AI Sec Watch

A WordPress plugin called 'AI ChatBot with ChatGPT and Content Generator by AYS' has a security flaw in versions up to 2.7.5 where missing authorization checks (verification that a user has permission to perform an action) allow attackers without accounts to view, modify, or delete the plugin's ChatGPT API key (a secret code needed to use OpenAI's service). The vulnerability was partially fixed in version 2.7.5 and fully fixed in version 2.7.6.

Hackers are using CyberStrikeAI, an open-source AI security testing platform, to automate attacks against network devices like firewalls. The tool combines over 100 security utilities with an AI decision engine (compatible with GPT, Claude, and DeepSeek models) to automatically scan networks, find vulnerabilities, and execute attacks with minimal hacker skill required. Researchers warn this represents a growing threat as adversaries adopt AI-powered orchestration engines (systems that coordinate multiple tools automatically) to target exposed network equipment.

ChatGPT's mobile app uninstalls surged 295% after OpenAI announced a partnership with the U.S. Department of Defense, while competitor Anthropic's Claude app saw downloads jump 37-51% after publicly declining a similar defense partnership over concerns about AI being used for surveillance and autonomous weapons. The shift in user preference was reflected in app store rankings, with Claude reaching the number one position and ChatGPT receiving a sharp increase in negative reviews.

OpenClaw Gateway had two security flaws that could let an attacker with a valid token escalate their access: the HTTP endpoint (`POST /tools/invoke`, a web interface for running tools) didn't block dangerous tools like session spawning by default, and the permission system could auto-approve risky operations without enough user confirmation. Together, these could allow an attacker to execute commands or control sessions if they reach the Gateway.

Stripe released a preview feature that helps AI startups automatically bill their customers for AI model usage (tokens, which are units of text that AI models process) and add a profit margin on top of the underlying costs. For example, a startup can charge customers 30% more than what it pays to access models from providers like OpenAI or Google, with Stripe automating the tracking and billing process across multiple AI models and third-party gateways.

OpenAI won a Pentagon contract that Anthropic refused, sparking public backlash over concerns about the company's involvement in mass surveillance and automated weaponry. The situation highlights that as AI companies become part of national security infrastructure, neither the companies nor the government appear ready to manage the ethical and policy challenges this creates, particularly around who should have power over these decisions.

A critical vulnerability in OpenClaw, a popular AI tool used by developers, has been discovered and patched. The flaw is part of a pattern of security problems affecting this rapidly-adopted AI agent (a software system that can perform tasks autonomously).

OpenClaw's canvas tool contains a path traversal vulnerability (a security flaw that allows reading files outside intended directories) in its `a2ui_push` action. An authenticated attacker can supply any filesystem path to the `jsonlPath` parameter, and the gateway reads the file without validation and forwards its contents to connected nodes, potentially exposing sensitive files like credentials or SSH keys.

Anthropic has updated Claude to make switching from other AI chatbots easier by adding memory features to the free plan and creating tools to import user data from competitors like ChatGPT and Gemini. These updates let users transfer the context and conversation history their previous AI already knows about them, so they don't have to re-teach Claude the same information.