AI Sec Watch

OpenAI CEO Sam Altman publicly criticized rival company Anthropic on social media for running satirical Super Bowl advertisements that mock the idea of ads in AI chatbots, calling Anthropic 'dishonest' and 'deceptive.' Social media users mocked Altman's lengthy response, comparing it to an emotional outburst, with one tech executive advising him to avoid responding to humor with lengthy written posts.

Most organizations struggle with AI security because they lack visibility and control over where employees actually use AI tools, including shadow AI (unauthorized tools), browser extensions, and AI features embedded in everyday software. Traditional security tools weren't designed to monitor AI interactions at the moment they happen, creating a governance gap where AI adoption has far outpaced security controls. A new approach called AI Usage Control (AUC) is needed to govern real-time AI behavior by tracking who is using AI, through what tool, with what identity, and under what conditions, rather than just detecting data loss after the fact.

A reported $100 billion deal between Nvidia (a chipmaker) and OpenAI (the company behind ChatGPT) appears to have collapsed. The deal was a circular arrangement, meaning Nvidia would give OpenAI money that would mostly be spent buying Nvidia's own chips, raising questions about how AI companies will fund their expensive expansion without this agreement.

OpenAI published a paper describing new mitigations for URL-based data exfiltration (a technique where attackers trick AI agents into sending sensitive data to attacker-controlled websites by embedding malicious URLs in inputs). The issue was originally reported to OpenAI in 2023 but received little attention at the time, though Microsoft implemented a fix for the same vulnerability in Bing Chat.

AutoGPT is a platform for creating and managing AI agents that automate workflows. Before version 0.6.34, the SendDiscordFileBlock feature had an SSRF vulnerability (server-side request forgery, where an attacker tricks the server into making unwanted requests to internal systems) because it didn't filter user-provided URLs before accessing them.

This article discusses both harms and benefits of AI technologies, arguing that policy should focus on the specific context and impact of each AI use rather than broadly promoting or banning AI. The text warns that AI can automate bias (perpetuating discrimination in decisions about housing, employment, and arrests), consume vast resources, and replace human judgment in high-stakes decisions, while acknowledging beneficial uses like helping scientists analyze data or improving accessibility for people with disabilities.

OpenClaw, a personal AI assistant, had a vulnerability in its isValidMedia() function (the code that checks if media files are safe to access) that allowed attackers to read any file on a system by using special file paths, potentially stealing sensitive data. This flaw was fixed in version 2026.1.30.

Microsoft created a lightweight scanner that can detect backdoors (hidden malicious behaviors) in open-weight LLMs (large language models that have publicly available internal parameters) by identifying three distinctive signals: a specific attention pattern when trigger phrases are present, memorized poisoning data leakage, and activation by fuzzy triggers (partial variations of trigger phrases). The scanner works without needing to retrain the model or know the backdoor details in advance, though it only functions on open-weight models and works best on trigger-based backdoors.

Researchers have released new work on detecting backdoors (hidden malicious behaviors embedded in a model's weights during training) in open-weight language models to improve trust in AI systems. A backdoored model appears normal most of the time but changes behavior when triggered by a specific input, like a hidden phrase, making detection difficult. The research explores whether backdoored models show systematic differences from clean models and whether their trigger phrases can be reliably identified.