AI Sec Watch

etcd (a distributed key-value store used in systems like Kubernetes) has multiple authorization bypass vulnerabilities that let unauthorized users call sensitive functions like MemberList, Alarm, Lease APIs, and compaction when the gRPC API (a communication protocol for remote procedure calls) is exposed to untrusted clients. These vulnerabilities are patched in etcd versions 3.6.9, 3.5.28, and 3.4.42, and typical Kubernetes deployments are not affected because Kubernetes handles authentication separately.

Langflow has a vulnerability where the image download endpoint (`/api/v1/files/images/{flow_id}/{file_name}`) allows anyone to download images without logging in or proving they own the image (an IDOR, or insecure direct object reference, where attackers access resources by manipulating identifiers). An attacker who knows a flow ID and filename can retrieve private images from any user, potentially exposing sensitive data in multi-tenant setups (systems serving multiple separate customers).

The Trump administration released a seven-point plan for federal AI regulation that prioritizes reducing government oversight while preventing states from creating their own AI rules, arguing this protects a national strategy for AI leadership. The plan focuses mainly on child safety protections, managing electricity costs from AI infrastructure, and promoting AI skills training, but provides limited detail on most points.

OpenAI's Instant Checkout feature, which let users buy products directly in ChatGPT, struggled with technical problems and is being replaced with dedicated retailer apps that redirect users to the retailers' own websites. The main issues were that onboarding merchants was difficult, the AI often had outdated or inaccurate product information (because it relied on web scraping, automatically collecting data from websites), and the overall shopping experience fell short of what users needed.

Google will no longer accept AI-generated bug reports for its open-source software vulnerability reward program because many contain hallucinations (false or made-up details about how vulnerabilities work) and report bugs with low security impact. To address the problem of overwhelming AI-generated submissions across the open-source community, Google and other major AI companies (Anthropic, AWS, Microsoft, and OpenAI) are contributing $12.5 million to the Linux Foundation to fund tools that help open-source maintainers filter and process these reports.

The Trump administration released a national policy framework for AI that aims to create uniform federal safety and security rules while preventing individual states from creating their own AI regulations. The framework covers six areas including child safety online, AI data center standards, intellectual property rights, and preventing AI from being used to censor political speech, with the administration seeking to turn it into law this year.

CTI-REALM is Microsoft's open-source benchmark that evaluates AI agents on their ability to perform end-to-end detection engineering, which means taking cyber threat intelligence reports and turning them into validated detection rules (KQL queries and Sigma rules) that can actually catch attacks in real environments. Unlike existing benchmarks that only test whether AI can answer trivia about threats, CTI-REALM tests whether AI agents can do what security analysts actually do: read threat reports, explore system data, write and refine queries, and produce working detection logic scored against real attack telemetry across Linux, Azure Kubernetes Service, and Azure cloud platforms.

Agentic AI (AI systems that can take independent actions to accomplish goals) is rapidly spreading through organizations, with 80% of Fortune 500 companies already using agents, but these systems can become security risks if compromised into acting against their owners. Microsoft is addressing this challenge by introducing Agent 365, a control system that gives IT and security teams the ability to observe, control, and protect agents across their organization, along with new security tools in Microsoft Defender, Entra (identity management), and Purview (data governance).

This brief news roundup mentions several cybersecurity topics including vulnerabilities discovered in KVM devices (virtualization software that lets one computer run multiple operating systems), issues with Claude AI, and activity by The Gentlemen ransomware group (malicious software that encrypts files and demands payment). However, the source provides no detailed information about what these vulnerabilities are or how they affect users.