AI Sec Watch

A vulnerability (CVE-2026-7061) was found in Toowiredd chatgpt-mcp-server version 0.1.0 that allows OS command injection (running unauthorized system commands on a server through malicious input) in the MCP/HTTP component. The flaw can be exploited remotely by attackers, and public exploit code is already available, but the developers have not yet responded to the security report.

This research paper evaluates whether multiple AI agents working together can effectively help identify privacy threats in software systems using LINDDUN GO, a structured methodology for privacy threat modeling (a process of identifying ways a system could leak or misuse personal data). The study, published in July 2026, examines whether collaborative multi-agent LLM (large language model) systems can improve the quality and completeness of privacy threat identification compared to single AI agents or human analysis.

Elon Musk is suing Sam Altman and OpenAI in court, claiming that Altman broke the company's original founding agreement. The lawsuit focuses on OpenAI's early years when it was started as a nonprofit, and the trial could influence the direction of AI development in the tech industry.

A security flaw called CVE-2026-7020 was found in Ollama versions up to 0.20.2 that allows path traversal (an attack where someone manipulates file paths to access files they shouldn't be able to reach) through the digestToPath function in the Tensor Model Transfer Handler component. An attacker can exploit this remotely, though it requires high complexity to perform, and the vulnerability details have been released publicly.

n8n-mcp (a tool for connecting AI systems to external services) was logging sensitive information like passwords and API keys when running in HTTP mode (a way to communicate over the internet). When authenticated users made requests to call tools, their secret credentials were written to server logs before being hidden, which could expose them if logs were shared or accessed by unauthorized people. The issue only affected HTTP mode and required authentication, so it couldn't be exploited by random internet users.

LiteLLM had a security flaw in two test endpoints (`POST /mcp-rest/test/connection` and `POST /mcp-rest/test/tools/list`) that allowed authenticated users to run arbitrary commands on the server. These endpoints accepted server configurations including command and arguments, and would execute them as subprocesses with the proxy's privileges, even for users with low-level permissions.

Top software executives from companies like Salesforce, Snowflake, and Datadog are being recruited by AI companies OpenAI and Anthropic with large compensation packages, because these AI giants want their expertise in selling to enterprise customers (large organizations). This talent drain is part of a broader shift where AI companies are prioritizing business growth in the enterprise segment, which is more profitable, while traditional software companies are struggling with concerns that AI tools will disrupt their business models.

Tesla and other automakers are integrating AI chatbots like Grok (xAI's conversational AI assistant) into vehicles to provide hands-free information access, but safety experts warn these tools create dangerous distractions for drivers. A Tesla owner demonstrated how engaging with Grok while driving—even with Tesla's partially automated driving system (FSD, or Full Self-Driving Supervised) active—caused him to lose attention to the road, raising concerns about driver distraction that isn't yet well understood.

A group of Discord users gained unauthorized access to Anthropic's Mythos Preview (a restricted AI model designed to find security vulnerabilities) by examining data from a breach of Mercor (an AI training startup) and making an educated guess about the model's online location based on Anthropic's known URL patterns. They exploited this access to build simple websites rather than conduct more harmful activities, potentially avoiding detection by Anthropic.