Anthropic Hit by Unprecedented AI Export Controls: The Trump administration ordered Anthropic to block all foreign nationals from accessing its Fable 5 and Mythos 5 models, marking the first time U.S. export controls have restricted an AI model in this way, reportedly triggered by concerns that Amazon researchers prompted the model to generate information useful for cyberattacks. Anthropic disagreed with the suspension and criticized the process as lacking transparency, while the government has not publicly explained the legal basis for the order.
Critical Unauthenticated File Upload Flaw in Langflow: Langflow versions before 1.9.1 allow anyone with network access to upload unlimited data without authentication, exhausting disk space to cause DoS (denial of service, making the system unavailable) and leaking exact file paths that could enable attackers to chain multiple exploits together (CVE-2026-55450, critical severity).
SQL Injection in LangChain4j Embedding Stores: LangChain4j's MariaDB and pgvector embedding stores improperly escape metadata filter keys before inserting them into SQL queries, allowing attackers who control filter keys to inject arbitrary SQL commands that could steal data, cause denial of service, or delete database rows (CVE-2026-55405, high severity).
Malicious JetBrains Plugins Harvest AI API Keys: Researchers discovered 15 malicious plugins on the JetBrains Marketplace disguised as AI coding assistants that steal API keys (authentication credentials for paid AI services like OpenAI and DeepSeek) and send them to attacker servers, with some credentials being resold to other criminals in an apparent monetization scheme.
Tenet Security Launches Real-Time AI Agent Defense Platform: Tenet Security emerged from stealth with $6 million in funding to address a critical security gap, using patent-pending technology with lightweight runtime sensors that monitor OS behavior, network calls, and agent reasoning to predict and block harmful actions from AI agents (autonomous software that makes decisions and takes actions) before they execute, defending against both agentjacking (malicious manipulation of AI agents) and autonomous agent malfunctions.
Critical vLLM and LiteLLM Authentication Bypasses via Host Header Injection: Multiple LLM inference platforms contain critical authentication bypass vulnerabilities where attackers can craft malicious Host headers (the part of a web request specifying which server is contacted) with special characters to circumvent API key checks. vLLM (CVE-2026-48746) and LiteLLM (CVE-2026-49468) both fail to properly validate requests before authentication, allowing unauthorized API access on directly exposed instances.
Langflow RCE in Shareable Playgrounds Allows Unauthenticated Code Execution: Langflow's Shareable Playground feature contains a critical vulnerability (CVE-2026-48519) where unauthenticated attackers can execute arbitrary Python code by modifying the code field in API requests to `/api/v1/build_public_tmp`, achieving complete RCE (remote code execution, where attackers run commands on systems they don't own) without any credentials.
One-Click Microsoft 365 Copilot Vulnerability Enabled Complete Data Exfiltration: A critical vulnerability chain in Microsoft 365 Copilot (now patched as CVE-2026-42824) allowed attackers to steal emails, calendar data, and MFA codes through a single malicious link by exploiting parameter-to-prompt injection (inserting malicious instructions via URL parameters), an HTML rendering race condition, and SSRF (server-side request forgery, tricking a server into making requests to unintended locations) through Bing. The attack required no password entry or additional user interaction beyond the initial click.
U.S. Government Orders Shutdown of Anthropic's Latest Models Over Unspecified Security Concerns: The Trump administration issued an export control directive forcing Anthropic to disable global access to its Fable 5 and Mythos 5 models, citing national security risks from a potential jailbreak (method to bypass AI safety restrictions), prompting dozens of cybersecurity experts to publish an open letter arguing the ban removes critical defensive tools while adversaries retain access to similar capabilities in other widely available models. Anthropic is meeting with administration officials to resolve the dispute after complying with the shutdown order.
Meta's $14.3 Billion Pivot to Proprietary AI Models: Meta hired Alexandr Wang and his team to build the Muse Spark model, marking a departure from its open-source Llama strategy after failing to attract developers. The company now faces the challenge of convincing investors it can monetize AI beyond its advertising business, which still generates 98% of revenue.
