AI Sec Watch

Google is releasing a new Gemini app for Mac that lets you quickly access the AI assistant using a keyboard shortcut (Option + Space) to open a floating chat window without leaving your current app. The app can read information from your screen to help answer questions, but requires you to grant permission to access your system's information first.

Anthropic experienced a brief outage on Wednesday affecting its Claude chatbot, API (application programming interface, the connection between software services), and Claude Code assistant, with elevated error rates beginning around 10:53 a.m. ET. By 1:50 p.m. ET, all systems were restored and operational, with login success rates stabilizing by 12:30 p.m. ET.

Starbucks has launched a beta app within ChatGPT (an AI chatbot) that helps customers discover new drinks by describing how they feel rather than browsing a menu. Customers can customize orders and select a location within ChatGPT, but must complete their purchase through the Starbucks app or website to maintain engagement with the company's loyalty program. This move is part of Starbucks' broader strategy to attract customers back to its cafes and appeal to younger consumers who prefer unique beverages.

Google released Gemini 3.1 Flash TTS, a new text-to-speech model that generates audio from text using prompts sent through the standard Gemini API. Unlike typical AI models, this one accepts detailed creative instructions (called prompts) to control how the audio sounds, including vocal style, pace, accent, and emotional tone, allowing users to create speech with specific characteristics like a particular regional accent or energetic delivery.

This item is a brief announcement about Gemini 3.1 Flash TTS (a text-to-speech feature for Google's Gemini AI model) posted on April 15, 2026. The content provided is primarily metadata and sponsorship information rather than substantive technical details about the feature or any security issue.

LangChain-ChatChat version 0.3.1 has a remote code execution vulnerability (RCE, where an attacker can run commands on a system they don't own) in how it handles MCP STDIO servers (a communication protocol for server connections). An attacker can access the exposed management interface, set up a malicious MCP server with commands of their choice, and then trigger those commands to run when the service processes agent requests.

Windsurf version 1.9544.26 has a prompt injection vulnerability (a technique where attackers hide malicious instructions in input to trick an AI system) that allows remote attackers to execute arbitrary commands on a victim's computer. When Windsurf processes attacker-controlled HTML content, it can be tricked into automatically registering a malicious MCP STDIO server (a communication interface for running code), giving attackers the ability to run commands without the user's knowledge.

Google has released Gemini 3.1 Flash TTS, a new text-to-speech model (software that converts written text into spoken audio) that produces more natural-sounding speech with better control over how the AI speaks. Developers can now use audio tags (special commands embedded in text) to adjust vocal style, pace, and delivery across over 70 languages, and all generated audio is watermarked with SynthID (a hidden marker that identifies AI-generated content) to help prevent misinformation.

A writer notices that ChatGPT and other AI systems are producing content using the rhetorical pattern "it's not X, it's Y" so frequently that this phrasing has become ubiquitous online, appearing in social media posts, fitness classes, and TV shows. The author compares this experience to obsessively noticing a specific detail until it dominates their perception, making the repetitive AI-influenced writing style impossible to ignore.