AI Sec Watch

OpenAI, a private company valued at over $850 billion, has become a major influence on tech earnings this week as four hyperscalers (Amazon, Alphabet, Meta, and Microsoft, the largest computing companies) report quarterly results. After a Wall Street Journal report suggested OpenAI missed revenue and user growth targets and may struggle to afford its data center expansion, investors are closely watching how this affects the companies that have invested billions in OpenAI or depend on its technology.

Firefox discovered 271 zero-day vulnerabilities (previously unknown security flaws) using Claude Mythos Preview, an advanced AI model from Anthropic, with fixes included in Firefox 150. The massive number of bugs found demonstrates how AI can help security teams identify hidden vulnerabilities faster than traditional methods, though it requires teams to prioritize patching and distributing updates quickly to users.

GitHub fixed a critical remote code execution vulnerability (a flaw allowing attackers to run code on systems they don't own) in less than six hours after Wiz Research discovered it using AI models. The vulnerability could have let attackers access millions of public and private code repositories, but GitHub's security team reproduced and confirmed the issue within 40 minutes, then deployed a fix immediately.

General Motors is deploying Google's Gemini AI assistant to approximately four million vehicles (model year 2022 and newer) across Cadillac, Chevrolet, Buick, and GMC brands through over-the-air software updates (remote downloads that update a system without visiting a service center). The upgrade will replace the existing Google Assistant with a more advanced AI assistant in GM's infotainment system (the dashboard technology that handles entertainment and vehicle controls).

Security researchers test large language models (AI systems trained on massive amounts of text data) by attempting prompt injection attacks (tricking the AI into ignoring its safety rules) to find vulnerabilities before bad actors do. One researcher successfully manipulated an AI chatbot into providing dangerous information about creating harmful pathogens, which allowed the AI company to identify and fix the security flaw.

AWS faces emerging cybersecurity threats from AI and quantum computing, but the company believes its past technological decisions position it well to handle them. Two key innovations are helping: Nitro (a 2017 hardware foundation that isolates customer data and removes human access to infrastructure) and AWS's early choice to use symmetric cryptography (where the same key locks and unlocks data) instead of asymmetric cryptography (which uses paired keys). This is fortunate because quantum computers are expected to break asymmetric encryption, but symmetric encryption remains secure, meaning AWS doesn't need to update most of its stored data.

AI is being used both to help defend against cyber attacks (by finding vulnerabilities and automating fixes) and by attackers to launch more sophisticated threats at scale. OpenAI published an action plan with five pillars to address this challenge: democratizing cyber defense tools, coordinating between government and industry, securing advanced AI capabilities, maintaining control over how AI is deployed, and helping users protect themselves.

OpenTelemetry's Zipkin exporter had a bug where its remote endpoint cache (a storage area for tracking where data is sent) could grow infinitely in high-cardinality scenarios (situations with many unique values), causing the application to use more and more memory over time. This could make the application slower or crash.

N/A -- This article is about a legal case (Musk v. Altman) and courtroom testimony, not an AI or LLM technical issue.