AI Sec Watch

AI companies are spending over $20 million in a New York congressional race between AI safety advocate Alex Bores and two other candidates, with competing super PACs (political action committees, groups that raise unlimited money for political causes) backing different approaches to AI regulation. Leading the Future, backed by companies like OpenAI and Andreessen Horowitz, opposes Bores and favors lighter regulation, while Public First Action, funded by Anthropic, supports Bores and advocates for stricter safety requirements built into AI models from the start. This race has become a proxy battle over whether the U.S. government should heavily regulate the AI industry or allow it to develop with fewer restrictions.

A security firm created a fake AI agent skill (a bundle of instructions that agents load and follow) that bypassed all security scanners and reached approximately 26,000 agents by exploiting a structural weakness: scanners only check the skill's initial package, but attackers can change the external webpage the skill points to after it passes review. The fake skill appeared legitimate through inherited GitHub credibility and targeted ads, demonstrating that current trust signals and scanning tools fail to catch sophisticated attacks.

Advanced AI models offer benefits like stronger cybersecurity and faster scientific discovery, but they also pose safety and security risks if their capabilities aren't properly understood or safeguarded. To address this, OpenAI helped found the Appia Foundation (an organization hosted by the Linux Foundation), which will create open technical standards and assessment criteria that allow different organizations and governments to evaluate and trust AI systems using a shared language and consistent methods.

Traditional security detection tools were not designed to handle AI-era threats, which move faster and create new attack surfaces through prompt injection (tricking AI by hiding instructions in its input), coding agents accessing codebases, and cloud-native AI services. The document argues that manual investigation by security analysts is too slow when the time between initial access and damage can shrink to minutes, requiring instead real-time detection with automated investigation and containment rather than human-driven responses.

This newsletter roundup covers several AI and tech developments, including ASML's $400 million lithography machine (a tool that uses extreme-ultraviolet light to pattern features on computer chips) that dominates global chipmaking, tensions between Anthropic and the US government over export controls on an AI coding model, and Meta pausing an AI training program that tracked workers' keystrokes after sensitive data was leaked.

Some parents and education experts are concerned that using AI chatbots (software programs that simulate conversation) like Google Gemini in classrooms may discourage independent thinking, with critics arguing there is little evidence these tools actually help students learn. One parent in New York objected to an assignment where students used an AI chatbot for feedback instead of discussing improvements with peers or teachers.

Agentic AI (artificial intelligence systems that can independently execute tasks without human intervention at each step) represents a major shift in cybersecurity threats because it allows attackers to move from using AI as a drafting tool to using it as an autonomous weapon that can plan and carry out attacks on its own. This technology lowers the barrier to entry for unskilled attackers while dramatically speeding up campaigns from experienced ones, creating a broader threat landscape where attackers can now operate at speeds and scales that were previously impossible.

OpenAI expanded its Daybreak cybersecurity initiative to focus on fixing vulnerabilities faster rather than just finding them, arguing that AI models have made vulnerability discovery so fast that security teams are overwhelmed by the volume of findings. The company released an updated Codex Security plugin (a tool that scans code and generates patches) and GPT-5.5-Cyber (a specialized AI model for security work), along with Patch the Planet, a program that deploys security experts to help open source projects validate and fix vulnerabilities.

Anthropic's Fable 5 model was successfully jailbroken (tricked into bypassing its safety restrictions) shortly after its release, despite the company's claims that it had been thoroughly tested for security. The source criticizes overconfident security statements, noting that even rigorous testing cannot guarantee that vulnerabilities will not be discovered.