AI Sec Watch

GitHub Copilot, a tool that uses AI to autocomplete code as developers write it, was one of the earliest successful AI applications, debuting in spring 2021 through a Microsoft and OpenAI partnership, long before ChatGPT became widely known. The article discusses how AI code-writing tools have become increasingly important in the tech industry.

CVE-2026-6126 is a missing authentication vulnerability in zhayujie chatgpt-on-wechat CowAgent version 2.0.4, affecting an administrative HTTP endpoint (a web-based control interface). An attacker can remotely exploit this flaw without needing valid credentials, and the exploit code has been publicly released.

This article argues that generative AI (machine learning systems that create new content like images or text) is harming the art world by using artists' work without permission to train itself, similar to a large-scale theft. The piece describes widespread concerns about AI in 2026, including environmental damage from data centers (large facilities that store and process information), harmful effects on users' mental health, and job displacement, issues that artists had warned about earlier.

Major AI companies like OpenAI are investing in policy papers, think tanks, and public engagement efforts to improve their public image as polls show growing disapproval of AI technology. OpenAI recently released a policy paper on industrial policy and opened a Washington DC office with space for non-profits and policymakers to learn about their technology, as part of a broader strategy to reshape how people perceive the AI industry.

Anthropic announced it created a powerful AI model called Mythos that it decided not to release publicly, citing cybersecurity risks as the reason. The announcement drew significant attention from government officials and politicians, though some skeptics question whether the decision was genuinely about security concerns or a publicity strategy to attract investment.

AI bots are creating fake music and uploading it to Spotify under the names of real musicians, including famous artists like jazz pianist Jason Moran and rapper Drake. Spotify has acknowledged the problem, removing over 75 million spammy tracks in 12 months, and says it is developing a new tool that will let artists review and approve releases before they go live on the platform.

At the HumanX AI conference in San Francisco, Anthropic's Claude Code (an AI coding agent, a tool that generates, edits and reviews code) has become the dominant topic in the AI industry, surpassing OpenAI's influence among executives and investors. Despite a legal dispute with the Department of Defense, Anthropic continues to gain momentum, with Claude Code generating over $2.5 billion in annualized revenue since its May 2025 public launch. The company's focus on coding rather than spreading resources across multiple AI products has positioned it well to capture enterprise contracts.

OpenAI has launched a new $100 Pro subscription tier to compete with Claude's pricing and target coders and enterprises. The new Pro plan sits between the existing $20 Plus and $200 Pro Max tiers, offering 5x higher usage limits than Plus and access to advanced features like Codex (a code-generation tool), deep research, and GPT-5. OpenAI's strategy mirrors Anthropic's approach of offering a mid-tier subscription designed specifically for people doing complex, high-stakes work.

A 20-year-old man was arrested after throwing a Molotov cocktail (a homemade incendiary weapon) at OpenAI CEO Sam Altman's home and then threatening arson at the company's San Francisco headquarters. No one was injured in the attack, and the suspect was taken into custody with charges pending. The incident occurred during a controversial period for OpenAI involving military partnerships and litigation.