AI Sec Watch

Anthropic announced Claude Mythos Preview, an AI model that can autonomously find and weaponize software vulnerabilities (weaknesses in code that attackers can exploit) without human expert help, though the company is limiting its release to avoid security risks. The announcement highlights how AI capabilities have advanced rapidly over recent years, raising concerns about how cybersecurity defenses can adapt to AI-powered vulnerability discovery.

At DARPA's Artificial Intelligence Cyber Challenge, AI-powered bug-finding systems (automated tools that scan code to detect flaws) successfully identified most artificially inserted vulnerabilities in 54 million lines of code, and notably discovered over a dozen real bugs that weren't part of the test. This demonstrates that AI security tools are becoming increasingly capable at finding both known and unknown vulnerabilities in software.

AI models like Claude Mythos can now discover software vulnerabilities in minutes instead of weeks, shrinking the time organizations have to patch (the exploit window) to nearly zero. Because traditional patching is no longer fast enough, security teams need to adopt an "assume-breach" model that focuses on detecting and containing attacks in real time using Network Detection and Response (NDR, automated tools that monitor network traffic for suspicious behavior) rather than relying on patching alone.

RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions) pipelines in enterprise software allow AI agents to access company data like internal wikis and CRM records, but this creates serious security risks including data leaks, unauthorized access to personal information, and prompt injection attacks (tricking an AI by hiding instructions in its input). Recent real-world attacks have exploited RAG systems through unclicked emails, exposed database access keys, hidden malicious text in code repositories, and poisoned knowledge bases to steal data or spread false information.

CVE-2026-40979 is a security flaw in Spring AI (a framework for building AI applications) where someone with access to a shared computing environment can find and view the ONNX model (a type of machine learning model file) that the application uses. This vulnerability affects Spring AI versions 1.0.0 through 1.0.5 and 1.1.0 through 1.1.4.

As AI agents become more common, security leaders (CISOs, Chief Information Security Officers) face new challenges because these non-human identities are harder to track and verify than human users, and traditional security signals no longer work. The source recommends treating identity as the foundation of security architecture, with advice including maintaining clean directories, creating complete inventories of non-human identities (AI agents and service accounts), enforcing least privilege access (giving users only the permissions they need), using phishing-resistant authentication methods beyond SMS, and assuming that credentials may be compromised.

A path traversal vulnerability (a bug where an attacker manipulates file paths to access files they shouldn't) was found in the ErlichLiu claude-agent-sdk, affecting a file called app/api/agent-output/route.ts. An attacker can exploit this remotely by manipulating the outputFile parameter, and the vulnerability has already been publicly disclosed. The project uses continuous updates but has not yet responded to the security report.

CrowdStrike has expanded its ChatGPT Enterprise integration to provide deeper monitoring of how organizations use AI, including tracking user authentication, administrative changes, tool usage, and conversations. As AI becomes embedded in business operations across departments, security teams need visibility into not just who has access to ChatGPT Enterprise, but how the platform is actually being used and what data might be accessed. The expanded integration uses OpenAI's logging capabilities to detect suspicious activity like unusual login patterns and behavioral anomalies, shifting from just knowing the configuration of AI systems to actively monitoring their real-time usage.

Microsoft fixed a security flaw in Entra ID (Microsoft's identity management system) where the Agent ID Administrator role, meant for AI agents, could be abused to take over service principals (accounts that applications use to authenticate). An attacker with this role could become the owner of any service principal and add their own credentials, potentially gaining broad control over a tenant (organization's cloud environment) if the targeted service principal had elevated permissions.