All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Anthropic CEO Dario Amodei is meeting with White House officials to discuss Mythos, a new AI model that can identify security weaknesses in software. This meeting marks a potential improvement in relations between Anthropic and the Trump administration, which had previously blacklisted the company and ordered federal agencies to stop using its Claude AI models, though a court temporarily blocked that directive.
CoChat is a new platform designed to help teams work together with AI while adding visibility and governance (oversight and control) to shadow AI (unauthorized or untracked AI use within organizations). The platform aims to address the problem of AI tools being used without proper management or awareness by company leadership.
Nvidia currently dominates AI chip manufacturing, but startups are raising record funding to compete with alternative designs optimized for AI inference (deploying trained models in real applications). Investors are increasingly backing these new companies, with $8.3 billion raised globally in 2026, because they argue that purpose-built chip architectures can deliver significant energy and cost savings compared to Nvidia's GPUs, which were originally designed for gaming.
A security flaw in Cursor AI could allow attackers to gain shell access (the ability to run commands on a computer) by combining three techniques: indirect prompt injection (hiding malicious instructions in data that the AI reads rather than typing them directly), a sandbox bypass (escaping the restricted environment meant to contain the AI), and Cursor's remote tunnel feature (which allows access to machines over the internet). This chain of attacks could expose developer devices to unauthorized access.
A vulnerability in `langchain-openai` (a library for connecting to OpenAI's API) allowed attackers to bypass SSRF protection (server-side request forgery, where an attacker tricks a server into making requests it shouldn't) through DNS rebinding (changing what a domain name points to between two lookups). The flaw was in the image token counting feature, which validated URLs in one step and then fetched them in another, giving attackers a window to redirect requests to private networks. The actual risk is limited because stolen data cannot be extracted, though attackers could probe whether internal services exist.
A function in LangChain called `HTMLHeaderTextSplitter.split_text_from_url()` had a security flaw where it checked if a URL was safe initially, but then allowed HTTP redirects (automatic follow-ups to different URLs) without rechecking them. This meant an attacker could provide a safe-looking URL that secretly redirects to internal servers or sensitive cloud services, potentially leaking private data. The vulnerability affects versions of langchain-text-splitters before 1.1.2.
The article argues that AI systems aren't necessarily introducing entirely new security problems, but rather making existing vulnerabilities worse and easier to exploit. AI amplifies old bugs rather than creating fundamentally new ones.
Claude Mythos is Anthropic's latest AI model that can outperform humans at hacking and cybersecurity tasks, including finding and exploiting dormant bugs in old code. Anthropic restricted access to 12 major tech companies and 40+ organizations responsible for critical software through an initiative called Project Glasswing (a program designed to help secure important systems), rather than releasing it publicly, due to concerns from regulators, financial institutions, and government officials about potential risks to digital security.
Fix: Anthropic gave 12 tech companies and more than 40 organisations responsible for critical software access to Mythos via Project Glasswing, which it described as 'an effort to secure the world's most critical software.' Anthropic also offered to work with US government officials to 'help defend against the risk of these models.'
BBC TechnologyESCM is a toolkit that uses homomorphic encryption (a technique that lets computers process encrypted data without decrypting it first) to let cloud servers perform calculations on data from multiple users who each have their own encryption key. The toolkit addresses security risks by using a distributed two trapdoor cryptosystem with threshold decryption (a system where multiple servers must cooperate to decrypt data, so no single server can access the information alone), which protects against server collusion and outages.
This academic paper presents T3AT, a new cryptographic system for creating anonymous tokens (digital proof of eligibility that doesn't reveal who you are) that can be issued and verified by multiple parties working together, rather than requiring a single trusted authority. The system uses advanced mathematical techniques including threshold signatures (where multiple parties must cooperate to authorize something) and verifiable computation methods to ensure tokens cannot be transferred between users and cannot be forged, while maintaining privacy without needing trusted hardware or centralized control.
Malware often encrypts its network traffic (data sent over the internet) to hide its activities, making it hard to detect using traditional methods. Most existing detection systems need complete traffic data to work well, but this research presents DawnGuard, a new system that can identify encrypted malware traffic very early in an attack, when only a small amount of data is available, by using temporal graph learning (analyzing how multiple network connections relate to each other over time) and a Vision Transformer (a type of deep learning model that captures patterns across data). The system achieved 95.11% accuracy using just the first 20% of traffic data.
This research addresses a problem where AI models trained to identify radio transmitters (specific emitter identification, or SEI) fail when tested on different hardware receivers due to shortcut learning (when models rely on irrelevant patterns instead of genuine features). The authors propose MTL-SEI, a framework that uses adversarial training (a technique where two competing AI systems help each other improve) and multiple related learning tasks to teach models to ignore receiver-specific artifacts and focus on true transmitter fingerprints, achieving 88.50% accuracy on test data.
Researchers discovered that two widely-used encryption schemes for secure database searches (m-ORE and om-ORE, which allow multiple parties to query encrypted data without revealing the queries or data) can be attacked by a malicious client and server working together to insert fake records into the database. The team developed a new scheme called MORES that fixes this vulnerability while also making searches about one-third faster and more efficient than the older schemes.
