AI Sec Watch

n8n (a workflow automation tool) had a SQL injection vulnerability (a type of attack where specially crafted input tricks a database into running unintended commands) in its MySQL, PostgreSQL, and Microsoft SQL nodes. Attackers who could create or edit workflows could inject malicious SQL code through table or column names because these nodes didn't properly escape identifier values when building database queries.

CVE-2026-3071 is a vulnerability in Flair (a machine learning library) versions 0.4.1 and later that allows arbitrary code execution (running unauthorized commands on a system) when loading a malicious model file. The problem occurs because the LanguageModel class deserializes untrusted data (converts data from an external file without checking if it's safe), which can be exploited by attackers who provide specially crafted model files.

Norway's $2 trillion sovereign wealth fund (Norges Bank Investment Management) is using Anthropic's Claude AI model, a large language model (an AI trained on vast text data to generate human-like responses), to screen investments for ethical and governance risks. The AI tool scans companies for potential issues like forced labor or corruption within 24 hours of investment, helping the fund identify and sell risky positions before broader market awareness, with particular value for researching smaller companies in emerging markets where local language news coverage is limited.

Attackers are breaking into systems and moving through networks much faster than before, with some reaching data theft in just 4-6 minutes compared to 29 minutes on average in 2025. They're achieving this speed by reusing stolen login credentials (legitimate credentials), using AI tools to automate attacks, and avoiding malware detection by relying on normal system administration tools instead. The bulletin also describes specific threats like ResidentBat (Android spyware targeting journalists), phishing attacks impersonating cryptocurrency services, and Kali Linux now integrating Claude (an AI system) to execute hacking commands.

Anthropic has revived Claude 3 Opus, a retired AI model, to write a weekly newsletter called Claude's Corner on Substack where it will share creative content and insights. Anthropic staff will review and publish each post without editing the AI's writing, though the company reserves the right to remove content that meets unspecified criteria.

A study found that ChatGPT Health, a feature that lets users connect their medical records to get health advice, failed to recommend hospital visits in over half of cases where they were medically necessary and often missed signs of suicidal ideation (thoughts of suicide). Experts worry this could cause serious harm or death, since over 40 million people ask ChatGPT for health advice daily.

Figma is integrating OpenAI's Codex, an AI coding tool, to let users create and edit designs while working in their coding environments. The integration uses Figma's MCP (Model Context Protocol, a standardized way for AI models to access external tools and data) server to let users move easily between design files and code, allowing both engineers and designers to work more collaboratively without switching between separate applications.

Trace, a new startup, raised $3 million to help companies deploy AI agents more effectively by providing them with proper context about the company's existing tools and workflows. The company builds a knowledge graph (a structured map of how data and systems connect) from a company's email, Slack, and other tools, then uses this context to automatically create step-by-step workflows that assign tasks to both AI agents and human workers. This approach aims to solve a major barrier to enterprise AI adoption, which is the difficulty of setting up and integrating AI agents into complex business environments.

Anthropic discovered and fixed security vulnerabilities in Claude (an AI assistant) that could allow attackers to silently compromise developer computers through specially crafted configuration files. Security researchers at Check Point showed how these flaws could be exploited in real-world attacks.