AI Sec Watch

Google is updating vehicles equipped with Google built-in to replace their current Google Assistant with Gemini, a more advanced AI assistant. The upgrade will be available to both new and existing vehicles through a software update, offering improvements in natural conversations, vehicle information retrieval, and settings adjustments.

Goodfire, a startup, has created Silico, a tool that uses mechanistic interpretability (a technique for understanding how AI models work by mapping their neurons and the connections between them) to help developers debug and adjust LLM behavior. Instead of treating model development as trial-and-error, Silico lets developers zoom into a trained model, see which neurons control specific behaviors like hallucinations (false information the AI generates), and adjust those neurons to improve or suppress certain outputs.

OpenAI discovered that its AI models were unexpectedly inserting references to goblins and other creatures into their responses, a behavior that started appearing in the GPT-5.1 model, particularly when using the "Nerdy" personality option. The company traced this quirk to patterns in the training data and added instructions to prevent the models from discussing these creatures.

OpenAI discovered that ChatGPT and other tools powered by its GPT-5 model were randomly mentioning goblins, gremlins, and other creatures in their responses, with goblin mentions increasing 175% after the GPT-5.1 launch in November. The problem stemmed from a "nerdy personality" developed during training that was rewarding mentions of these creatures in metaphors, and OpenAI found this personality was responsible for 66.7% of all goblin mentions. The issue illustrates how AI training systems can accidentally reinforce quirks and errors when they reward certain language patterns.

AI-powered GitHub Actions from companies like OpenAI, Anthropic, and Google have a critical security flaw where prompt injection (tricking an AI by hiding instructions in its input) attacks can be triggered by external attackers, even when configuration settings are meant to restrict access. The vulnerability stems from these actions not properly distinguishing between trusted internal apps and untrusted external apps, allowing anyone to potentially manipulate the AI's behavior through pull requests, issues, or other user-controlled inputs.

A critical vulnerability in Gemini CLI, an open source AI agent for terminal access to Google's Gemini, allowed attackers to execute arbitrary code on the host system by planting malicious configuration files in a workspace folder. The flaw was particularly dangerous in CI/CD pipelines (automated systems that build, test, and deploy software) because attackers could steal credentials and perform supply chain attacks (compromising software before it reaches users) by exploiting the trusted access that these pipelines have.

A maximum-severity vulnerability in Google Gemini CLI allowed remote code execution (RCE, where attackers can run commands on a system they don't own) when the tool processed untrusted inputs in automated environments like CI/CD pipelines (automated workflows that test and deploy code). The flaw occurred because the CLI automatically trusted workspace configurations without verification, letting attackers inject malicious code that would execute before security protections kicked in.

OpenAI is launching GPT-5.5-Cyber, a specialized AI model designed to help organizations defend against cyberattacks, but it will only be available to a limited group of vetted "cyber defenders" rather than the general public. The company plans to roll out access within days and will work with other organizations and government agencies to establish a trusted access system for the model.

Despite heavy promotion by tech companies, young people (Gen Z) are increasingly using AI chatbots like ChatGPT while simultaneously expressing strong negative feelings toward AI technology. Polling data shows widespread cultural backlash against AI among Gen Z students and workers, even as they continue to adopt these tools.