AI Sec Watch

Gushwork, an India-founded startup, is helping businesses get discovered through AI-powered search tools (systems like ChatGPT and Perplexity that use artificial intelligence to answer questions) by automatically creating search-optimized content and building backlinks (links from other websites that point to a business's site). The company raised $9 million in funding and reports that AI-driven search and chat platforms now account for about 40% of inbound leads for its customers, despite representing only 20% of website traffic.

A Chinese internet activist accidentally exposed details about coordinated political influence operations (organized campaigns to manipulate public opinion) that used ChatGPT to create negative content about Japan's Prime Minister Takaichi. The leak revealed how ChatGPT was being used as a tool to generate misleading material for political purposes.

Anthropic acquired Vercept, an AI startup that built tools for agentic tasks (AI systems that can independently perform complex actions), including a product called Vy that could control remote computers. Vercept's product will shut down on March 25, with some co-founders joining Anthropic while others, including investor Oren Etzioni, expressed disappointment about the acquisition ending the startup after just over a year.

Alphabet is folding its robotics software company Intrinsic into Google to streamline its business. Intrinsic developed Flowstate, a web-based platform that lets users build robotic applications without writing thousands of lines of code, addressing the challenge that programming robots remains extremely complex despite hardware becoming cheaper. By joining Google, Intrinsic will use Google's AI models and infrastructure to expand its industrial robotics platform for manufacturing and logistics.

LangGraph versions before 4.0.0 have a remote code execution vulnerability in their caching layer when applications enable cache backends and opt nodes into caching. The vulnerability occurs because the default serializer uses pickle deserialization (a Python feature that can execute arbitrary code) as a fallback when other serialization methods fail, allowing attackers who can write to the cache to execute malicious code.

The zae-limiter library has a security flaw where all rate limit buckets for a single user share the same DynamoDB partition key (the identifier that determines which storage location holds the data), allowing a high-traffic user to exceed DynamoDB's write limits and cause service slowdowns for that user and potentially others sharing the same partition. This vulnerability affects multi-tenant systems, like shared LLM proxies (AI services shared across multiple customers), where one customer's heavy traffic can degrade service for others.

n8n, a workflow automation tool, has a vulnerability where authenticated users with permission to create or modify workflows can exploit expression evaluation (the process of interpreting code within workflow parameters) to execute arbitrary system commands on the host server. This is a serious security flaw because it allows attackers to run unintended commands on the underlying system.

Flaws have been discovered in Claude (an AI assistant) that can put developers' computers at risk when Claude is used in software development workflows. These vulnerabilities could potentially affect supply chains, which are the networks of companies and systems that work together to deliver software and products.

n8n (a workflow automation tool) has a vulnerability where an authenticated user with workflow editing permissions could combine the Read/Write Files from Disk node (a component that modifies files on the server) with git operations (version control commands) to execute arbitrary shell commands (any commands an attacker chooses) on the n8n server. This requires the attacker to already have valid user access.