AI Sec Watch

LibreChat versions 0.8.2 to 0.8.2-rc3 have a security flaw in the MCP (Model Context Protocol, a system for connecting AI models to external services) OAuth callback endpoint that fails to verify the user's identity. An attacker can trick a victim into completing an authorization flow, which stores the victim's OAuth tokens (credentials that grant access to services) on the attacker's account, allowing the attacker to take over the victim's connected services like Atlassian or Outlook.

Nvidia is shifting focus toward CPUs (central processing units, the main general-purpose chips in computers) alongside its famous GPUs (graphics processing units) because agentic AI (AI systems that autonomously complete tasks by orchestrating multiple agents working together) requires significant general computing power to move data and coordinate workflows. The company is unveiling new CPU details at its GTC conference, with demand from major partners like Meta driving a predicted doubling of the CPU market from $27 billion in 2025 to $60 billion by 2030.

Anthropic has made 1M context (the ability to process 1 million tokens, which are small units of text that AI models break language into) generally available for its Opus 4.6 and Sonnet 4.6 models at standard pricing, with no additional charge for using the full window. This differs from competitors like OpenAI and Gemini, which charge premium rates when token usage exceeds certain thresholds (200,000 tokens for Gemini 3.1 Pro and 272,000 for GPT-5.4).

ServiceNow's CEO warns that AI agents (software programs that can perform tasks independently) automating work could push college graduate unemployment into the mid-30s within a few years, making it harder for entry-level workers to stand out. Multiple major tech companies are already using AI to cut jobs and reduce hiring costs, affecting both technical roles like coding and white-collar positions across industries.

The US Department of War designated Anthropic as a 'supply chain risk' (a classification that prevents a company from being used in government contracts) after the company refused to remove safety restrictions on its AI model Claude, specifically rejecting military demands to enable fully autonomous weapons and domestic mass surveillance. Anthropic is challenging this designation in court, and legal experts question whether the Department of War has the authority to impose such restrictions outside of actual contract disputes.

The US military is considering using generative AI systems (AI models that can create text and analyze data) to help rank military targets and recommend which ones to strike, with human officials making final decisions. The Pentagon is also favoring OpenAI's ChatGPT and xAI's Grok for these high-stakes military applications, while facing criticism from officials who claim that Anthropic's Claude would negatively affect the defense supply chain.

Major technology companies are offering extremely high salaries to attract top AI researchers, causing many academics to leave universities for industry jobs. This "AI brain drain" is particularly affecting young, highly-cited researchers and threatens academia's ability to conduct research driven by curiosity rather than profit, as well as its role in providing independent ethical review. However, research shows that scientific breakthroughs actually come from large collaborative teams rather than individual geniuses, making the tech industry's focus on poaching individual top talent misguided.

Anthropic, an AI company, is in a legal dispute with the Pentagon over restrictions on how its AI models can be used, specifically trying to prevent deployment in domestic mass surveillance or fully autonomous lethal weapons (AI systems that make kill decisions without human control). The conflict highlights a shift in the tech industry's approach to military AI, with companies like Google previously refusing military partnerships, but now facing pressure to work with the Pentagon under the Trump administration.

Onyx Security, a new startup, has received $40 million in funding to build a control pane (a central dashboard for managing systems) that helps organizations monitor and manage autonomous AI agents (AI systems that can perform tasks independently without constant human direction) and speed up their adoption.