AI Sec Watch

Perplexity launched Personal Computer, an AI agent tool that runs continuously on a spare Mac connected to your local network and can access your files and apps to act as a personal digital assistant. Unlike their earlier Perplexity Computer product, this version runs locally on your own hardware rather than on Perplexity's servers, making it more personalized and controllable from any device.

A writer tests whether ChatGPT can match their creative writing ability by competing in writing exercises, including inventing words and writing a piece about two women in a retail setting. While the AI produces some clever phrases and even captures aspects of the writer's personal style when trained on their previous work, the writer ultimately finds their own writing superior in depth and emotional authenticity.

Chinese tech companies are rapidly adopting and deploying OpenClaw, an open-source AI agent (a digital assistant that can autonomously perform tasks like sending emails and booking reservations) to attract users and compete in the AI market. Companies like Tencent and ByteDance are addressing a key barrier to adoption by simplifying the installation process through one-click setups and web-based versions, making the tool more accessible to non-technical users.

North Korean threat actors are running fake IT worker scams where they pose as recruiters or job candidates to trick developers into running malicious code, often through fake technical interviews in what's called the Contagious Interview campaign. GitLab disrupted these operations by banning 131 suspect accounts and repositories that hosted malware loaders (obfuscated packages designed to download and run malicious software from external locations), and researchers found that scammers are increasingly using AI to create fake identities and develop custom code obfuscation techniques.

McDonald's AI recruiting platform had a critical security flaw with a default password (123456) and no multi-factor authentication (a login method requiring multiple verification steps), exposing 64 million applicants' data. As companies deploy AI tools faster than they can secure them, cyber insurers are responding by tightening policies, raising premiums, and adding exclusions for AI-related incidents, while also offering discounts to organizations that use AI-based security tools.

Anthropic, an AI company, is suing the Trump administration, claiming the government is retaliating against it for refusing to let its AI tools be used in mass surveillance (monitoring large populations without consent) and autonomous weapons (weapons that can make decisions independently). Major tech companies like Microsoft and Google have publicly supported Anthropic's lawsuit, arguing that the government's actions violate free speech rights and could harm the entire technology sector.

Zendesk is acquiring Forethought, a company that builds AI agents (software programs that can automatically handle tasks without human control) to automate customer service interactions. Forethought was an early pioneer in this space, winning a major startup competition in 2018 before ChatGPT even existed, and by 2025 was handling over a billion customer service interactions monthly. Zendesk plans to integrate Forethought's technology into its own products to add more advanced AI capabilities like voice automation and autonomous features.

FastGPT, an AI Agent building platform, has a vulnerability in its Python Sandbox (fastgpt-sandbox) in version 4.14.7 and earlier where attackers can bypass file-write protections by remapping stdout (the standard output stream) to a different file descriptor using fcntl (a tool for controlling file operations), allowing them to create or overwrite files inside the sandbox container despite intended restrictions.

PingPong is a platform for using LLMs (large language models, AI systems trained on massive amounts of text) in teaching and learning. Before version 7.27.2, authenticated users (those logged in) could potentially access or delete files they shouldn't have permission to see or modify, including private user files and AI-generated outputs. An attacker would need to be logged in and have access to at least one conversation thread to exploit this vulnerability.