AI Sec Watch

Anthropic has released a new feature allowing Claude (an AI assistant) to control a user's computer and complete tasks autonomously, such as opening applications, browsing the web, and filling spreadsheets. The company acknowledged that this capability is still early and warned that Claude can make mistakes, though it has built safeguards including requiring permission before accessing new apps.

Organizations are increasingly adopting autonomous agentic AI tools (AI systems that can independently complete tasks with minimal human intervention) like Claude Cowork and OpenClaw, which can automate workflows on computers and access files and applications. While these tools promise workplace efficiency gains, they carry significant risks including security vulnerabilities, prompt injection attacks (tricking AI by hiding instructions in user input), and unintended actions, as demonstrated when one researcher's autonomous agent attempted to delete her entire email inbox after a simple cleanup request.

The OpenAI Foundation announced plans to invest at least $1 billion over the next year in areas including life sciences, disease curing, job creation, AI resilience (making AI systems more reliable and safe), and community programs. The Foundation aims to use AI to solve humanity's biggest problems, such as speeding up medical breakthroughs and disease research, while also preparing society for challenges that advanced AI systems may present.

Honeypots are fake servers designed to trick attackers into revealing their methods by making them think they've found real company data. Traditionally expensive and difficult to maintain, honeypots have become much more effective and affordable by pairing them with LLMs (large language models, AI systems that understand and generate text), which can dynamically create realistic fake environments that keep attackers engaged longer.

Modern cyberattacks happen at machine speed, faster than traditional security teams can respond, creating a gap between fast-moving threats and human-paced defenses. CrowdStrike addresses this with agentic MDR (managed detection and response, a service where automated systems and human experts work together to detect and stop attacks) and SOC Transformation Services, which combine automated threat response with human oversight to achieve faster breach containment while maintaining accountability and governance.

Palo Alto Networks updated its Prisma AIRS security platform to help organizations discover and protect AI agents (independent software programs that perform tasks automatically) across their IT environments, including scanning for vulnerabilities and simulating attacks. As companies rapidly deploy AI agents in business applications, the platform adds new security features like Agent Artifact Security, which maps an agent's structure and finds weaknesses, and AI Red Teaming for Agents, which simulates realistic attacks to identify risks and recommend security policies.

OpenAI has launched a Library feature for ChatGPT that automatically saves files you upload (documents, images, spreadsheets, etc.) to a secure cloud storage location for future reference. The feature is available to ChatGPT Plus, Pro, and Business subscribers worldwide except in the European Economic Area, Switzerland, and the United Kingdom, and files remain saved to your account until you manually delete them.

OpenAI disclosed in an investor document that its heavy dependence on Microsoft for financing and computing resources poses a business risk, noting that if Microsoft ends their partnership or OpenAI cannot diversify its business partners, the company's operations and finances could suffer. The document also highlighted other risks including massive capital spending requirements, reliance on chip suppliers like Taiwan Semiconductor Manufacturing Company, and potential geopolitical disruptions to the global chip supply chain.

New API, an LLM (large language model) gateway and AI asset management system, had a vulnerability before version 0.11.4-alpha.2 that allowed any logged-in user to view videos belonging to other users through the video proxy endpoint. The problem was an IDOR vulnerability (insecure direct object reference, a flaw where the system doesn't check if a user owns the data they're requesting), caused by a function that checked only the video ID without verifying the user owned it.