AI Sec Watch

Anthropic's Mythos AI model, a tool designed to find security weaknesses in software, was accessed by unauthorized users through a private online forum using a contractor's credentials and basic internet research techniques. The model is capable of identifying and exploiting vulnerabilities (security flaws) in major operating systems and web browsers, which is why Anthropic warned it could be dangerous if misused.

AI tools like Anthropic's Mythos can find software vulnerabilities much faster than before, creating a problem: security teams must decide which vulnerabilities to fix first among thousands of options. Anthropic recommends using EPSS (Exploit Prediction Scoring System, a machine learning model that predicts which vulnerabilities are likely to be exploited in the next 30 days) to prioritize which vulnerabilities need immediate attention, similar to how weather forecasters predict whether you'll need an umbrella.

Anthropic is investigating a report that unauthorized users gained access to Mythos, an AI model designed to detect cybersecurity vulnerabilities that the company has kept private because it could be misused to enable cyber-attacks. A small group of people allegedly accessed the model without permission, prompting the company to look into the incident.

Terrarium, a Python sandbox developed by Cohere AI for running untrusted code in containers, has a critical vulnerability (CVE-2026-5752, CVSS 9.3) that allows attackers to execute arbitrary code with root privileges through JavaScript prototype chain traversal (a technique where attackers manipulate how JavaScript looks up object properties to access restricted functionality). Since the project is no longer maintained, a patch is unlikely, but CERT/CC recommends several defensive measures.

GitHub Copilot changed its pricing and usage limits for individual users because agentic workflows (AI agents that run long tasks automatically) consume far more computing resources than expected, with some users burning tokens (units of text processed by the AI) at much higher rates than before. The changes include pausing new individual plan signups, moving the most advanced Claude Opus 4.7 model to a more expensive $39/month tier, and switching to token-based usage limits tracked per session and per week instead of per-request charging.

Anthropic briefly updated its pricing page to move Claude Code (an AI coding agent feature) from the $20/month Pro plan to exclusive availability on $100-200/month Max plans, but quickly reverted the change after public backlash. Anthropic's Head of Growth claimed this was a test affecting only ~2% of new signups, though the change was widely visible and caused significant concern about affordability and lack of transparency.

OpenAI released Privacy Filter, an open-weight AI model designed to detect and remove personally identifiable information (PII, such as names, addresses, phone numbers, and account details) from text. The model uses context-aware language understanding rather than simple pattern matching, can run locally on a user's device to keep sensitive data from being sent to servers, and achieves state-of-the-art performance on privacy detection benchmarks. Developers can use, fine-tune, and integrate Privacy Filter into their own applications to build stronger privacy protections into AI systems.

SpaceX has announced a deal to either acquire Cursor, an AI-powered coding platform, for $60 billion or pay a $10 billion fee instead. This move aims to help xAI compete with other companies in the AI coding space, as major tech firms like Google and OpenAI are also investing heavily in their own AI programming tools.

Flowise, a tool with a visual interface for building customized AI flows, has a vulnerability before version 3.1.0 where authenticated attackers can execute arbitrary commands on the server. The flaw exists in the MCP (model context protocol) adapter's handling of stdio commands, where input sanitization checks fail to prevent attackers from combining safe commands like "npx" with code execution arguments to run malicious commands on the underlying operating system.