AI Sec Watch

Microsoft fixed a vulnerability chain called AutoJack in AutoGen Studio, a graphical tool for building multi-agent AI systems (where multiple AI programs work together). The flaw let attackers trick an AI agent into running arbitrary commands (unrestricted code) on the host system just by having a developer visit a malicious webpage. The vulnerability was caught before any official release, so only developers building directly from GitHub source code during a brief window were affected.

Check Point, a security company serving over 100,000 customers, has partnered with OpenAI to integrate advanced AI models into its cybersecurity products through OpenAI's Daybreak Cyber Partner Program. This integration aims to improve threat prevention, speed up incident response (remediation, the process of fixing security issues), and strengthen security operations for their customers.

OpenAI launched "Patch the Planet," a program partnering with security firms Trail of Bits, HackerOne, and Calif to provide free security consulting to open-source software maintainers. The initiative helps developers find and patch vulnerabilities (security weaknesses in code), strengthen their code bases, and incorporate AI security tools, addressing the problem that AI-powered bug-hunting tools have overwhelmed maintainers with large numbers of vulnerability reports they struggle to prioritize.

Patch the Planet is an initiative where Trail of Bits engineers partnered with OpenAI to use advanced AI models (like GPT-5.5-Cyber, a frontier model trained on security tasks) to find and fix bugs in critical open-source projects. In the first week, the team discovered hundreds of bugs, submitted 64 pull requests, and filed 51 issues across 19 major projects like Python, Go, and RustCrypto, with 37 patches already merged into the projects' code.

AWS Continuum is a new security service designed to help enterprises automatically discover, investigate, and fix vulnerabilities in code created by AI coding agents (software tools that write code with minimal human input). Instead of requiring developers and security teams to manually review every security finding, Continuum can analyze code, determine if vulnerabilities are actually exploitable, suggest fixes, and even autonomously fix issues in "enforce mode" once it understands an organization's security requirements.

Researchers discovered four vulnerabilities in Dify, an open-source platform for building AI workflows, that could let attackers read private AI conversations from other customers without logging in. These flaws, called DifyTap, exploited missing permission checks to expose chat messages across different customer accounts (called cross-tenant impact, where one customer's data leaks to another) and allowed unauthorized access to uploaded files and internal system APIs.

SpaceX has signed a deal with Reflection AI, an open-source AI startup, to provide access to high-end Nvidia chips (specialized processors used for training AI models) for computing power. Reflection will pay SpaceX $150 million per month starting in 2026 through 2029, totaling about $6.3 billion, as SpaceX monetizes its Colossus data center infrastructure that was originally built to power Grok, Musk's AI chatbot.

Intelligence agencies from five countries (Australia, US, UK, New Zealand, and Canada) issued a joint warning that extremely powerful AI models capable of causing severe damage to governments and businesses could arrive within months, urging world leaders to take immediate action. The warning came after the Trump administration blocked foreign nationals from accessing Anthropic's Fable AI model, a highly anticipated AI system.

Organizations are rapidly deploying AI agents (software systems that can perform tasks automatically) without securing the legacy infrastructure they depend on, creating a major security gap. Attackers can bypass AI-specific security measures by exploiting old vulnerabilities in underlying systems like unpatched servers, misconfigured permissions (Active Directory access controls), and cached credentials (stored login information), giving them access to the data and resources the AI agents use. The article demonstrates how this happens through a real attack example involving an S3 bucket (cloud storage), Lambda functions (serverless computing services), and overly broad access permissions.