AI Sec Watch

Google released Gemini 3.1 Pro on February 19, 2026, a new AI model priced at half the cost of Claude Opus 4.6 with similar performance benchmarks. The model shows improved ability to generate SVG animations (scalable vector graphics, images made from code rather than pixels) compared to its predecessor, though it is currently experiencing slow response times and occasional errors due to high demand at launch.

PromptSpy is Android malware that uses Gemini (Google's AI chatbot) to automatically keep itself running on victims' devices by analyzing the screen and sending instructions on how to stay in the recent apps list. The malware also uses accessibility services (special permissions that let apps control your device without user input) to steal data, prevent uninstallation, and give attackers remote access through a VNC module (virtual network computing, software for controlling devices remotely), and it's being distributed through fake websites targeting users in Argentina.

Figma, a design software company, reported stronger-than-expected earnings and revenue growth, but its stock gains were limited because investors worry that AI (artificial intelligence) could disrupt software companies like Figma. To address these concerns, Figma has been integrating AI features into its products and announced a partnership with Anthropic, an AI startup, to demonstrate it is positioned to benefit from AI rather than be harmed by it.

OpenAI is raising over $100 billion at a valuation exceeding $850 billion, with major investors like Amazon, SoftBank, Nvidia, and Microsoft participating in the deal. The company is burning through cash while working toward profitability and is testing advertisements in ChatGPT for free users as a potential revenue strategy.

AI-generated deepfakes (fake videos created using artificial intelligence to realistically impersonate people) depicting Black women in negative stereotypes are spreading widely on social media and being shared by news outlets and public figures, sometimes without clear disclosure or verification. These videos perpetuate racist stereotypes and cause real harm to Black users, even when they carry watermarks indicating they are AI-generated, because viewers and media outlets treat them as authentic.

Reload, an AI workforce management platform, launched Epic, a new product designed to solve a key problem with AI coding agents: they often lose context and shared understanding over time because they only have short-term memory. Epic acts as an architect that maintains a structured, shared memory of project requirements, decisions, and code patterns across multiple agents and sessions, keeping all agents aligned with the original system intent as development progresses.

OpenAI is partnering with Reliance to add AI-powered conversational search to JioHotstar, an Indian streaming service, allowing users to search for movies, shows, and sports using text and voice in multiple languages. The partnership will also integrate JioHotstar recommendations directly into ChatGPT, creating a two-way discovery system where users can find content through either platform. This move reflects a broader trend of streaming services using conversational interfaces (like ChatGPT or Gemini, Google's AI model) to help users discover entertainment.

Mirai, a London-based startup founded by the co-founders of Reface and Prisma, is developing technology to improve how AI models run on devices like phones and laptops rather than in cloud data centers. The company has built an inference engine (the part of software that runs AI models) for Apple Silicon written in Rust that claims to speed up model generation by up to 37%, and is creating an SDK (software development kit, a package of tools for developers) so app creators can integrate this technology with just a few lines of code. To handle tasks that can't be done on-device, Mirai is also building an orchestration layer (a system that directs requests) to send complex work to the cloud when needed.

This bulletin covers multiple cybersecurity threats across platforms, including Android 17's privacy enhancements to block unencrypted traffic, LockBit 5.0 ransomware gaining the ability to attack Proxmox virtualization systems with advanced evasion techniques, and several ClickFix social engineering campaigns (using fake websites and nested obfuscation) targeting macOS users to steal credentials or deploy malware like Matanbuchus 3.0 loader and AstarionRAT.