AI Sec Watch

LLM version 0.31 adds support for the new GPT-5.5 model and introduces two new command-line options: one to control text verbosity (how much detail the AI outputs) for GPT-5+ models, and another to set image detail levels for images sent to OpenAI models. The release also registers models from a configuration file (extra-openai-models.yaml) as asynchronous (able to run multiple requests without waiting for each to finish).

OpenAI's leader Sam Altman apologized for not reporting a ChatGPT account to police before a mass shooting in Canada killed eight people in January, even though the company had identified and banned the account for problematic usage. OpenAI stated it did not alert law enforcement because the account activity did not meet the company's threshold for showing a credible or imminent plan for serious physical harm. The company now faces lawsuits and a criminal investigation related to this incident and another shooting.

DeepSeek released V4, an open-source AI model (software available for anyone to download and modify) that can process much longer text inputs than previous versions and offers performance comparable to top commercial models at significantly lower costs. The model comes in two versions: V4-Pro for complex coding tasks and V4-Flash for faster, cheaper operation, with both offering reasoning modes (where the model shows its step-by-step thinking). This release matters because it demonstrates that open-source models can compete with expensive commercial alternatives, potentially allowing developers to access advanced AI capabilities without high costs.

LangChain (a framework for building AI agents and applications powered by large language models) versions before 1.1.14 had a TOCTOU vulnerability (time-of-check-time-of-use, where a security check and an action happen at different times with a gap in between) in its image token counting feature. An attacker could trick the system by making a hostname first resolve to a safe public IP address during a security check, then resolve to a private or localhost IP address during the actual network request, bypassing security protections.

LangChain's HTMLHeaderTextSplitter had a security flaw where it validated URLs initially but then followed redirects (automatic forwarding to different URLs) without rechecking them, allowing attackers to redirect requests to internal or sensitive servers and potentially leak data. This SSRF vulnerability (server-side request forgery, where an attacker tricks a server into making requests to unintended locations) was fixed in version 1.1.2.

US House Republicans introduced two privacy bills (SECURE Data Act and GUARD Financial Data Act) that would create national privacy standards but weaken enforcement by eliminating private lawsuits and overriding stronger state privacy laws like California's. Privacy advocates criticize the bills as inadequate because their data minimization rules (the principle that companies should collect only necessary data and retain it only as long as needed) tie collection limits to what companies voluntarily disclose rather than imposing stricter necessity requirements.

Gemini CLI had two security vulnerabilities that could allow remote code execution (running malicious code on a system). First, in headless mode (non-interactive environments like CI/CD pipelines), the tool automatically trusted workspace folders and loaded configuration files without verification, which could be exploited through malicious environment variables. Second, the `--yolo` flag bypassed tool allowlisting (restrictions on what commands can run), allowing unrestricted command execution via prompt injection (tricking the AI by hiding instructions in its input). Version 0.39.1 and later now require explicit folder trust and enforce tool allowlisting even in `--yolo` mode.

Anthropic's Claude Mythos, an AI model designed to find bugs in software, has been distributed to select government agencies and industry groups through a program called Project Glasswing, but the US cybersecurity agency CISA does not have access yet. Unauthorized users from a private Discord community have also gained access to Mythos and have been using it regularly, raising concerns since the model could potentially be used to discover and exploit software vulnerabilities.

Google is investing up to $40 billion in Anthropic, an AI company that competes with OpenAI, with an initial $10 billion upfront and the remaining $30 billion dependent on performance milestones. This investment is part of a broader partnership that includes providing Anthropic with computing resources and cloud infrastructure access. The funding addresses Anthropic's need to expand its infrastructure to handle growing demand for its Claude AI assistant.