The security intelligence platform for AI teams
AI security threats move fast and get buried under hype and noise. Built by an Information Systems Security researcher to help security teams and developers stay ahead of vulnerabilities, privacy incidents, safety research, and policy developments.
Anthropic's Leaked "Mythos" Model Raises Dual-Use Security Concerns: An unreleased Anthropic AI model called Mythos was accidentally exposed through a configuration error, revealing advanced reasoning and coding abilities specifically aimed at cybersecurity. The model's improved capability to find and exploit software vulnerabilities, plus its ability to autonomously fix its own code problems, could enable both more sophisticated cyberattacks and better defenses.
Mistral Secures $830M for European AI Data Center: French AI startup Mistral raised $830 million in debt financing to build a Paris-area data center with thousands of Nvidia GPUs (specialized chips used for AI training) to train its large language models, aiming for 200 MW of European computing capacity by 2027.
Critical Command Injection in MLflow Model Deployment: MLflow has a command injection vulnerability (where an attacker inserts malicious commands into input that gets executed) in its model serving code when deploying models with `env_manager=LOCAL`. The flaw allows attackers to execute arbitrary commands on deployment systems by inserting malicious content into the `python_env.yaml` file, which MLflow reads and uses in shell commands without validation. (CVE-2025-15379, Critical)
Fix: The issue has been patched in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0, and will also be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. There are no known workarounds.
NVD/CVE Database