AI Sec Watch

OpenAI CEO Sam Altman met with lawmakers including Senator Mark Kelly to discuss the company's defense contract with the Department of Defense, particularly concerns about how AI systems could be used in warfare and surveillance. The meeting highlighted disagreements between AI companies and the military over safeguards, with Kelly stating that Congress plans to draft legislation creating guardrails (safety boundaries) around government AI contracts, since the technology is advancing faster than lawmakers can regulate it.

Researchers discovered Slopoly, a backdoor malware (a hidden entry point into a system) likely created using an LLM (large language model, an AI trained on text data), that was deployed in ransomware attacks by the financially motivated group Hive0163. The malware uses a command-and-control framework (a central server that sends instructions to compromised systems) to steal data and maintain access, and its AI-generated code shows unusual features like detailed comments and clear variable names that are rare in human-written malware, suggesting that attackers are using AI tools to speed up custom malware creation.

Graphiti versions before 0.28.2 had a Cypher injection vulnerability (a type of attack where malicious code is hidden in user input to manipulate database queries) in its search filters for non-Kuzu database backends. Attackers could exploit this by providing crafted labels through SearchFilters.node_labels or, in MCP deployments (a system where an AI model can call external tools), through prompt injection (tricking an LLM into executing attacker-controlled commands) to execute arbitrary database operations like reading, modifying, or deleting data.

Rajesh Jha, a top Microsoft executive who oversaw Office and has worked at the company for over 35 years, is retiring in July. His departure is significant because Microsoft is trying to integrate AI models from companies like OpenAI and Anthropic into products like 365 Copilot (an AI assistant add-on for Microsoft 365 business subscriptions), and his leadership will be split among four other executives reporting directly to CEO Satya Nadella.

Webflow, a website-building platform, has acquired Vidoso, an AI content-generation startup that uses large language models (AI systems trained on text data to generate new text) to help companies create marketing materials like images, videos, and blog posts. The acquisition aims to help Webflow expand its marketing capabilities and address a key problem: frontier models (AI systems trained on general internet data) create generic content without understanding a company's specific brand rules and approval workflows.

Google and Samsung announced that Gemini, their AI assistant, can now automate tasks by controlling apps on your behalf through a virtual interface, starting with food delivery and rideshare services. Users can give simple text prompts and Gemini will interact with these apps to complete actions like ordering food or booking rides, which is a capability AI assistants have long promised but rarely delivered.

Bumble, a dating app company, has introduced 'Bee,' a generative AI assistant (software that creates text and generates responses) that learns users' preferences, values, and relationship goals through private conversations to recommend better matches. The AI will power a new feature called 'Dates' that identifies compatible users and notify both parties, and Bumble plans to expand Bee's use to features like date suggestions and match feedback in the future.

Bumble is launching an AI assistant called 'Bee' that learns users' dating preferences, values, and communication styles through private conversations to recommend more compatible matches. The AI-powered feature is currently in beta testing and will initially power a new matching experience called 'Dates,' with plans to expand into other areas like date suggestions and feedback collection.

Anthropic has updated Claude, its AI chatbot, to generate and display custom charts, diagrams, and other visual content directly in conversations when it determines visuals would be helpful. Examples include interactive visualizations like periodic tables or structural diagrams that users can click on for more details.