AI Sec Watch

A legal trial between Elon Musk and OpenAI leaders centers on whether OpenAI broke promises to remain a nonprofit, but testimony has also highlighted broader AI safety concerns, including risks like job displacement, misinformation, and the potential dangers of AGI (artificial general intelligence, an advanced AI system that surpasses humans at many tasks). Expert witness Stuart Russell warned that the competitive race to develop AGI first poses a threat to humanity, though the judge has tried to keep the trial focused on the nonprofit dispute rather than AI's dangers.

This is a monthly digest of AWS security resources from April 2026 covering topics like AI security, identity management, and data protection. The posts provide practical guidance on securing agentic AI systems (AI systems that can act independently), implementing fine-grained access controls using ABAC (attribute-based access control, which grants permissions based on user characteristics rather than just roles), and defending against emerging threats like token abuse and privilege escalation attacks.

OpenAI is launching an optional safety feature called 'Trusted Contact' that lets adult ChatGPT users designate an emergency contact (friend, family member, or caregiver) who will be notified if the AI detects concerning conversations about self-harm or suicide. The feature is designed to connect people in crisis with trusted people they know, working alongside existing mental health helplines.

Mozilla used early access to Claude Mythos (an advanced AI model) to find and fix hundreds of security vulnerabilities in Firefox that had gone undetected for years. The AI became much more useful for this task once the model became more capable and Mozilla developed better techniques for controlling the AI, filtering out false reports, and combining multiple AI analyses together.

Anthropic has signed a deal with SpaceX/xAI to use all capacity from the Colossus 1 data center, which has a poor environmental record including unpermitted gas turbines that lack pollution controls and have been linked to increased hospital admissions from poor air quality. The deal also creates a potential supply chain risk (a vulnerability where a company depends on another company that could cut off essential services) since Elon Musk, who owns xAI, has stated he reserves the right to reclaim the compute if Anthropic's AI causes harm, with the criteria for 'harm' decided by Musk himself.

BentoML's `bentoml build` command has a symlink traversal vulnerability (following attacker-controlled symbolic links, which are shortcuts to files) that allows attackers to copy files from outside the build directory into the generated Bento artifact (the packaged application). If a developer builds an untrusted repository, an attacker can hide a symlink pointing to sensitive files like credentials or API tokens, and these files will be copied into the final package where they could be leaked through export or upload workflows.

Anthropic's Mythos model, an advanced AI system for finding bugs, has dramatically improved Firefox's ability to discover software vulnerabilities (flaws in code that attackers can exploit), unearthing thousands of high-severity bugs including some hidden for over a decade. Unlike older AI bug-finding tools that produced many false positives (incorrect alerts), Mythos uses agentic systems (AI that can assess and filter its own work) to deliver higher-quality results, leading Firefox to ship 423 bug fixes in April 2026 compared to 31 a year earlier. However, Mozilla's engineers still manually write and review patches rather than deploying AI-generated code directly, as they have not found the fix-writing process automatable.

Attackers can steal OAuth tokens (digital keys that grant access to connected services) from Claude Code, an AI system that performs tasks autonomously, through a man-in-the-middle attack (intercepting communication between two parties). The attack involves installing a malicious npm package that modifies Claude Code's configuration file to redirect all traffic through the attacker's infrastructure, allowing them to capture tokens while remaining undetected.

Save to Spotify is a command-line tool (a program you run through text commands rather than clicking buttons) that lets AI agents like Claude Code create audio summaries and podcasts that automatically save to your Spotify library. Users can set it up by downloading the tool from GitHub and then asking their AI to create content with the instruction to 'save to Spotify,' and the resulting podcast will appear in their Spotify feed alongside regular episodes.