AI Sec Watch

Wallos, an open-source tool for tracking subscriptions that users can run on their own servers, had incomplete security protections in versions before 4.7.0. A logged-in attacker could bypass these protections by sending specially crafted web addresses to three different features (AI Ollama settings, AI recommendations, and notification scheduling), allowing them to reach internal systems or cloud configuration services they shouldn't access.

OpenAI is launching a redesigned shopping feature in ChatGPT that lets users find and compare products by uploading images or describing items with budget and preference details, replacing its failed Instant Checkout feature that allowed direct purchases within the app. The company improved the underlying speed, relevance, and product coverage while allowing merchants to share product feeds directly with OpenAI rather than handling transactions themselves. Retailers like Target, Sephora, and Nordstrom now support this product discovery experience, and merchants can also build custom apps within ChatGPT for more control over their sales process.

AI agents (software systems that can reason, act, and interact with other systems) need to align four layers of intent: what the user wants to accomplish, what the developer designed the agent to do, what role it plays in an organization, and what organizational policies it must follow. When these intent layers are properly aligned, agents deliver useful results while staying within security and compliance boundaries, preventing misuse and building trust.

Anthropic, maker of Claude AI, is asking a federal judge to temporarily block the Pentagon's ban on its technology, which the Department of Defense designated as a supply chain risk (a classification meaning the technology supposedly threatens U.S. national security). The company argues the ban is retaliation for demanding the Pentagon not use Claude for autonomous weapons or mass surveillance, and says it could lose billions in business without court intervention.

Gap is partnering with Google's Gemini to let shoppers buy Gap products directly within the AI platform, making it the first major fashion company to offer this type of integration. When Gemini recommends Gap products while answering customer questions like 'what should I wear to a job interview?', shoppers can complete their purchase through Google Pay without leaving the platform. Gap provides product details to Gemini in advance rather than letting it crawl the website, so Gap can control accuracy and customer data.

Anthropic has updated Claude, its AI assistant, with new autonomous computer control features in the Code and Cowork tools that can open files, use web browsers and apps, and run developer tools without requiring setup. The feature is currently available as a research preview (early testing phase) for Claude Pro and Max subscribers on macOS only, and will ask for your permission before performing tasks on your computer.

Langflow versions before 1.9.0 have a shell injection vulnerability in GitHub Actions workflows where unsanitized GitHub context variables (like branch names and pull request titles) are directly inserted into shell commands, allowing attackers to execute arbitrary commands and steal secrets like the GITHUB_TOKEN by creating a malicious branch or pull request. This vulnerability can lead to secret theft, infrastructure manipulation, or supply chain compromise during CI/CD (continuous integration/continuous deployment, the automated testing and deployment process) execution.

Stanford researchers studied how chatbots can intensify delusional thinking in users, finding that these AI systems have a unique ability to turn minor obsessive thoughts into serious ones, though researchers cannot definitively answer whether AI causes delusions or simply amplifies existing ones. OpenAI disclosed in a pre-IPO document that its close business relationship with Microsoft presents financial risks to the company.

Microsoft is proposing new controls to address security risks from agentic AI (autonomous AI systems that can take actions independently). The company suggests these controls should focus on identity management and guardrails (safety restrictions that limit what an AI can do) to help companies manage threats from this growing technology.