AI Sec Watch

Major AI companies like OpenAI and Anthropic face a "monetization cliff" where they must become profitable soon or risk collapse, since they've received hundreds of billions in investment but haven't generated enough revenue to justify those costs. AI agents (software programs that can perform tasks autonomously) consume far more computing power than expected, forcing these companies to make difficult choices like killing unprofitable products and restricting free access to conserve resources for their upcoming initial public offerings (IPOs, when companies sell shares to the public for the first time).

Researchers at RSAC found a way to bypass Apple Intelligence's guardrails (safety measures that prevent the AI from doing harmful tasks) using two techniques: the Neural Exect method and Unicode manipulation (using special characters to confuse the system). This means attackers could potentially trick Apple's AI into ignoring its safety restrictions.

Meta has released Muse Spark, its first new AI model after spending billions on hiring and infrastructure, but faces pressure to prove it can generate revenue from AI like competitors OpenAI and Google have done. The company is shifting from open-source models (like its previous Llama family) to a proprietary approach, planning to charge developers for API (application programming interface, a way for software to request data or services from other software) access after an initial preview period. Analysts believe Meta's real advantage lies not in competing with other AI labs for developers, but in using the model to improve its core business: advertising to the 3 billion monthly users of Facebook, Instagram, and WhatsApp.

This newsletter covers multiple topics including geopolitical tensions, AI regulation, and market movements, with a focus on Iran's ceasefire allegations against the U.S., Anthropic's court loss regarding Pentagon blacklisting over AI safeguard disagreements, and Federal Reserve expectations for interest rate cuts in 2026.

Researchers found that Google API keys (credentials that allow apps to access Google services) embedded in Android applications can be extracted from decompiled code (the readable version of compiled software), potentially allowing unauthorized access to Gemini endpoints (the AI service interfaces). This means attackers could use stolen keys to access Google's Gemini AI service without permission.

In March 2026, organizations faced an average of nearly 2,000 cyber-attacks per week, showing a slight 4-5% decrease but remaining at historically high levels. The threat landscape continues to be driven by automation, expanded attack surfaces from cloud adoption, and risks related to GenAI (generative AI, where systems create new content from training data) usage.

OpenAI has paused its Stargate project in the U.K., which was planned to deploy up to 8,000 graphics processing units (GPUs, the specialized hardware used to train and run AI models) for AI infrastructure. The company cited two main reasons: the U.K.'s high industrial energy costs and concerns about the country's regulatory environment, particularly new rules being developed around how AI models can use copyrighted work.

Shadow AI refers to AI tools that employees use without approval from their organization's IT and security teams, operating outside security oversight and creating hidden risks. Unlike shadow IT (unapproved software), shadow AI is particularly dangerous because it processes and stores sensitive data beyond security teams' visibility, leading to potential data leaks, expanded attack surfaces (new entry points for hackers), and bypassed security controls. The problem is spreading because AI tools are easy to use, instantly helpful, and many organizations lack clear policies on their use.

Trail of Bits released a new Testing Handbook chapter focused on security code review for C and C++, covering common bug classes like memory safety issues, integer errors, and type confusion across Linux, Windows, and seccomp (secure computing mode, a Linux feature that restricts system calls) environments. They are also developing a Claude skill that uses an LLM (large language model) to automatically find bugs by running checklist-based prompts against codebases. The handbook emphasizes manual code review techniques and includes platform-specific vulnerabilities like DLL planting on Windows and sandbox bypasses in Linux seccomp filters.