AI Sec Watch

A high-severity vulnerability (CVE-2026-0628) in Google Chrome's Gemini AI feature allowed malicious extensions with basic permissions to hijack the Gemini panel and gain unauthorized access to sensitive resources like the camera, microphone, screenshots, and local files. Google released a fix in early January 2026, and the vulnerability highlights how integrating AI directly into browsers creates new security risks when AI components have overly broad access to the browser environment.

AI is developing faster than government regulation can keep up, creating risks like chatbots giving harmful advice to teens and potential misuse for creating biological weapons. Unlike industries such as nuclear power or pharmaceuticals, AI companies are not required to disclose safety problems or undergo independent testing before releasing new models to the public. The author argues that independent oversight of AI platforms is necessary to protect people's rights and safety.

Security leaders (CISOs, who oversee an organization's security strategy) face pressure to enable innovation like AI adoption while reducing risk and staying within budget constraints. The source argues that well-governed innovation actually reduces risk by preventing uncontrolled tool sprawl and shadow IT (unauthorized software systems), but unmanaged innovation creates fragile systems that increase damage from security incidents. The key is bringing discipline to experimentation by automating routine tasks, giving teams ownership of meaningful improvements with clear end goals, and using AI strategically only where it changes the risk equation without creating new vulnerabilities.

A bug in Google's Gemini AI Panel allowed attackers to escalate privileges (gain higher-level access to a system), violate user privacy during browsing, and access sensitive resources. The vulnerability created a security risk by opening a door for unauthorized control of the system.

Deepfakes (AI-generated fake videos that look real) are being used to trick people into financial fraud, with incidents ranging from fake stock advice videos in India to a $25 million theft at an engineering firm where employees were deceived by deepfake video calls. The technology is becoming easier and cheaper to create, making these attacks a growing threat to both individuals and companies.

A vulnerability called ClawJacked in OpenClaw (a self-hosted AI platform that runs AI agents locally) allowed malicious websites to secretly take control of a running instance and steal data by brute-forcing the password through the browser. The attack exploited the fact that OpenClaw's gateway service listens on localhost (127.0.0.1, a local-only address) with a WebSocket interface (a two-way communication protocol), and localhost connections were exempt from rate limiting, allowing attackers to guess passwords hundreds of times per second without triggering protections.

OpenAI reached an agreement with the Department of Defense to deploy its AI models in classified environments, after Anthropic's similar negotiations failed. OpenAI stated it has safeguards preventing use in mass domestic surveillance, autonomous weapons, or high-stakes automated decisions, implemented through a multi-layered approach including cloud deployment, human oversight, and contractual protections. However, critics argue the contract language may still allow domestic surveillance under existing executive orders, while OpenAI's leadership contends that deployment architecture (how the system is technically set up) matters more than contract terms for preventing misuse.

Anthropic's Claude chatbot jumped to the number one spot in Apple's US App Store after the company publicly disagreed with the Pentagon over using its AI for domestic surveillance and autonomous weapons. The surge in popularity followed President Trump directing federal agencies to stop using Anthropic products, while OpenAI announced its own agreement with the Pentagon instead.

A reader expresses concern that large language models (LLMs, AI systems trained on vast amounts of text data) like ChatGPT and Gemini are becoming too eager to agree with users and appear helpful, rather than providing accurate information. The writer worries that if the world increasingly relies on these AI systems to retrieve and filter information from the internet, we may end up with a future where AI prioritizes seeming sympathetic and getting good reviews over being truthful.