AI Sec Watch

Anthropic released a new Claude plugin that uses dimensional analysis (a technique for tracking units of measurement in code) to find bugs more effectively than traditional LLM-based security tools. Instead of asking an AI to identify vulnerabilities directly, the plugin uses the LLM to annotate code with dimensional types, then mechanically flags mismatches, achieving 93% recall compared to 50% for standard prompts.

The identity and access management (IAM) market, which handles who gets access to systems and data, is growing rapidly and shifting focus from simple password-based login toward treating identity as a core security layer. Organizations are increasingly adopting phishing-resistant authentication methods like passkeys (security keys that replace passwords) and managing non-human identities (service accounts, API keys, and AI agents), which now outnumber human users in most enterprises by about three to one. This shift is driven by the rise of agentic AI (autonomous AI systems that act independently) and stricter regulations requiring continuous verification of who accesses what data.

OpenAI's Model Spec is a formal framework that explicitly defines how AI models should behave across different situations, including how they follow instructions, resolve conflicts, and operate safely. The document is designed to be public and readable so that users, developers, researchers, and policymakers can understand, inspect, and debate intended AI behavior rather than having it hidden inside training processes. The Model Spec is not a claim that current models already behave perfectly, but rather a target for improvement that OpenAI uses to train, evaluate, and iteratively improve model behavior over time.

This article summarizes recent developments in AI, including controversies over weaponizing AI models like Claude, major user departures from ChatGPT, and large protests against AI in London. On a lighter note, AI agents (software programs that can act independently to accomplish tasks) are becoming popular online, with companies hiring their creators and developing quirky applications where AI agents appear to develop their own beliefs and philosophies.

Traditional enterprise security relied on slow, manual processes where vulnerabilities were discovered through periodic scans, then triaged and fixed in a delayed workflow. AI and LLM-based systems are breaking this model by automating triage (the process of sorting and prioritizing findings), delivering vulnerabilities with full context and demanding immediate action, which forces organizations to rethink who is responsible for fixes and how quickly decisions happen. This shift also makes accountability explicit rather than implicit, requiring security teams to transition from handling individual findings to overseeing AI decision-making accuracy and approving exceptions.

Modern cybersecurity operations face attacks that happen in seconds, overwhelming traditional human-centered defenses. CrowdStrike introduced Charlotte AI AgentWorks and Charlotte Agentic SOAR, two interconnected systems that use AI agents (autonomous software that can reason and take actions) to work alongside security analysts, automating routine tasks while keeping humans in control through oversight and guardrails.

OpenAI has shut down Sora, its AI video-generation app (software that creates realistic videos from text descriptions), less than two years after launch, to focus on other projects like robotics and autonomous AI agents. The closure ends both the consumer app and professional platform, though image-making tools in ChatGPT remain unaffected. Disney, which had recently licensed its intellectual property (creative works and characters owned by a company) to Sora in a landmark deal, said it will now explore partnerships with other AI platforms.

OpenAI has launched a Safety Bug Bounty program to identify AI abuse and safety risks in its products, complementing its existing Security Bug Bounty program. The new program focuses on issues like prompt injection (tricking an AI by hiding instructions in its input) that hijacks AI agents to perform harmful actions, unauthorized feature access, and proprietary information leaks, even if they don't qualify as traditional security vulnerabilities. Researchers can submit reports on reproducible safety issues that pose plausible and material harm to users.

Anthropic introduced auto mode for Claude Code, a new permissions system where Claude automatically decides whether to allow actions with safeguards in place. A separate classifier model (Claude Sonnet 4.6) reviews each action before it runs to block requests that go beyond the task scope, target untrusted infrastructure, or appear malicious, using customizable default filters that cover allowed operations like read-only requests and local file work, while blocking risky actions like force-pushing to git repositories or executing external code.