnet 4.6, a new AI model that performs better at coding, computer use, and data processing tasks, making it the default option for free and paid users. This launch reflects the intense competition in the AI industry, with Anthropic releasing two major models in less than two weeks to keep pace with rivals like OpenAI and Google.

Figma has partnered with Anthropic to launch a feature called 'Code to Canvas' that converts AI-generated code (from tools like Claude Code) into editable designs within Figma's platform. This allows teams to take working interfaces created by AI agents, refine them, compare options, and make design decisions together in Figma, bridging the gap between AI coding tools and design workflows.

WordPress has introduced a new AI assistant that lets users edit their websites by typing natural language requests (instructions written in plain English rather than code) instead of manually making changes. The AI can edit and translate text, generate and modify images, and adjust site elements like creating pages or changing fonts, accessible through the site editor sidebar and block notes feature (a commenting tool added in WordPress 6.9).

Researchers discovered that AI assistants like Microsoft Copilot and Grok, which can browse the web and fetch URLs, can be abused as command-and-control (C2) proxies, a stealthy communication channel that lets attackers send commands to malware and receive data back while blending in with normal business communications. This technique, which requires the attacker to have already compromised a machine, works without needing API keys or accounts, making traditional security measures like key revocation ineffective. The attack demonstrates how AI tools can be weaponized beyond just generating malware, but also as intelligent intermediaries that help attackers adapt their strategies in real time based on information from the compromised system.

Anthropic released Sonnet 4.6, an updated version of its mid-size AI model with improvements in coding, instruction-following, and computer use (the ability to interact with computer interfaces). The new model features a context window (the amount of text an AI can read and remember at once) of 1 million tokens, double the previous size, allowing it to process entire codebases or dozens of research papers in one request.

Mistral AI, a French company developing large language models (LLMs, AI systems trained on huge amounts of text data), has acquired Koyeb, a startup that helps developers deploy AI applications without managing server infrastructure (a method called serverless computing). This acquisition allows Mistral to expand beyond just building AI models into offering complete cloud infrastructure services, including helping customers run AI models on their own hardware and optimize performance.