AI Sec Watch

Langflow versions before 1.9.0 have a shell injection vulnerability in GitHub Actions workflows where unsanitized GitHub context variables (like branch names and pull request titles) are directly inserted into shell commands, allowing attackers to execute arbitrary commands and steal secrets like the GITHUB_TOKEN by creating a malicious branch or pull request. This vulnerability can lead to secret theft, infrastructure manipulation, or supply chain compromise during CI/CD (continuous integration/continuous deployment, the automated testing and deployment process) execution.

Stanford researchers studied how chatbots can intensify delusional thinking in users, finding that these AI systems have a unique ability to turn minor obsessive thoughts into serious ones, though researchers cannot definitively answer whether AI causes delusions or simply amplifies existing ones. OpenAI disclosed in a pre-IPO document that its close business relationship with Microsoft presents financial risks to the company.

Microsoft is proposing new controls to address security risks from agentic AI (autonomous AI systems that can take actions independently). The company suggests these controls should focus on identity management and guardrails (safety restrictions that limit what an AI can do) to help companies manage threats from this growing technology.

A new set of prompt-based safety policies have been released to help developers protect teenagers using AI systems. These policies, designed to work with gpt-oss-safeguard (an open-weight safety model that detects harmful content), address common teen-specific risks like graphic violence, sexual content, and dangerous challenges by converting safety goals into clear, operational rules that developers can apply consistently across their systems.

Anthropic has released a new feature allowing Claude (an AI assistant) to control a user's computer and complete tasks autonomously, such as opening applications, browsing the web, and filling spreadsheets. The company acknowledged that this capability is still early and warned that Claude can make mistakes, though it has built safeguards including requiring permission before accessing new apps.

Organizations are increasingly adopting autonomous agentic AI tools (AI systems that can independently complete tasks with minimal human intervention) like Claude Cowork and OpenClaw, which can automate workflows on computers and access files and applications. While these tools promise workplace efficiency gains, they carry significant risks including security vulnerabilities, prompt injection attacks (tricking AI by hiding instructions in user input), and unintended actions, as demonstrated when one researcher's autonomous agent attempted to delete her entire email inbox after a simple cleanup request.

The OpenAI Foundation announced plans to invest at least $1 billion over the next year in areas including life sciences, disease curing, job creation, AI resilience (making AI systems more reliable and safe), and community programs. The Foundation aims to use AI to solve humanity's biggest problems, such as speeding up medical breakthroughs and disease research, while also preparing society for challenges that advanced AI systems may present.

Honeypots are fake servers designed to trick attackers into revealing their methods by making them think they've found real company data. Traditionally expensive and difficult to maintain, honeypots have become much more effective and affordable by pairing them with LLMs (large language models, AI systems that understand and generate text), which can dynamically create realistic fake environments that keep attackers engaged longer.

Modern cyberattacks happen at machine speed, faster than traditional security teams can respond, creating a gap between fast-moving threats and human-paced defenses. CrowdStrike addresses this with agentic MDR (managed detection and response, a service where automated systems and human experts work together to detect and stop attacks) and SOC Transformation Services, which combine automated threat response with human oversight to achieve faster breach containment while maintaining accountability and governance.