AI Sec Watch

Cohere launched Tiny Aya, a family of open-weight (publicly available) multilingual AI models that support over 70 languages and can run on everyday devices like laptops without internet access. The models include regional variants optimized for different language groups, such as South Asian languages like Hindi and Bengali, and are available for developers to download and customize.

Tech companies are being accused of greenwashing (falsely claiming environmental benefits) by conflating traditional machine learning (a type of AI that learns patterns from data) with energy-intensive generative AI (systems that create new text, images, or video). A report analyzing 154 statements found that most claims about AI helping combat climate change refer to older, less resource-heavy machine learning methods rather than the modern chatbots and image generators that consume massive amounts of electricity in data centers.

OpenClaw is a popular open-source tool that orchestrates AI agents (programs that can act independently across devices and trigger workflows) and can interact with online services and chat apps, but security researchers warn it poses serious risks because these agents can perform any action a user can perform while being controlled externally. Early versions were insecure by default, and over 42,000 exposed instances have been found online with critical authentication bypass vulnerabilities (flaws that let attackers skip login checks), creating risks including data theft, unauthorized access, and potential exposure of confidential business information.

AI agents are being used to submit large numbers of pull requests (code contributions) to open-source projects to build fake reputation quickly, a tactic called 'reputation farming.' This is concerning because it could eventually help attackers gain trust in important software projects and inject malicious code through supply chain attacks (attacks targeting the software that other programs depend on), something that normally takes years to accomplish but could now happen much faster.

Researchers discovered that an information stealer (malware that secretly copies sensitive files) infected a victim and stole OpenClaw AI agent configuration files, including gateway tokens (authentication credentials), cryptographic keys, and the agent's operational guidelines. This marks a shift in malware tactics from stealing browser passwords to targeting AI agents, and attackers could use stolen tokens to impersonate victims or access their local AI systems if ports are exposed.

Infostealer malware (malware designed to steal sensitive files and credentials) has been spotted for the first time stealing configuration files from OpenClaw, a local AI agent framework that manages tasks and accesses online services on a user's machine. The stolen files contain API keys, authentication tokens, and other secrets that could allow attackers to impersonate users and access their cloud services and personal data.

The UK government is closing a legal gap by bringing AI chatbots like ChatGPT, Gemini, and Copilot under its Online Safety Act, requiring them to remove illegal content or face fines and being blocked. This move follows criticism of X's Grok chatbot for spreading sexually explicit images, and reflects broader efforts to protect children from harmful online content through new regulations on age limits, infinite scrolling, and VPN access.

Claude Code for Desktop is Anthropic's cloud-based AI coding tool that runs in a container environment (a isolated computing space), accessible through native iPhone and Mac apps. The desktop app lets users see images that Claude is analyzing through a Read /path/to/image tool, providing visual previews of what the AI is working on in real time. The iPhone app currently lacks this image display feature, though the user has requested it.

Attacks on AI language models have evolved beyond simple prompt injection (tricking an AI by hiding instructions in its input) into a more complex threat called "promptware," which follows a structured seven-step kill chain similar to traditional malware. The fundamental problem is that large language models (LLMs, AI systems trained on massive amounts of text) treat all input the same way, whether it's a trusted system command or untrusted data from a retrieved document, creating no architectural boundary between them.