AI Sec Watch

ChatGPT is experiencing slower growth and rising uninstall rates, with users leaving the app or switching to competing chatbots. According to market data, uninstalls jumped 413 percent year-over-year in May following OpenAI's partnership with the Pentagon, while monthly user growth dropped from 168 percent in January to 78 percent in April.

Researchers discovered malicious code in npm packages (repositories where developers share reusable code) that were designed to steal cryptocurrency wallet credentials and funds. The attack, linked to North Korean hackers, used a two-layer approach where harmless-looking packages contained hidden dependencies that executed the actual malware, and the malicious packages mimicked the names of legitimate libraries to avoid detection.

AI models can now find and exploit software vulnerabilities faster than security teams can defend against them, creating urgent security challenges for AI-driven development. Wiz addressed this by launching an AI-BOM (a tool that automatically catalogs AI frameworks, models, and IDE extensions like GitHub Copilot and Cursor) to give security teams visibility into how AI tools interact with their data, plus embedding security guardrails directly into developer IDEs through plugins that catch hardcoded secrets, misconfigurations, and AI-specific risks like prompt injection (tricking an AI by hiding instructions in its input) before code is committed.

Oracle, a traditional database company, has shifted its business strategy to focus on AI rather than building its own foundation models (large language models like ChatGPT). Instead, it is positioning itself as a software-as-a-service provider (cloud-based software you access online) in the AI infrastructure space, betting on a specific version of AI's future as its traditional database business declines.

This research proposes K-TCDP (K-Temporal Correlated Differential Privacy), a new method for training large language models privately using LoRA (a technique that adds small trainable adapters to a model). Standard privacy-preserving training adds random noise that degrades model quality, but K-TCDP uses strategically correlated noise over time so that noise added in early steps can be partially canceled out by noise in later steps, improving model performance while maintaining privacy guarantees.

When employees connect unapproved AI apps to work platforms like Google Workspace or Salesforce using OAuth (a system that lets apps access your accounts), they create persistent bridges that attackers can exploit if the AI app gets hacked. The Vercel breach showed this risk in action: an employee used a trial version of Context.ai without approval, and when Context.ai was compromised, attackers used the OAuth tokens (digital keys that grant access) to reach sensitive Vercel data like API keys and employee records.

Scammers are creating deepfakes (AI-generated fake videos that realistically mimic real people) of celebrities like Taylor Swift and Rihanna on TikTok to trick users into fake reward programs. These deepfakes often manipulate real footage with AI and use TikTok's official branding to appear legitimate, but they redirect users to third-party websites that steal personal information.

Ollama for Windows has a remote code execution vulnerability (the ability for an attacker to run commands on your computer) in its update system. The vulnerability happens because the application builds file paths using information from HTTP headers without checking if they're legitimate, allowing attackers to use path traversal sequences (like ../ to navigate directories) to write malicious executable files to dangerous locations like the Windows Startup folder. When combined with a missing signature verification flaw, an attacker can automatically execute malicious code without the user knowing.

Ollama for Windows has a vulnerability (CVE-2026-42248) where it does not verify that downloaded updates are authentic and haven't been tampered with before installing them. Because Ollama automatically installs updates without asking the user, an attacker could trick the software into downloading and running malicious code without the user knowing.