White House Restricts Anthropic's Mythos Model Over China Access Concerns: Export controls were reportedly imposed on Anthropic's Mythos AI model after suspected access by a China-linked group. Officials fear adversaries could use distillation (training a simpler model to mimic a more advanced one's behavior) to reverse engineer the system's capabilities.
No new AI/LLM security issues were identified today.
No new AI/LLM security issues were identified today.
No new AI/LLM security issues were identified today.
No new AI/LLM security issues were identified today.
Hades Malware Evades AI Security Tools via Prompt Injection: A sophisticated campaign targeting Python developer environments uses adversarial prompt injection (embedding malicious instructions in text to mislead AI systems) to bypass AI-powered security scanners, while also harvesting credentials, replicating across systems, and extracting sensitive data from memory. The malware infiltrates through compromised Python packages and leverages the Bun JavaScript runtime to execute payloads.
Perplexity AI Targets 2028 IPO Amid Industry Uncertainty: The company's CEO confirmed plans for a 2028 initial public offering independent of outcomes for competitors Anthropic and OpenAI, signaling confidence despite upcoming tests of investor appetite for high-valuation AI firms.
Code Injection Flaw in AWS AgentCore CLI for Bedrock Agents: CVE-2026-11393 affects AWS AgentCore CLI versions 0.4.0 through 0.14.1, allowing attackers with certain permissions to inject malicious Python code via improper escaping of triple-quote characters in agent configuration fields. No mitigation has been disclosed yet for this high-severity vulnerability in a tool used to manage AI agents on Amazon Bedrock.
Two High-Severity Memory Exhaustion Flaws in Netty's Redis Components: CVE-2026-44250 allows attackers to crash servers by sending deeply nested Redis arrays that exhaust memory through unbounded state object creation, while CVE-2026-44890 enables DoS (denial of service, preventing legitimate users from accessing a system) by sending malformed Redis messages without proper line endings across multiple connections, exhausting the server's direct memory pool used for I/O operations.
Google Vertex AI SDK Hijacking Enables Cross-Tenant Model Poisoning: Researchers discovered a critical flaw in Google Cloud's Vertex AI SDK for Python (versions 1.139.0 and 1.140.0) that allows attackers to hijack model uploads through bucket squatting (exploiting predictable cloud storage bucket names). By predicting and pre-creating a victim's storage bucket using their public project ID, attackers can inject malicious code that executes when the poisoned model deploys, achieving cross-tenant RCE.
U.S. Export Controls Shut Down Anthropic's Advanced Models Over Vulnerability Research Capabilities: Anthropic pulled its Claude Fable 5 and Mythos 5 models offline to comply with U.S. government directives restricting foreign national access, citing the models' advanced ability to discover and exploit software vulnerabilities. Security executives have publicly challenged the ban, arguing that similar capabilities already exist in competing models and that restricting one vendor is ineffective when open-source alternatives will develop equivalent features within months.
Critical LiteLLM Gateway Vulnerability Chain Grants Full Admin Access: LiteLLM, a widely-deployed open-source AI gateway (routing system for AI requests), contains three chained vulnerabilities (CVSS 9.9) that allow low-privilege users to escalate to admin, bypass authorization, and execute arbitrary code on servers, exposing all provider API keys, encrypted credentials, and transit data including prompts and responses (CVE-2026-47101, CVE-2026-47102, CVE-2026-40217). The compromise enables attackers to manipulate AI responses in real time and maintain persistent access.
Attackers Weaponize AI Safety Mechanisms for Denial-of-Service: Researchers discovered that AI agent guardrails (safety systems checking AI behavior) can be exploited by inserting malicious content into documents, causing security mechanisms to enter extended reasoning loops that slow systems up to 148 times normal speed or crash shared AI infrastructure entirely. This reasoning-extension DoS attack targets the safety layer itself rather than attempting jailbreaks, and works across multiple AI frameworks and LLM families.
Microsoft Restructures AI Division to Pursue Superintelligence Independently: Following an October renegotiation with OpenAI, Microsoft's AI division now operates independently to develop frontier models (cutting-edge AI systems at the limits of current capabilities) and pursue superintelligence (AI systems surpassing human abilities across all domains), marking a strategic shift in the partnership between the two companies.