AI Sec Watch

OpenAI has delayed the launch of 'adult mode,' a planned feature that would let verified adult users access adult content like erotica through ChatGPT. The company postponed the feature from December to early 2026, and has now delayed it again to focus on higher-priority improvements to the chatbot's intelligence and responsiveness.

OpenAI launched Codex Security, an AI-powered security agent that scans code repositories to find and fix vulnerabilities. During its beta testing, it scanned over 1.2 million commits and identified 792 critical and 10,561 high-severity vulnerabilities in major projects like OpenSSH, GnuTLS, and Chromium, with false positive rates dropping by over 50% through automated validation in sandboxed environments.

PinchTab is an HTTP server that lets AI agents control a Chrome browser. Before version 0.7.7, it had a Server-Side Request Forgery vulnerability (SSRF, a flaw where an attacker tricks a server into making requests to places it shouldn't, like internal networks or local files) in its /download endpoint that let any user with API access make the server request arbitrary URLs and steal the responses.

Anthropic, an AI company, is in a dispute with the US military over safety restrictions on its Claude AI model. Anthropic refuses to allow the government to use Claude for domestic mass surveillance (monitoring citizens' communications without proper oversight) or autonomous weapons systems (weapons that can select and attack targets without human control), while the Pentagon has declared Anthropic a supply chain risk (a company whose products pose a national security threat) for not agreeing to the government's demands, and Anthropic plans to challenge this designation in court.

OpenClaw is an open-source AI assistant platform created by Peter Steinberger that has gained popularity in the tech industry. The article describes a fan convention called ClawCon held in Manhattan to celebrate the platform and its community.

The Pentagon's chief technology officer reported disagreement with AI company Anthropic regarding autonomous warfare (military systems that can make decisions and take actions with minimal human control). The military is working on procedures to allow varying degrees of autonomy based on the level of risk involved in different situations.

Anthropic used Claude Opus 4.6 (a large language model, or LLM, which is an AI trained on vast amounts of text to understand and generate language) to find 22 security vulnerabilities in Firefox, including 14 classified as high-severity. The AI model discovered these bugs by scanning nearly 6,000 C++ files in just two weeks, demonstrating that AI can be effective at identifying security flaws in complex software.

The Trump administration released a cybersecurity strategy that emphasizes offensive cyber operations (proactive attacks on adversary networks rather than waiting to respond to attacks), deregulation of industry rules, and AI adoption. The strategy outlines six pillars including disrupting adversaries, reducing regulations, modernizing government networks with zero-trust architecture (a security model that doesn't automatically trust any user or device), and securing critical infrastructure like power grids and hospitals.

WeKnora, an AI database query tool, has a critical Remote Code Execution (RCE, where an attacker can run commands on a system they don't own) vulnerability caused by incomplete validation in its SQL injection protection system. The validation framework fails to check PostgreSQL array expressions and row expressions, allowing attackers to hide dangerous functions inside these expressions and bypass all seven security phases, leading to arbitrary code execution on the database server.