AI Sec Watch

Claude AI helped discover remote code execution (RCE, where attackers can run commands on a system they don't own) vulnerabilities in Vim and GNU Emacs text editors that trigger simply by opening a malicious file. In Vim, the issue involved improper security checks in modeline handling (special instructions at the start of a file), while in GNU Emacs, the vulnerability exploits automatic Git operations that run user-defined programs from untrusted configuration files.

This is a brief announcement about datasette-llm version 0.1a4, posted by Simon Willison on March 31, 2026. The content primarily promotes a monthly sponsorship option for curated LLM (large language model) news digests rather than discussing technical details, vulnerabilities, or features of the software itself.

OpenAI closed a record $122 billion funding round, valuing the company at $852 billion, with major investors including SoftBank, Amazon, and Nvidia. The company, which launched ChatGPT in 2022, now has over 900 million weekly active users and generates $2 billion in monthly revenue, though it is not yet profitable. OpenAI is preparing for a potential IPO while reducing spending on certain projects like its video app Sora.

ChatGPT is now available on Apple's CarPlay (Apple's in-car interface) if you have iOS 26.4 or newer and the latest ChatGPT app version. Users can only interact with ChatGPT through voice commands on CarPlay, not text, because Apple's guidelines restrict apps from displaying text or images as responses on the platform.

Anthropic, a major AI company, accidentally leaked part of the internal source code for Claude Code, its popular coding assistant tool, due to a packaging error. The company confirmed no customer data or credentials were exposed, but the leak could help competitors understand how the tool was built. Anthropic stated it is rolling out measures to prevent this from happening again.

The llm-all-models-async 0.1 plugin allows synchronous (blocking) AI models from LLM plugins to work as asynchronous (non-blocking) models by running them in a thread pool (a group of worker threads that handle tasks in parallel). This solves a compatibility problem where Datasette, which only supports async models, couldn't use sync-only plugins like llm-mrchatterbox.

Attackers compromised the npm account of Axios' lead maintainer and published malicious versions (axios@1.14.1 and axios@0.30.4) containing a remote access trojan (malware that gives attackers control over infected computers). The attack was detected within minutes and packages were removed within 2-3 hours, but the damage was significant because Axios receives roughly 100 million downloads per week and is used in 80% of cloud and code environments.

Version 0.30 of llm (a command-line tool for accessing large language models) added a new feature to its plugin system where the register_models() function can now receive an optional model_aliases parameter that shows all previously registered models and aliases from other plugins. The update also improved documentation by adding detailed explanations (docstrings) to public classes and methods.

Researchers at Palo Alto discovered a security weakness in Google's Vertex AI (Google's cloud platform for building and running AI applications) where AI agents could be given too many permissions, allowing attackers to steal data and access restricted cloud systems. The vulnerability stems from over-privileged configurations that give AI agents more access than they actually need to do their job.