AI Sec Watch

Anthropic, an AI company, filed a lawsuit against the Department of Defense after being labeled a supply chain risk (a government designation suggesting a company could threaten critical systems). Nearly 40 employees from competing AI companies OpenAI and Google, including prominent figures, filed a legal support document expressing concerns about this decision and its implications for AI technology.

Attackers are running a campaign called 'InstallFix' that uses malvertising (ads serving malware) combined with ClickFix tactics (fake warning popups that trick users into taking action) to direct people to fake websites pretending to be Claude, an AI coding assistant. The attack exploits how developers use AI tools and command-line interfaces (text-based programs that run on computers) to execute code.

The U.S. Defense Department banned Anthropic's AI models after a review by Pentagon technology leadership, designating the company a supply chain risk (a classification historically reserved for foreign adversaries) and requiring defense contractors to certify they don't use its technology. The decision surprised many officials who considered Anthropic's models superior and had deployed them in classified military networks, and defense experts worry it sets a troubling precedent while removing a trusted AI vendor that military personnel relied on.

vLLM has a bypass in its SSRF (server-side request forgery, where an attacker tricks a server into making requests to unintended targets) protection because the validation layer and the HTTP client parse URLs differently. The validation uses urllib3, which treats backslashes as literal characters, but the actual requests use aiohttp with yarl, which interprets backslashes as part of the userinfo section. An attacker can craft a URL like `https://httpbin.org\@evil.com/` that passes validation for httpbin.org but actually connects to evil.com.

Anthropic, an AI company, sued the US government after being labeled a 'supply chain risk' (a designation meaning a company's tools are considered unsafe for government use) in retaliation for refusing to remove safety restrictions on military use of its AI tools like Claude. The company argues the government's actions violate its free speech rights and are unlawful, claiming it had been negotiating compromises with the Defense Department before the administration publicly criticized the company and directed all agencies to stop using its tools.

Anthropic launched Code Review, an AI tool that automatically checks pull requests (code change submissions for review) to catch bugs and security issues before they enter the codebase. The tool integrates with GitHub, uses multiple AI agents working in parallel to analyze code from different angles, and provides step-by-step explanations of potential problems with color-coded severity levels to help developers prioritize fixes.

OpenAI is acquiring Promptfoo, a cybersecurity startup that provides tools to test and secure AI systems, particularly as AI agents (autonomous programs that can take actions) become more connected to real data and systems. Promptfoo's security tools will be integrated into OpenAI's Frontier platform, and OpenAI will continue supporting Promptfoo's open-source project that helps developers test different AI prompts and compare large language models (AI systems trained on massive amounts of text data).

OpenAI acquired Promptfoo, an AI security startup, to integrate its technology into OpenAI's enterprise platform for protecting AI agents from attacks. Promptfoo develops tools that help companies test security vulnerabilities in LLMs (large language models, the AI systems behind chatbots), addressing growing concerns that autonomous AI agents could be exploited to steal data or manipulate systems.

Anthropic, a major AI company, is suing the US Department of Defense after being labeled a supply-chain risk (a company whose products or services might pose security threats if compromised). The lawsuit claims the Trump administration retaliated against Anthropic for refusing to remove safety restrictions on its AI systems, particularly regarding mass surveillance and fully autonomous weapons (systems that make lethal decisions without human involvement).