AI Sec Watch

Flowise's CSVAgent has a code injection vulnerability where user-provided custom Pandas CSV read code is inserted directly into executable Python code without sanitization, allowing an authenticated attacker to execute arbitrary commands on the server (RCE, or remote code execution). An attacker can create a malicious chat flow and trigger it via API requests to run commands like `os.system()` through the `pyodide` Python runtime.

Flowise's AirtableAgent has a remote code execution (RCE, where an attacker can run commands on a system they don't own) vulnerability because user input is inserted directly into Python code without sanitization. An attacker can use prompt injection (tricking an AI by hiding instructions in its input) to bypass the intended behavior and execute arbitrary code when the system processes Pandas (a Python library for working with data) operations.

Release llm-anthropic 0.25 adds a new Claude model (claude-opus-4.7) with advanced thinking capabilities, introduces options to display and adapt AI reasoning output, raises the default token limits (the maximum length of AI-generated responses) for all models, and removes outdated code that was no longer needed for older models.

Google is connecting its Gemini chatbot to users' personal Google Photos library through a feature called Nano Banana (an image generation tool, meaning software that creates pictures from text descriptions). Users who opt in to Personal Intelligence (a feature that links Google apps together for customized responses) can ask Gemini to generate images based on their private photos, like "create a claymation image of me and my family," without manually uploading photos each time.

A blogger compared two newly released AI models (Qwen3.6-35B-A3B and Claude Opus 4.7) by asking them to generate SVG images (scalable vector graphics, a format for drawing pictures with code) of pelicans and flamingos performing tasks like riding bicycles. The Qwen model, running on a laptop as a quantized version (a compressed version that uses less computer memory), produced better images than Anthropic's Claude Opus 4.7, though the blogger notes this creative task may not reflect which model is actually more useful for real-world problems.

OpenAI has updated Codex, its agentic coding system (an AI that can independently perform multi-step coding tasks), to control desktop applications, generate images, and remember previous interactions. The new features let Codex operate apps in the background without interrupting user work and allow multiple agents (separate AI instances) to work simultaneously, which OpenAI says is useful for testing frontend changes and working with applications that don't have APIs (standardized ways for software to communicate).

Google is updating AI Mode (a chatbot-like search feature built into Chrome) with a new feature that opens source links in a side-by-side view instead of in a new tab, letting you compare the website content with your chat conversation at the same time. This upgrade makes it easier to ask follow-up questions about information you're reading without switching between multiple windows.

Hackers are exploiting a critical vulnerability in Marimo (a Python notebook tool) called CVE-2026-39987 (remote code execution, where attackers can run commands on systems they don't own) to deploy NKAbuse malware from Hugging Face Spaces (a platform for sharing AI applications). The attacks began within 10 hours of technical details becoming public, with attackers using fake application names to trick users into downloading malware that steals credentials and allows remote control of infected systems.

Anthropic released Claude Opus 4.7, a new AI model that excels at software engineering and following instructions but has intentionally reduced capabilities in cybersecurity tasks compared to its more powerful Claude Mythos Preview model. The company implemented safeguards that automatically detect and block requests for prohibited or high-risk cybersecurity uses, and is using this release to learn how to safely deploy more powerful models in the future.