AI Sec Watch

The Trump administration is considering requiring advanced AI models to be reviewed before public release, particularly those capable of helping users find software vulnerabilities (weaknesses in code that attackers can exploit). This discussion was prompted by Anthropic's Mythos model, which can identify thousands of high-severity vulnerabilities better than most human programmers, though the company has not released it publicly and instead created Project Glasswing to give selected companies access for defensive purposes (finding and fixing vulnerabilities before attackers do).

Between February and April 2026, the ogham-mcp package accidentally published 22 versions on PyPI (the Python package repository) with embedded credentials, including database passwords for Neon postgres (a database service) and a Voyage AI API key (a token that grants access to an AI service). No evidence of actual misuse was found, and all credentials have been rotated by the maintainers.

OpenAI is expanding its ChatGPT advertising pilot by introducing new tools that make it easier for businesses to create and buy ads. Advertisers can now use a beta self-serve Ads Manager (a tool for setting up and managing ad campaigns) or work through partners, and can choose between cost-per-click (CPC, paying only when someone clicks an ad) or cost-per-mille (CPM, paying per 1,000 ad views) bidding options. The platform includes measurement tools that let advertisers see campaign performance without accessing user conversations, maintaining privacy.

OpenAI has published a European Youth Safety Blueprint with five practical pillars to help protect young people using AI, including age-appropriate safeguards, privacy-preserving age verification, and parental controls. The company is also funding 12 organizations across Europe, the Middle East, and Africa with €500,000 in grants to conduct research and programs on youth safety, AI literacy, and mental health support in real-world settings.

OpenAI and PwC are collaborating to help finance teams use AI agents (software programs that can autonomously perform tasks) to automate workflows, reduce manual work, and improve decision-making in finance departments. The partnership is building these agents based on real-world experience from OpenAI's own finance organization, where they have already seen results like processing 5 times more contracts with the same team size.

Titra, an open source time tracking application, has a vulnerability in version 0.99.52 where the globalsettings Meteor publication (a feature that broadcasts data to connected users) exposes sensitive configuration information like API keys without checking if the user has admin permissions. Any authenticated user (someone logged into the system) can access these secrets through DDP (the protocol Meteor uses to send data to clients).

Apache OpenNLP has a vulnerability where three methods in AbstractModelReader read count values from binary model files without checking if they're reasonable, allowing an attacker to trigger an OOM error (a crash caused by the program running out of memory) by creating a malicious .bin file with an extremely large count value. This denial of service (making a service unavailable) attack requires minimal file size and crashes the Java virtual machine early during model loading.

Evolver, a self-evolving engine for AI agents, had a prototype pollution vulnerability (a bug where attackers inject malicious properties into core JavaScript objects) in versions before 1.69.3. The flaw existed in functions that merged user data without blocking dangerous keys like __proto__ and constructor, allowing attackers to modify how all JavaScript objects behave.

Evolver, a tool that helps AI agents improve themselves, had a command injection vulnerability (a security flaw where attackers trick the system into running unauthorized commands) in versions before 1.69.3. The flaw was in the _extractLLM() function, which built shell commands using simple string concatenation without cleaning the input first, allowing attackers to execute arbitrary commands on the server when certain input contained shell metacharacters (special characters that have meaning to the command system).