AI Sec Watch

OpenSift, an AI study tool that searches through large datasets using semantic search (finding similar content based on meaning) and generative AI, has a vulnerability in versions 1.1.2-alpha and below where it can be tricked into requesting unsafe internet addresses through its URL ingest feature (the part that accepts web links as input). An attacker could exploit this to access private or local network resources from the computer running OpenSift.

OpenSift, an AI study tool that uses semantic search (finding information by meaning rather than exact keywords) and generative AI to analyze large datasets, has a vulnerability in versions 1.1.2-alpha and below where untrusted content is rendered unsafely in the chat interface, allowing XSS (cross-site scripting, where attackers inject malicious code that runs in a user's browser). An attacker who can modify stored study materials could execute JavaScript code when a legitimate user views that content, potentially letting the attacker perform actions as that user within the application.

MLflow contains a vulnerability (CVE-2026-2635) where hard-coded default credentials are stored in the basic_auth.ini file, allowing remote attackers to bypass authentication without needing valid login information and potentially execute code with administrator privileges. This flaw exploits the use of default passwords, a common security mistake where systems ship with unchangeable built-in login credentials.

TensorFlow has a vulnerability where it loads plugins from an unsafe location, allowing attackers who already have low-level access to a system to gain higher privileges (privilege escalation, where an attacker gains elevated permissions to do things they normally couldn't). An attacker exploiting this flaw could run arbitrary code (any commands they choose) with the same permissions as the target user.

MLflow Tracking Server has a directory traversal (a flaw where an attacker uses special path characters like '../' to access files outside intended directories) vulnerability in its artifact file handler that allows unauthenticated attackers to execute arbitrary code on the server. The vulnerability exists because the server doesn't properly validate file paths before using them in operations, letting attackers run code with the permissions of the service account running MLflow.

OpenAI is lowering its compute spending target to around $600 billion by 2030, down from a previously announced $1.4 trillion, because investors worried the company's expansion plans were too ambitious compared to expected revenue. The company projects $280 billion in revenue by 2030 and is raising over $100 billion in funding to support its infrastructure investments and compete with rivals like Google and Anthropic.

Taalas, a Canadian hardware startup, has created custom silicon (specialized computer chips) that runs Llama 3.1 8B (a type of AI language model that processes text) at 17,000 tokens per second (units of text the AI can process). The hardware uses aggressive quantization (a technique that compresses the model by reducing precision of its numerical values) with 3-bit and 6-bit parameters (different levels of data compression), and their next version will use 4-bit compression.

OpenClaw's ACP bridge (a local communication protocol for IDE integrations) didn't check prompt size limits before processing, causing the system to accept and forward extremely large text blocks that could slow down local sessions and increase API costs. The vulnerability only affects local clients sending unusually large inputs, with no remote attack risk.

This advisory describes a vulnerability in Google Cloud Vertex AI related to predictable bucket naming (a bucket is a container for storing data in cloud storage). The content provided explains the framework used to assess vulnerability severity through metrics like attack vector, complexity, and required privileges, but does not describe the actual vulnerability details, its impact, or how it affects users.