AI Sec Watch

In 2026, organizations face a rapidly evolving cybersecurity landscape where attacks will be faster and cheaper due to AI and automation, while new threats like deepfakes (synthetic media that looks like real people), voice cloning, and agentic AI (AI systems that can plan and execute tasks autonomously) will erode trust in authentication and cloud access. Key challenges include the concentration of internet infrastructure among a few large providers (creating a single point of failure), supply chain attacks, and the shift toward treating identity as the primary security boundary rather than device security.

OpenChatBI is a chat-based business intelligence tool that uses large language models to help users analyze data through conversation. Before version 0.2.2, it had a critical path traversal vulnerability (CWE-22, a flaw that lets attackers access files outside their intended directory) in its save_report tool because it didn't properly check the file_format input parameter. This vulnerability had a CVSS score (severity rating) of 8.7, indicating it was high-risk.

Coding agents (AI systems that can execute code they write) should perform manual testing in addition to automated tests, since passing tests don't guarantee code works correctly in real-world scenarios. The source describes specific techniques for manual testing depending on the code type: using python -c for Python libraries, curl for web APIs, and browser automation tools like Playwright for interactive web interfaces.

OpenSift, an AI study tool that uses semantic search (finding information based on meaning rather than exact word matches) and generative AI to analyze large datasets, had a security vulnerability in versions before 1.6.3-alpha. The vulnerability was an SSRF (server-side request forgery, where an attacker tricks the server into making requests to unintended locations) that allowed attackers to bypass security checks by using private URLs, non-standard ports, or redirects that the URL intake system didn't properly restrict.

OpenSift is an AI study tool that uses semantic search (finding information based on meaning rather than exact keywords) and generative AI to analyze large datasets. Before version 1.6.3-alpha, the software had a path-injection vulnerability (a flaw where attackers could manipulate file paths to access files outside intended directories) in its file storage system, allowing potential unauthorized file read, write, or delete operations.

OpenSift, an AI study tool that uses semantic search (finding information based on meaning rather than exact word matches) and generative AI to analyze large datasets, had a security problem in versions before 1.6.3-alpha where it exposed sensitive information. Specifically, the tool returned raw error messages to users and leaked login tokens (credentials that prove who you are) in responses shown on the screen and in token rotation output (the process of replacing old credentials with new ones).

After the U.S. Department of War labeled Anthropic a supply-chain risk (a company whose products could pose security or operational risks to government systems), Microsoft announced it will continue offering Anthropic's Claude AI models to most customers through platforms like Microsoft 365 and GitHub, except to the Pentagon. The decision comes as other defense companies are moving away from Anthropic's technology toward competing AI providers like OpenAI.

The U.S. Department of Defense has designated Anthropic, an AI company, as a supply chain risk, which blacklists it from government contracts and requires defense contractors to certify they don't use Anthropic's Claude AI models in Pentagon work. Anthropic's CEO says the company will challenge this designation in court, claiming the dispute stems from disagreements over whether Anthropic's AI should be used for fully autonomous weapons or domestic mass surveillance, while the DOD wanted unrestricted access to Claude for all lawful purposes. This makes Anthropic the first American company to be publicly labeled a supply chain risk, a designation traditionally reserved for foreign adversaries.

Anthropic announced it will legally challenge the Department of Defense's decision to label the company a supply-chain risk (a designation that can prevent a company from working with the Pentagon), which the company's CEO called "legally unsound." The dispute arose because the DOD wanted unrestricted access to Anthropic's Claude AI system for all military purposes, while Anthropic refused to allow its AI to be used for mass surveillance or fully autonomous weapons. Anthropic argues the designation is too broad and violates the law's requirement to use the least restrictive means necessary to protect the supply chain.