AI Sec Watch

Australian politicians are raising concerns that the country is unprepared for AI development, with calls to prevent large tech companies from using Australian content to train AI models (teach AI systems by feeding them data) and to pause approval of new datacenters until proper regulations exist. The debate reflects worry that AI is advancing faster than government safeguards can keep up.

OpenAI released an improved GPT-5.5-Cyber model and updated Codex Security plugin (a tool for finding and fixing code problems) to help security defenders find and patch software vulnerabilities more quickly. The company is also launching Patch the Planet, a partnership with Trail of Bits to secure open-source projects, because AI models are now finding vulnerabilities faster than developers can fix them, shifting the bottleneck from discovery to patching.

Five Eyes cybersecurity agencies (US, UK, Canada, Australia, New Zealand) warn that threat actors are increasingly using AI to bypass security defenses, with capabilities advancing in months rather than years, so organizations must urgently update their cyber risk strategies. They recommend that business leaders treat cybersecurity as core business risk, get security fundamentals right, use AI deliberately to strengthen defenses, and take practical actions like reducing attack surface, accelerating security patches, and preparing breach response plans. However, some experts criticize the guidance as too generic and lacking specific advice on AI-related risks.

Omio, a travel platform connecting millions of travelers with transportation options, is using conversational AI (AI that understands natural language questions from users) to let people book trips by simply describing where they want to go, rather than searching through websites. The company launched this capability through ChatGPT in 2023 by connecting OpenAI's language models directly to its real-time transportation data, and it is now using similar AI tools internally to help engineers and other employees work more efficiently.

Researchers discovered that AI models struggle to distinguish between their own internal instructions (wrapped in tags like <system> and <think>) and untrusted user input (wrapped in <user> tags), a problem called role confusion. The models pay more attention to the writing style of text than its actual meaning, allowing attackers to craft jailbreaks (unauthorized bypasses of safety rules) by mimicking the style of internal thinking blocks. However, rewriting malicious text in a different style (called 'destyling') significantly reduced attack success rates from 61% to 10%, showing that format changes can help models better distinguish between trusted and untrusted content.

This article describes successfully porting the Moebius image inpainting model (a small AI model that can remove objects from images and fill in the missing areas) to run in a web browser using WebGPU (a graphics technology that lets browsers use GPU acceleration). The author used Claude Code, an AI coding agent, to help convert the model from Python and NVIDIA CUDA (specialized GPU software for training AI) into a web-compatible format using ONNX Runtime Web.

Budibase has a DNS rebinding vulnerability (a type of attack where DNS lookups return different IP addresses at different times) in its SSRF protection. The software checks if a hostname is safe by looking up its IP address and checking a blacklist, but then performs a separate DNS lookup when actually connecting. An attacker controlling DNS can return a public IP during the safety check and a private/internal IP during the actual connection, allowing them to access internal services like localhost or cloud metadata endpoints.

LangChain, a framework for building AI agents and applications powered by large language models, had a vulnerability before version 1.3.9 where several components that work with file paths did not properly restrict access to files. This meant attackers could use glob patterns (wildcards for matching multiple files), symlinks (shortcuts to files), or specially crafted paths to read files outside the intended directory, especially when an AI system processes untrusted input. The vulnerability allowed unauthorized file disclosure.

Anthropic updated its privacy policy to allow Claude users to appeal account flags by uploading government-issued ID documents and biometric data (facial scans and face geometry templates, which are digital measurements of facial features). The policy applies only to a small subset of users whose accounts are flagged for fraud rather than immediately banned, and Anthropic says it uses this verification to comply with various legal requirements and security measures.