AI Sec Watch

The Pentagon is expanding its use of Google's Gemini AI model for classified projects, while the Department of Defense (DOD) has stopped working with Anthropic after designating it a supply chain risk (a potential security threat in the companies and software involved in building a system). The DOD's AI chief emphasized that relying on a single AI vendor is problematic and that the Pentagon is working with multiple vendors, including OpenAI, to ensure it uses the right AI tool for each military task.

Hackers are actively exploiting CVE-2026-42208, a critical SQL injection flaw (a type of attack where malicious code is hidden in input to manipulate database queries) in LiteLLM, an open-source gateway that lets developers access multiple AI models through one interface. The vulnerability allows attackers to bypass authentication and steal sensitive data like API keys and credentials stored in the proxy's database, which they can then use to attack other systems.

Elon Musk is suing OpenAI and CEO Sam Altman, claiming they misused a charitable organization by converting it into a for-profit company without permission. Musk argues this violates the trust placed in OpenAI as a non-profit and undermines charitable giving overall, while OpenAI's lawyers contend Musk is motivated by jealousy after failing to control the company and is now trying to damage a competitor.

Elon Musk is testifying in a lawsuit against OpenAI CEO Sam Altman and president Greg Brockman over disagreements about the company's structure and mission that occurred after all three co-founded OpenAI together. Musk, who had invested up to $38 million in OpenAI early on, later left the company and founded his own AI competitor called xAI, which is owned by his company SpaceX.

OpenAI has made its AI models available through Amazon Web Services (AWS, Amazon's cloud computing platform), ending its exclusive arrangement with Microsoft. This means AWS customers can now use OpenAI's models and Codex (a tool for writing code) through Amazon Bedrock, a service that provides access to various AI models, with general availability coming in the next few weeks.

Anthropic has released connectors that let Claude (an AI chatbot) directly access and control popular creative software like Photoshop, Blender, and Ableton. These connectors allow Claude to retrieve data and perform actions within these applications, such as debugging scenes in Blender or batch-applying changes to objects, making it easier to use Claude for creative work.

Advanced AI systems called agents (autonomous systems that can plan and execute tasks without human help) are becoming a serious cybersecurity threat, as shown by Anthropic's decision not to publicly release Claude Mythos Preview, a model that can identify and exploit software vulnerabilities automatically. Traditional security tools and fragmented defenses are inadequate against these fast, evolving AI-driven attacks. A new security approach built on three pillars is needed: unified network visibility (ability to see all traffic across the entire system), platform context (understanding what's happening by connecting security data in one place instead of using separate tools), and agentic control (using autonomous AI systems to detect and respond to threats at machine speed).

This webinar discusses Shadow AI, the unsanctioned adoption of generative AI and agentic tools (AI systems that can take independent actions) by employees outside of IT oversight, which creates security and compliance risks for organizations. The session proposes a "Governance-as-Enabler" framework that balances innovation with control through transparent approval workflows, sandboxes (isolated testing environments), cross-functional oversight councils, and lifecycle management tailored to different AI types.

FinBot is an interactive training platform (CTF, or capture-the-flag competition) created by OWASP to help builders and defenders understand how agentic AI systems (AI agents that plan, act, and make decisions in complex workflows) can fail and be attacked. It simulates a financial services application where users encounter real security risks like prompt injection (tricking an AI by hiding instructions in its input), tool misuse, data theft, and privilege escalation (gaining unauthorized higher-level access), with connections to industry security frameworks like the OWASP Top 10 for Agentic Applications.