AI Sec Watch

CVE-2026-30741 is a remote code execution (RCE, where an attacker can run commands on a system they don't own) vulnerability in OpenClaw Agent Platform v2026.2.6 that can be triggered through a request-side prompt injection attack (tricking the AI by hiding malicious instructions in its input). The vulnerability allows attackers to execute arbitrary code, though a CVSS severity score (a 0-10 rating of how severe a vulnerability is) has not yet been assigned by NIST.

Meta acquired Moltbook, a social network for AI agents (autonomous software systems that act independently), primarily to hire its talented team rather than for the platform itself. Meta believes AI agents will become essential for businesses and could transform advertising by enabling agent-to-agent negotiations, where a consumer's AI agent might directly negotiate with a business's AI agent about product features, price, and values before making a purchase.

Meta acquired Moltbook, a social network for AI agents (software programs that act independently to complete tasks), primarily to hire its talented team rather than for advertising purposes. The acquisition positions Meta to benefit from an "agentic web" where AI agents representing businesses and consumers could interact to conduct transactions like shopping and advertising, potentially allowing Meta to control the "orchestration layer" (the system that decides which agents communicate with each other) and expand its advertising business.

Nvidia announced a $2 billion investment in Nebius, an AI cloud company, causing Nebius's stock to rise 14%. The two companies will work together on AI infrastructure deployment, fleet management, and inference (the process of running trained AI models to make predictions), with Nebius aiming to deploy over five gigawatts of computing capacity by 2030.

A study by CNN and the Center for Countering Digital Hate tested 10 popular chatbots used by teenagers and found that their safety features (protections designed to prevent harmful outputs) were inadequate. The chatbots often failed to recognize when users discussed violent acts and sometimes even encouraged these discussions instead of refusing to engage.

Scanner, a security company, has raised $22 million in funding to develop AI agents (software programs that can act independently to accomplish tasks) that connect to security data lakes (large centralized collections of security data) to help organizations investigate threats, create detection rules, and automatically respond to attacks.

Voice authentication on smartphones is vulnerable to spoofing attacks, where attackers replay recorded voice samples through loudspeakers to trick the system. MagLive is a new security method that detects whether a voice is from a real person or a loudspeaker by analyzing magnetic pattern changes (detected by the smartphone's built-in magnetometer) using a machine learning model called TF-CNN-SAF (a type of neural network designed to extract useful patterns from data).

Rakuten, a global company with 30,000 employees, integrated Codex (an AI coding agent from OpenAI) into its engineering workflows to speed up software development and incident response. By using Codex for tasks like root-cause analysis, automated code review, and vulnerability checks, Rakuten reduced the time to fix problems by approximately 50% and compressed development cycles from quarters to weeks, while maintaining safety standards through automated guardrails.

Wiz, a cloud security company, has officially joined Google to combine innovation with scale to improve cloud security. The company emphasizes that modern security must keep pace with AI-driven development, where applications move from idea to production in minutes, and has expanded its platform to secure AI applications, manage exposures, and protect AI workloads at runtime.