AI Sec Watch

Code coverage metrics can be misleading because they measure whether code runs, not whether it's actually tested—a gap that mutation testing (introducing intentional bugs to check if tests catch them) can reveal. The article announces MuTON and mewt, new mutation testing tools designed for AI agents that work across multiple programming languages, addressing limitations of older regex-based tools like universalmutator that were slow and couldn't handle complex code patterns.

Palo Alto Networks revealed security problems in Google Cloud Platform's Vertex AI (Google's AI service for building and deploying machine learning models) after researchers demonstrated how to weaponize AI agents, which are autonomous programs that can perform tasks with minimal human input. Google has begun addressing these disclosed security issues.

Anthropic confirmed that Claude Code's source code was accidentally leaked through an npm package (a JavaScript library repository) containing a source map file, exposing nearly 2,000 TypeScript files and over 512,000 lines of code. The leaked code revealed internal features like a self-healing memory architecture and a stealth mode for making hidden contributions to open-source projects, creating security risks because attackers can now study how the system works to bypass its safeguards. Additionally, users who downloaded the affected version between specific times on March 31, 2026 may have received a trojanized HTTP client (compromised software) containing malware.

Meta's smartglasses include a built-in camera and AI assistant (software that can understand and respond to user requests) that can describe what the wearer is looking at and provide information like weather forecasts. The article explores how these devices raise privacy concerns, with some people calling them problematic because they can record video of others without their knowledge or consent.

This article is a buying guide for Attack Surface Management tools, which help companies find and reduce the digital resources that attackers could potentially target. The article explains that CAASM (Cyber Asset Attack Surface Management) and EASM (External Attack Surface Management) tools continuously monitor for new assets and security configuration problems, with increasing use of agentic AI (AI systems that can take independent actions) to identify and reduce risks.

This is a brief announcement about datasette-enrichments-llm version 0.2a0, posted by Simon Willison on April 1st, 2026. The content primarily consists of a sponsorship pitch for a monthly email digest covering important LLM (large language model) developments, rather than discussing a specific security issue or technical problem.

datasette-llm-usage version 0.2a0 removed features for tracking allowances and pricing, which moved to a separate tool called datasette-llm-accountant, and added the ability to log complete prompts, responses, and tool calls (automated functions the AI can call) to a database table if enabled through a configuration setting. The simple prompt page was redesigned and now requires specific user permissions to access.

datasette-llm 0.1a5 is a release of a plugin that lets other software tools integrate with large language models. The update improves the llm_prompt_context() plugin hook (a mechanism that other plugins can connect to), so it now tracks both individual prompts and chains of prompts executed together, including tool call loops (repeated back-and-forth exchanges between the AI and external functions).

An Anthropic employee accidentally exposed the source code for Claude Code (an AI programming tool) by leaving a source map file (.map file, a debugging file that translates minified code back to human-readable form) in a package published on npm (a registry where developers share code). This is a security risk because hackers can use source maps to understand how the code works, find vulnerabilities, and potentially steal secrets like API keys that might be hidden in the code.