AI Sec Watch

AI tools are making cyberattacks faster and more dangerous by speeding up the discovery of vulnerabilities (security flaws in software), creating exploits (code that exploits those flaws), and planning multi-step attacks. Attackers can now run phishing (deceptive emails tricking users into revealing information), malware (malicious software), and vulnerability attacks at the same time, which reduces the time before a network gets compromised and gives defenders less time to respond.

AI coding agents are now generating software much faster than traditional security tools can scan it, creating a dangerous gap where vulnerabilities (security weaknesses) can be exploited in minutes instead of months. Wiz addresses this by embedding security directly into AI development tools through plugins and a "Green Agent" (an AI system that analyzes and recommends fixes for security issues), allowing developers to catch and fix problems in their code editor before the code is even submitted for review.

Microsoft's Azure SRE Agent had a critical authentication flaw (CVE-2026-32173, CVSS score 8.6, a 0-10 rating of severity) that allowed unauthorized attackers to eavesdrop on sensitive agent activity over the network without proper credentials. The vulnerability existed because the service's token validation (a credential check) accepted tokens from any tenant organization and never verified if the attacker actually belonged to the target organization, exposing user prompts, agent responses, executed commands, and credentials.

Security researchers found a prompt injection flaw (tricking an AI by hiding instructions in its input) in Google's Antigravity IDE that could bypass its Secure Mode sandbox protections and achieve RCE (remote code execution, where an attacker can run commands on a system they don't own). The vulnerability came from insufficient input validation in the file search tool's Pattern parameter, allowing attackers to inject malicious command-line flags that converted a simple file search into arbitrary code execution. Google acknowledged the issue in January and fixed it internally, and Antigravity users are now protected without needing to take action.

ChatGPT Images 2.0 is an updated image generation model (software that creates pictures from text descriptions) with better ability to render text within images, support for multiple languages, and improved visual reasoning (the ability to understand and analyze images). The announcement introduces new features but does not discuss security issues or problems requiring fixes.

Google patched a vulnerability in Antigravity, its agentic integrated development environment (IDE, a coding tool that can take autonomous actions), that allowed attackers to execute arbitrary code through prompt injection (tricking an AI by hiding instructions in its input). The flaw combined the tool's file-creation abilities with insufficient input validation in its find_by_name search function, letting attackers inject malicious commands that bypassed Antigravity's Strict Mode security restrictions.

AI company Anthropic announced it created a powerful model called Mythos Preview that can find and exploit software vulnerabilities (weaknesses that attackers could use), and decided not to release it publicly due to concerns about risks to economy, safety, and national security. However, some experts question whether the model is actually as capable as Anthropic claims, and the decision raises questions about whether this move is genuine responsibility or a publicity strategy.

Organizations typically have far more AI tools running than they realize, including unapproved ones that bypass traditional security controls, a problem called shadow AI (unauthorized AI usage that goes undetected). CrowdStrike's new Shadow AI Visibility Service addresses this by using telemetry-based evidence (data collected from system monitoring) to discover both approved and unapproved AI across endpoints, cloud, and SaaS environments, since most security teams lack visibility into their actual AI footprint.

Claude Code, an agentic coding tool (AI that can write and execute code), had a sandbox escape vulnerability before version 2.1.64 where sandboxed processes could create symlinks (shortcuts pointing to files outside their designated area) that allowed writing to locations outside the workspace without user permission. An attacker could exploit this by injecting malicious instructions into Claude Code's input, potentially executing code outside the intended sandbox.