AI Sec Watch

n8n, a workflow automation tool, has a sandbox escape vulnerability in its JavaScript Task Runner that lets authenticated users run code outside the sandbox (a restricted environment for running untrusted code). On default setups, this could give attackers full control of the n8n server, while on systems using external task runners, attackers could impact other workflows.

n8n had a vulnerability in its Form nodes where an unauthenticated attacker could inject malicious code by submitting specially crafted form data that starts with an equals sign (=), which the system would then execute as an expression. While this vulnerability alone is limited, it could potentially lead to remote code execution if combined with another type of attack that bypasses n8n's expression sandbox (a security boundary that restricts what code can access).

Google and Samsung announced that Gemini, Google's AI assistant, will soon handle multi-step tasks on phones like ordering food or booking rides, starting with Pixel 10 and Galaxy S26 phones. This represents agentic AI features (AI that can take multiple actions toward a goal) that Apple had planned for Siri but delayed in March 2025 and hasn't yet released.

Thrive Capital, a venture capital firm (a company that invests in startups), invested about $1 billion in OpenAI at a $285 billion valuation in December 2024. OpenAI is currently finalizing a much larger funding round that could total over $100 billion and raise the company's valuation to $800 billion, with Thrive likely participating in this round as well.

Samsung's Galaxy S26 smartphone combines three AI assistants: Google's Gemini (which can now perform autonomous actions inside third-party apps), Perplexity for web searches, and an upgraded Samsung Bixby for on-device tasks. This multi-agent approach (using multiple separate AI systems together) gives Google's Gemini major market reach before Apple launches a Gemini-powered version of Siri later in 2025, with features that were originally planned for March or April now delayed to May or September.

LangChain's `RecursiveUrlLoader` component had a security flaw where it would validate an initial website address but then automatically follow redirects (automatic jumps to different URLs) without checking them, allowing attackers to redirect from a safe public URL to internal or sensitive endpoints. This vulnerability was fixed in version 1.1.18 of the `@langchain/community` package.

Google's Gemini AI can now automate tasks like booking Ubers or ordering food through DoorDash on certain Pixel 10 and Samsung Galaxy S26 phones. When you give Gemini a command like 'Get me an Uber to the Palace of Fine Arts,' it launches the app in a virtual window, completes the steps automatically, and lets you watch, pause, or take control if needed, though you must submit the final order yourself.

Google announced new Gemini features for Android phones that can automate multi-step tasks like ordering food or rides, along with improvements to scam detection and search capabilities. The automation feature is currently in beta and limited to certain apps and devices in the U.S. and Korea. To prevent problems, Google added protections so automations require explicit user commands, can be monitored and stopped in real time, and run in a secure virtual environment (an isolated space on your phone) that can only access limited apps.

Anthropic released a new Claude Code feature called "Remote Control" that lets you start a session on your computer and then control it remotely using Claude on web, iOS, and desktop apps by sending prompts to that session. The feature currently has several bugs, including permission approval issues, API errors, and problems with session termination, though the author expects these to be fixed soon.