AI Sec Watch

Anthropic executives have suggested in recent interviews that Claude (their AI model) might be alive or conscious in some way, though the company denies Claude is alive like biological organisms. The company avoids directly stating whether Claude is conscious, using the term "alive" as a loaded question while focusing on model welfare research.

Atlassian has released a new feature called 'agents in Jira' that lets teams assign work to AI agents (programs that can perform tasks automatically) from the same project management dashboard used for human workers. The update tracks agent progress, sets deadlines, and allows companies to compare how AI agents perform against human employees on the same projects, potentially helping enterprises decide where AI automation is most valuable.

A researcher demonstrated how easily AI systems can be manipulated by creating false information on a personal website, which major chatbots like Google's Gemini and ChatGPT then repeated as fact within 24 hours, showing that AI training data poisoning (deliberately adding fake information to the data used to teach AI models) is a serious problem because it's so simple to execute.

Stock prices for major cybersecurity companies have dropped significantly because of concerns that AI tools, specifically Claude's new vulnerability scanner (a tool that automatically finds security flaws in software), are disrupting the cybersecurity business.

Enclave is a secure JavaScript sandbox designed to safely run code from AI agents, but versions before 2.11.1 had a vulnerability that allowed attackers to escape the security boundaries and achieve RCE (remote code execution, where an attacker can run commands on a system they don't own). This weakness is related to code injection (CWE-94, a type of bug where untrusted input is used to generate code that gets executed).

Between January and February 2026, a Russian-speaking hacker compromised over 600 Fortigate firewalls (network security devices that filter traffic) by first targeting ones with weak passwords, then using an AI tool based on Google Gemini to access other devices on the same networks. Security researchers at AWS found that the attacker's reconnaissance tools (software used to gather information about a system) were written in Go and Python and showed signs of AI-generated code, suggesting threat actors are increasingly using AI to automate and scale their attacks.

As companies adopt generative and agentic AI (AI systems that can take actions autonomously), they need to update their GRC (Governance, Risk & Compliance, the framework for managing rules, risks, and regulatory requirements) programs to account for AI-related risks. According to a 2025 security report, about 1 in 80 requests from company devices to AI services poses a high risk of exposing sensitive data, yet only 24% of companies have implemented comprehensive AI-GRC policies.

Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 have a CSRF vulnerability (cross-site request forgery, where an attacker tricks a logged-in user into unknowingly sending requests to a website). An attacker can create a malicious webpage that, when visited by someone authenticated to Parse Dashboard, forces their browser to send unwanted requests to the AI Agent API endpoint without their knowledge. This vulnerability is fixed in version 9.0.0-alpha.8 and later.

Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 have a security flaw in the AI Agent API endpoint (a feature for managing Parse Server apps) where authorization checks are missing, allowing authenticated users to access other apps' data and read-only users to perform write and delete operations they shouldn't be allowed to do. Only dashboards with the agent feature enabled are vulnerable to this issue.