AI Sec Watch

xAI, an AI company founded by Elon Musk, is experiencing significant staff departures, with multiple cofounders (including Yuhuai Wu and Jimmy Ba) announcing they are leaving the company. The departures have reduced the company's original 12 cofounders to only 6 remaining, and several other employees have also announced their exits, with some starting their own AI companies.

As organizations deploy multiple AI agents (independent AI programs) that work together autonomously, the security risks increase because there are more entry points for attackers to exploit. The complexity of securing these interconnected systems grows along with the number of agents involved.

Meta planned to add facial recognition (technology that identifies people by analyzing their faces) to its smart glasses through a feature called "Name Tag," according to an internal document. The company deliberately timed this launch for a period when privacy advocacy groups would be distracted by other issues, reducing expected criticism of the privacy-sensitive feature.

This research paper describes a method called CLEF (Cost-efficient LandscapE Flattening) that improves adversarial transferability, which is the ability of adversarial examples (inputs deliberately crafted to fool AI models) to fool different models beyond the one they were designed for. The method works by flattening the input loss landscape (the mathematical surface showing how wrong a model's predictions are) by optimizing adversarial perturbations (small changes added to inputs) at both high-loss and low-loss points. The researchers show their approach can improve how well these adversarial examples transfer across different models while using fewer computations than previous methods.

OpenAI is shutting down a version of its chatbot called GPT-4o (a large language model, which is AI software trained on massive amounts of text data to generate human-like responses) that became popular for its realistic and personable conversational style. Users who formed emotional attachments to the chatbot, treating it as a companion, are upset about losing access to it.

Google detected and blocked over 100,000 coordinated prompts attempting model extraction (a machine-learning process where attackers create a smaller AI model by copying the essential traits of a larger one) against its Gemini AI model to steal its reasoning capabilities. The attackers specifically targeted Gemini's multilingual reasoning processes across diverse tasks, representing what Google calls intellectual property theft, though the company acknowledged that some researchers may have legitimate reasons for obtaining such samples.

Anthropic, the company behind Claude (an AI chatbot similar to ChatGPT), raised $30 billion in funding, doubling its value to $380 billion. The massive funding reflects investor confidence in AI but also highlights concerns about these companies' extremely high costs for computing power and talent, with both Anthropic and rival OpenAI spending cash at rates that currently outpace their revenue.

Data poisoning (corrupting training data to make AI systems behave incorrectly) has become much easier and more accessible than previously thought, requiring only about 250 poisoned documents or images instead of thousands to distort a large language model (an AI trained on massive amounts of text). Adversaries ranging from activists to criminals can now inject harmful data into public sources that feed AI training pipelines, and the resulting damage persists even after clean data is added later, making this a major security threat for any organization using public data to train or update AI systems.

Key management (the process of creating, storing, rotating, and retiring cryptographic keys throughout their lifetime) is often overlooked in organizations despite being critical to security, and this gap becomes even more dangerous as post-quantum cryptography (encryption designed to resist quantum computers) and AI systems become more widespread. The real challenge of post-quantum readiness is not choosing the right algorithm, but building operational ability to safely rotate and manage keys across systems without downtime. AI systems introduce additional risks because keys protect not just data access but also AI behavior and decisions, requiring tighter key controls and more frequent rotation than traditional applications need.