AI Sec Watch

Microsoft's March Patch Tuesday release includes three high-severity vulnerabilities in Office: an information disclosure flaw in Excel (CVE-2026-26144) that can leak data through improper input handling, and two remote code execution bugs (CVE-2026-26113 and CVE-2026-26110) caused by memory handling errors that could let attackers run malicious code. These vulnerabilities are particularly dangerous because they can be triggered through routine document handling and preview features without requiring user interaction.

Flowise, a tool for building custom AI workflows with a drag-and-drop interface, had a vulnerability before version 3.0.13 where its HTTP Node allowed attackers to perform SSRF (server-side request forgery, forcing a server to make requests to internal resources it shouldn't access) by sending requests to private networks or internal systems that are normally hidden from the public internet. This vulnerability is fixed in 3.0.13.

Microsoft is supporting Anthropic, an AI company that was recently banned by the Pentagon as a supply chain risk (a security designation historically used for foreign adversaries), by asking a court to temporarily block the ban so both sides can negotiate. The dispute arose because Anthropic wanted safeguards against its AI models being used for autonomous weapons or mass surveillance, while the Pentagon wanted unrestricted access for any lawful military purpose.

Elon Musk's AI company xAI received approval to operate 41 methane gas turbines at its Mississippi datacenter to power its AI supercomputers (large arrays of specialized computing chips used to train and run AI models), nearly doubling its current power capacity. These turbines will provide electricity for xAI's infrastructure that supports Grok, the company's AI chatbot product.

Anthropic, an AI company, refused to let the U.S. Department of Defense use its large language model (LLM, an AI trained on large amounts of text data) technology for surveillance, and the Pentagon retaliated by labeling the company a "supply chain risk." Anthropic is now asking courts to block this designation, arguing that forcing a company to change its code violates the First Amendment. The article explains that the government already collects vast amounts of personal data and uses AI to analyze it, creating risks for privacy and free speech, so companies should be allowed to add guardrails (safety limits built into AI systems) without government punishment.

Amazon has launched Health AI, a healthcare assistant available on its website and app that can answer health questions, explain medical records, and manage appointments by accessing users' health information through a secure nationwide system. While Amazon says Health AI operates in a HIPAA-compliant environment (meaning it follows healthcare privacy rules) and trains its models on abstracted patterns rather than identifiable patient data, researchers warn that companies may use user conversations for training purposes, though Amazon did not provide specific details about encryption methods or access controls.

Meta has acquired Moltbook, a social media platform designed specifically for AI agents (software programs that can autonomously perform tasks). The acquisition brings Moltbook's leadership into Meta's AI division and reflects growing interest in AI agents that can interact with each other and complete real-world tasks like managing calendars and sending emails.

Organizations face increasing cybersecurity challenges as AI becomes a double-edged sword, used by both attackers and defenders to identify threats. The key competitive advantage is not AI alone, but rather teams of skilled humans working together with AI tools, supported by strong resources and threat intelligence, to defend against AI-augmented attacks that can now be launched globally without geographic limitations.

This release (v0.14.16) of llama-index-core includes multiple security and stability fixes, including a critical security patch that adds RestrictedUnpickler to prevent unsafe deserialization (CWE-502, a vulnerability where untrusted data can be converted back into Python objects in unsafe ways). The update also introduces new rate-limiting features, fixes async/await issues that could block operations, and improves how the system handles tool calls and API retries across various AI model integrations.