AI Sec Watch

Anthropic has updated Claude to make switching from other AI chatbots easier by adding memory features to the free plan and creating tools to import user data from competitors like ChatGPT and Gemini. These updates let users transfer the context and conversation history their previous AI already knows about them, so they don't have to re-teach Claude the same information.

OpenChatBI has a path traversal vulnerability (a security flaw where attackers can access files outside intended directories) in its save_report tool because it doesn't properly validate the file_format parameter, allowing attackers to use sequences like '/../' to write files to arbitrary locations and potentially execute malicious code.

CVE-2026-2256 is a command injection vulnerability (a flaw where an attacker tricks a program into running unwanted operating system commands) in ModelScope's ms-agent software versions v1.6.0rc1 and earlier. An attacker can exploit this by sending specially crafted prompts to execute arbitrary commands on the affected system.

Claude, an AI model made by Anthropic, became more popular after the Pentagon rejected it due to ethics concerns and chose OpenAI's ChatGPT instead for classified military networks. Claude reached the top spot on Apple's US app store chart shortly after this decision, showing that public interest in the model increased following the military conflict.

Apple is exploring using Google's servers to store data for an upgraded version of Siri that runs on Google's Gemini AI models (a large language model created by Google). This represents a deeper partnership between Apple and Google than previously announced, as Apple works to catch up in AI capabilities while maintaining its privacy standards.

Many users are switching from ChatGPT to Claude, an AI assistant made by Anthropic, following controversies over OpenAI's partnership with the Pentagon for potential military use. Claude has surged in popularity, with the company reporting record sign-ups and a 60% jump in free users since January. The article provides a guide for switching, including how to export your ChatGPT data, import it into Claude, and permanently delete your ChatGPT account.

OpenAI announced a deal allowing the US military to use its AI technology in classified settings, claiming it includes protections against autonomous weapons and mass surveillance, unlike Anthropic's rejected negotiations. However, legal experts note that OpenAI's agreement relies on the assumption that the government will follow existing laws and policies, rather than giving the Pentagon explicit prohibitions like Anthropic had proposed, meaning the military can still use the technology for any lawful purpose.

The Department of Defense has designated Anthropic (an AI company) as a "supply-chain risk" after the company refused to give the military unrestricted access to its AI systems, specifically declining to allow mass surveillance of Americans or autonomous weapons that can fire without human oversight. Hundreds of tech workers from major firms have signed an open letter opposing this designation, arguing it punishes the company for declining a contract and sets a dangerous precedent that could force other companies to accept government demands or face retaliation. The designation is not yet final, as the government must complete a risk assessment and notify Congress before it takes effect, and Anthropic says it will challenge the designation in court.

Google Chrome had a security flaw (CVE-2026-0628, a CVSS score of 8.8, which measures vulnerability severity from 0-10) that allowed malicious browser extensions to gain unauthorized access to the Gemini Live panel, a built-in AI assistant, and perform privileged actions like accessing cameras, microphones, and local files. The vulnerability was caused by insufficient policy enforcement in the WebView tag (a component that displays web content), which let attackers inject malicious code into pages that should have been protected.