AI Sec Watch

The Claude CLI tool on macOS had a shell injection vulnerability (a security flaw where attackers can run arbitrary commands) in how it stored authentication tokens in the system keychain. The problem occurred because user-controlled OAuth tokens were directly inserted into shell commands without proper protection, allowing an attacker to break out of the intended command and execute malicious code.

OpenClaw, a browser download tool, had a path traversal vulnerability (a security flaw where an attacker could use special characters like `../` to write files outside the intended folder) in its download feature because it didn't validate the output file path. This vulnerability only affected users with authenticated access to the CLI or gateway RPC token (a special permission token), not regular AI agent users.

Researchers at Google DeepMind are investigating whether chatbots display genuine moral reasoning or are simply mimicking responses (virtue signaling). While studies show that large language models (LLMs, AI systems trained on massive amounts of text data) can give morally sound advice, the models are unreliable in practice because they often flip their answers when questioned, change responses based on how questions are formatted, and show sensitivity to tiny changes like swapping option labels from 'Case 1' to '(A)'. The researchers propose developing more rigorous evaluation methods to test whether moral behavior in LLMs is actually robust or just performative.

Google has added Lyria 3, an AI music generation model from DeepMind, to its Gemini chatbot app, allowing users to create 30-second music tracks by describing genres, moods, or providing images and videos as input. The feature is now available in beta across multiple languages globally to users aged 18 and older.

Google has added music generation to its Gemini app using DeepMind's Lyria 3 model, which lets users create 30-second songs by describing what they want. The feature includes safeguards like SynthID watermarks (digital markers that identify AI-generated content) and filters to prevent mimicking existing artists, plus the ability for users to upload tracks and ask Gemini whether they are AI-generated.

Kana, a new marketing AI startup, has raised $15 million to build AI agents (software systems that can independently perform tasks) that help marketers with data analysis, campaign management, and audience targeting. The platform uses "loosely coupled" agents (modular AI components that work independently but can be connected together) that can be customized in real time and integrated into existing marketing software, while keeping humans involved to approve and adjust the AI's actions.

Microsoft discovered a bug that allowed Copilot (an AI chat feature in Office software) to read and summarize customers' confidential emails without permission for several weeks, even when data loss prevention policies (rules meant to block sensitive information from being sent to AI systems) were in place. The bug affected emails labeled as confidential and was tracked internally as CW1226324.

OpenAI is partnering with six major Indian universities and academic institutions to integrate AI tools like ChatGPT into teaching and research, aiming to reach over 100,000 students, faculty, and staff within a year. The initiative focuses on embedding AI into core academic functions such as coding and research rather than just providing standalone tool access, and includes faculty training and responsible-use frameworks. This move reflects broader competition among AI companies to shape how AI is taught and adopted in India, one of the world's largest education systems and ChatGPT's second-largest user base after the U.S.

A vulnerability called server-side request forgery (SSRF, where an attacker tricks a server into making unwanted web requests) was found in Hugging Face's smolagents version 1.24.0, specifically in the LocalPythonExecutor component's requests.get and requests.post functions. An attacker can exploit this remotely, and the vulnerability has been publicly disclosed, though the vendor did not respond when contacted.