Fix: The source proposes MORES, described as 'the first multi-client ORE scheme that preserves range-query functionality while provably resisting arbitrarily malicious participants.' The text indicates MORES can serve as 'an immediate drop-in replacement for encrypted-database systems that demand both efficiency and robustness in adversarial environments,' but does not provide implementation details, version numbers, or step-by-step deployment instructions.
IEEE Xplore (Security & AI Journals)This research proposes HeteroFed, a framework for federated learning (a distributed machine learning approach where multiple devices train a shared model without sending raw data to a central server) that addresses privacy and performance challenges in edge intelligence scenarios. The framework uses four main techniques: personalized model construction for different devices, dynamic gradient clipping (limiting how much model parameters can change), adaptive noise addition for privacy protection, and improved model aggregation to maintain accuracy despite privacy protections.
Fix: The source proposes HeteroFed as a solution framework containing four specific mechanisms: (1) heterogeneous model construction to enable personalized model training for different smart devices, (2) dynamic gradient clipping to dynamically adjust the magnitude of gradients on models uploaded by devices, (3) adaptive noise addition to customize differential privacy (mathematical techniques that add noise to protect individual data) protection based on device model convergence status, and (4) deviation-aware model aggregation for accurate model aggregation to mitigate noise perturbation effects.
IEEE Xplore (Security & AI Journals)This research paper examines macro-level collaborative leakage, which occurs when individually harmless data pieces reveal sensitive information when combined together. The authors conducted mathematical analyses to understand why this happens and found that the problem stems from how risk data (data that don't directly expose private information) correlate with sensitive information. While Gaussian distribution (a common bell-curve statistical pattern) can help prevent this type of leakage, the paper concludes that this protection is limited and more comprehensive security mechanisms are needed.
The White House is working to authorize a modified version of Anthropic's Claude Mythos model, an AI system that can identify cybersecurity vulnerabilities (weaknesses in software that attackers could exploit), for use by federal agencies. The move comes despite the Department of Defense maintaining a ban on contracting with Anthropic, and raises questions about what safety modifications and controls would be needed before deploying such a powerful AI tool in government.
Fix: According to Neil Shah, VP for research at Counterpoint Research, federal deployment modifications should include: keeping scanned code within isolated and air-gapped environments (systems physically disconnected from networks), ensuring data is not used to retrain the base model, implementing transparency requirements, and requiring human-in-the-loop review (where humans approve actions before they happen) before any bug fix is applied. The memo references that the OMB is 'setting up protections' and working with model providers and the intelligence community to ensure 'appropriate guardrails and safeguards are in place,' though specific technical details of these protections are not provided in the source text.
CSO OnlineAnthropic created Claude Mythos, an AI model so skilled at finding and exploiting software vulnerabilities (weaknesses in code that attackers can abuse) that the company restricted its access to about 50 large organizations instead of releasing it publicly. While this approach seems responsible, critics argue we lack key information to evaluate whether Mythos truly works as well as claimed, including how often it incorrectly flags safe code as vulnerable, and whether it can find bugs in less common software like medical devices or industrial control systems.
Palo Alto Networks is participating in Project Glasswing, an AI-based initiative led by Anthropic that uses Claude Mythos (an advanced AI model) to discover zero-day vulnerabilities (security flaws unknown to software makers) in operating systems and browsers across the industry. The company is also addressing the cybersecurity gap in AI deployments through recent acquisitions, including Protect AI for securing language models and AI agents, CyberArk for identity security, Chronosphere for managing AI-generated data, and Koi for protecting against risks from autonomous AI agents on user devices.
Anthropic is expanding access to Claude, a powerful AI model that was initially restricted to US companies like Amazon, Apple, and Microsoft, to UK banks in the coming week. Senior finance leaders have expressed concerns about the risks of deploying this tool in the financial sector.
The UK government is investing £500 million in British AI startups and urging the country to embrace AI technology, despite recent concerns about cybersecurity risks and job displacement. Technology secretary Liz Kendall acknowledged public worries but argued that the UK must pursue AI opportunities to create jobs and address global challenges, citing concerns raised when US startup Anthropic revealed an AI model with potential cybersecurity vulnerabilities.
Fix: Upgrade to `langchain-openai` version 1.1.14 or later (which requires `langchain-core` >= 1.2.31). The fix replaces the separate validation and fetch steps with an SSRF-safe httpx transport that resolves DNS once, validates all returned IPs against private/internal ranges in a single operation, pins the connection to the validated IP, and disables redirect following.
GitHub Advisory DatabaseFix: Upgrade to langchain-text-splitters version 1.1.2 or later (which requires langchain-core >= 1.2.31). The fix replaces the unsafe HTTP request method with an SSRF-safe HTTP transport that validates every request, including redirect targets. Additionally, the vulnerable function has been deprecated, and users should instead fetch HTML content themselves and pass it to `split_text()` directly.
GitHub Advisory Database