AI Sec Watch

OpenAI has launched a Library feature for ChatGPT that automatically saves files you upload (documents, images, spreadsheets, etc.) to a secure cloud storage location for future reference. The feature is available to ChatGPT Plus, Pro, and Business subscribers worldwide except in the European Economic Area, Switzerland, and the United Kingdom, and files remain saved to your account until you manually delete them.

OpenAI disclosed in an investor document that its heavy dependence on Microsoft for financing and computing resources poses a business risk, noting that if Microsoft ends their partnership or OpenAI cannot diversify its business partners, the company's operations and finances could suffer. The document also highlighted other risks including massive capital spending requirements, reliance on chip suppliers like Taiwan Semiconductor Manufacturing Company, and potential geopolitical disruptions to the global chip supply chain.

New API, an LLM (large language model) gateway and AI asset management system, had a vulnerability before version 0.11.4-alpha.2 that allowed any logged-in user to view videos belonging to other users through the video proxy endpoint. The problem was an IDOR vulnerability (insecure direct object reference, a flaw where the system doesn't check if a user owns the data they're requesting), caused by a function that checked only the video ID without verifying the user owned it.

A 2026 Mandiant security report shows that attackers are operating faster and more collaboratively, with hand-offs between threat groups now happening in 22 seconds instead of 8+ hours. Attackers are shifting tactics away from email phishing (6% of attacks) toward voice phishing (11%) and other interactive social engineering, while increasingly targeting recovery systems through 'recovery denial' ransomware to prevent organizations from restoring after breaches.

Varonis Atlas is an AI security platform that helps organizations discover, monitor, and protect AI systems across their enterprise, from custom AI models to chatbots and AI agents. The platform addresses a major security gap: most organizations don't know which AI systems they have, what data those systems can access, or whether they're compliant with regulations, creating risks since AI agents can read and modify data at machine speed. Atlas covers the entire AI security lifecycle through features like continuous AI discovery, posture management (vulnerability and misconfiguration assessment), runtime protection, and compliance reporting.

Grammarly (now part of Superhuman) launched a feature called Expert Review in August that used AI to create cloned versions of real journalists and writers, including the interviewer, without their permission to provide writing suggestions. The company faced backlash and legal action, ultimately killing the feature entirely and offering an opt-out option.

As companies convert traditional data centers into AI factories (facilities that produce and run large language models, or LLMs) to generate revenue and gain competitive advantages, they face new security risks. Check Point has created a blueprint architecture (a detailed security design plan) to help enterprises protect these AI data centers as the market grows significantly from $236 billion in 2025 to $934 billion by 2030.

Companies are quickly adopting AI tools to improve productivity and gain business advantages, but this creates new security risks. AI tools often access sensitive company data like customer records and emails, and employees may use LLMs (large language models, AI systems trained on huge amounts of text) without approval, risking accidental leaks of confidential information.

This newsletter covers multiple AI-related developments, including animal welfare advocates exploring how artificial general intelligence (AGI, a theoretical AI system that can learn and perform any intellectual task) might reduce animal suffering, the White House unveiling a light-touch AI regulation framework, and various corporate moves like OpenAI adding ads to free ChatGPT and the Pentagon adopting Palantir's AI for military targeting. The article also discusses Elon Musk being found liable for misleading Twitter investors and a case where an Australian woman's experimental brain implant was removed against her wishes despite significantly improving her quality of life.