AI Sec Watch

A suspect in a mass shooting in Tumbler Ridge, British Columbia had conversations with ChatGPT describing gun violence, which triggered the chatbot's automated content review system (a safety filter that flags harmful content). OpenAI employees raised concerns that these posts could indicate a real-world threat and suggested contacting authorities, but company leaders decided the posts did not pose a credible and immediate danger and did not contact law enforcement.

A Russian-speaking hacker used generative AI services to breach over 600 FortiGate firewalls (network security devices) across 55 countries between January and February 2026. Rather than exploiting software flaws, the attacker scanned the internet for exposed firewall management interfaces, used brute-force attacks (trying many password combinations) with common passwords to gain access, then deployed AI-generated tools to automate reconnaissance and extract credentials from the breached networks. The attacker also targeted backup systems before attempting to deploy ransomware (malware that encrypts files and demands payment).

OpenClaw, a personal AI assistant, had a security flaw in versions 2026.2.13 and below on macOS where OAuth tokens (authentication credentials that prove you're logged in) could be used to inject malicious OS commands (commands that run at the operating system level) into the credential refresh process. An attacker could exploit this by crafting a specially designed token to execute arbitrary commands on the affected system.

Anthropic has launched Claude Code Security, a new AI feature that scans software codebases for vulnerabilities and suggests patches for human review. The tool uses AI reasoning to detect security issues that traditional scanning methods might miss, assigns severity ratings to findings, and requires human approval before any changes are made.

OpenAI banned a ChatGPT account belonging to a mass shooting suspect in June 2025, but did not alert authorities because the account activity did not meet the company's threshold for reporting (a credible or imminent plan for serious harm). The suspect later carried out an attack in Tumbler Ridge, British Columbia in February 2026 that killed eight people, leading OpenAI to contact police after the fact and announce it would review its reporting criteria with experts.

AI-generated fake videos showing absurd scenes of urban decline in Croydon, London are going viral on social media, with millions of views across TikTok and Instagram Reels. These deepfakes (AI-created videos that look real but are fabricated) are part of a trend called "decline porn" that portrays Western cities as overrun with immigrants and crime, often fueling racist comments and anger among viewers who believe them. The creator, known as RadialB, intentionally makes the videos look realistic to grab attention and doesn't take responsibility for how they spread divisive political narratives, despite adding small labels noting they are AI-generated.

EC-Council launched four new AI certifications and an updated executive program to address a major gap: AI technology is being adopted much faster than the workforce is being trained to secure and manage it. The credentials (covering AI essentials, program management, offensive security testing, and responsible governance) are built around a framework called Adopt. Defend. Govern. that helps organizations deploy, secure, and oversee AI systems responsibly as they move from experimental projects to critical infrastructure.

OpenAI detected a user account (Jesse Van Rootselaar) engaged in behavior suggesting violent activities through its abuse detection system, but decided the account activity did not meet the threshold for reporting to law enforcement because there was no imminent and credible risk of serious physical harm. Months later, the same person committed a school shooting in British Columbia that killed eight people, after which OpenAI retroactively contacted the Royal Canadian Mounted Police with information about the account and its usage.

A compromised npm publish token (a credential that allows someone to upload code to a package repository) was used to push a malicious update to the Cline CLI (command-line tool), which secretly installed OpenClaw, an AI agent with broad system access, on developers' machines without their knowledge. The malicious package sat on the registry for eight hours before being removed, and OpenClaw itself has a history of security vulnerabilities including prompt injection attacks (tricking an AI by hiding instructions in its input) and authentication bypasses.