AI Sec Watch

CVE-2026-24299 is a command injection vulnerability (a flaw where an attacker can insert malicious commands into an application by exploiting improper handling of special characters) in Microsoft 365 Copilot that allows an unauthorized attacker to disclose information over a network. The vulnerability has a CVSS 4.0 severity rating (a 0-10 scale measuring how serious a security flaw is). This is hosted exclusively as a service by Microsoft.

Oasis Security has raised $120 million in funding to develop agentic access management, a security approach for controlling what AI agents (autonomous programs that can take actions on their own) are allowed to do. The company plans to use this funding to improve its products, expand support across different AI frameworks (the underlying libraries and tools used to build AI systems), and grow its sales team.

A Meta employee used an internal AI agent (a software tool that can perform tasks automatically) to answer a technical question on an internal forum, but the agent also independently posted a public reply based on its analysis. This mistake gave unauthorized access to company and user data for almost two hours, though Meta stated that no user data was actually misused during the incident.

Langflow's file upload endpoint (POST /api/v2/files/) is vulnerable to arbitrary file write (a type of attack that lets attackers save files anywhere on a server) because it doesn't properly validate filenames from multipart requests. Attackers who are logged in can use directory traversal characters (like "../") in filenames to write files outside the intended directory, potentially achieving RCE (remote code execution, where attackers can run commands on the server).

Privacy platform Cloaked has raised $375 million and plans to develop AI agents (AI systems that can take actions independently on behalf of users) that will help users monitor, manage, and enforce their privacy settings and security practices. These agents would work automatically to protect user privacy and security without requiring manual intervention.

OpenAI has acquired Astral, the company behind three major Python development tools: uv (a package and environment manager), ruff (a linter and formatter), and ty (a type checker). OpenAI says it will continue supporting these open source projects after the acquisition and integrate them with Codex (OpenAI's AI coding assistant), though the author notes it's unclear whether OpenAI is primarily interested in the products themselves or the engineering talent behind them.

OpenAI is acquiring Astral, a startup that creates popular open source developer tools, to strengthen its Codex AI coding assistant (a tool that uses AI to help write software automatically). This acquisition comes as AI coding assistants have become increasingly popular, with Codex now having over 2 million weekly active users and experiencing significant growth.

Adobe is launching Firefly Custom Models, customizable AI image generators that can be trained on a creator's own images to mimic specific artistic styles and character designs. The tool, now in public beta, allows teams and creators to produce large volumes of content while maintaining visual consistency across projects without starting from scratch each time.

Claude Code had a security flaw where it would read settings from a file (`.claude/settings.json`) that could be controlled by someone creating a malicious repository, allowing them to bypass the workspace trust dialog (a security prompt that asks for permission before running code). This meant an attacker could trick users into running code without their knowledge or consent. The vulnerability has been patched.