AI Sec Watch

Broadcom has agreed to produce AI chips for Google and signed an expanded deal with Anthropic, giving the AI startup access to about 3.5 gigawatts of computing capacity (the amount of processing power available at one time) using Google's custom processors called TPUs (tensor processing units, which are specialized chips designed to run AI models). This reflects growing demand for the computing infrastructure needed to run generative AI (AI systems that create new text, images, or other content) at scale.

OpenAI has asked California and Delaware attorneys general to investigate what it calls 'anti-competitive behavior' by Elon Musk, claiming he is working to undermine the company through attacks and coordination with other rivals ahead of an April trial. OpenAI alleges that Musk has conducted opposition research on CEO Sam Altman, spread false allegations, and is using legal efforts to benefit his competing AI company xAI, which faces its own investigations for generating non-consensual explicit deepfake content.

Anthropic's Claude Code CLI and Claude Agent SDK have a vulnerability where authentication helper settings are executed with shell=true (allowing shell commands to run) without checking the input first. An attacker who can change settings like apiKeyHelper or awsAuthRefresh could inject shell metacharacters (special characters that have meaning in command shells) to run arbitrary commands with the user's privileges, potentially stealing credentials or accessing environment variables.

Anthropic's Claude Code CLI and Claude Agent SDK have a vulnerability where attackers can execute arbitrary commands (run any code they want) by inserting shell metacharacters (special characters like $() that tell the system to run commands) into file paths. Even though the code tries to protect these paths by wrapping them in double quotes, the POSIX shell (the command-line interface on Unix/Linux systems) still processes these injected expressions, giving attackers the same permissions as the user running the CLI.

Anthropic's Claude Code CLI and Claude Agent SDK have a vulnerability where attackers can run arbitrary commands by manipulating the TERMINAL environment variable (a setting that controls which terminal program to use). When the software constructs shell commands, it doesn't properly sanitize the TERMINAL variable, allowing attackers to inject shell metacharacters (special characters that have meaning to command interpreters) that get executed with the user's privileges.

text-generation-webui is an open-source web interface for running Large Language Models (AI systems that generate text). Before version 4.1.1, the application allowed users to save extension settings as Python files (code files that run on servers) in the main app directory, which could let attackers overwrite important Python files like 'download-model.py' and execute malicious code when users tried to download a new model.

PartitionedDataset in kedro-datasets had a path traversal vulnerability (a security flaw where an attacker uses ".." sequences to access files outside an intended directory) that allowed attackers to write files anywhere on a system by including ".." in partition IDs (identifiers for data sections). This affected all users regardless of storage type, local or cloud-based.

Economists warn that current tools for predicting AI's impact on jobs are inadequate because they only measure "exposure" (whether AI could theoretically do a job's tasks), which doesn't account for whether employers will actually replace workers or increase productivity instead. Economist Alex Imas calls for collecting new data on how AI actually changes specific jobs and industries, since knowing a job is 28% exposed to AI tells us little about whether that job will disappear, be transformed, or become more productive.

KubeAI, a tool that runs AI models on Kubernetes (a system for managing containerized applications), has a vulnerability in versions before 0.23.2 where attackers can inject malicious shell commands (arbitrary code execution instructions) through Model resource creation. The flaw exists because the ollamaStartupProbeScript() function doesn't properly validate user input when building commands that run during startup checks.