All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Researchers developed DiffMI, a new attack that can recover people's facial identities from face recognition systems by reversing the embeddings (compressed numerical representations of faces). Unlike previous attacks, DiffMI doesn't require expensive training on specific targets and can work against unseen faces and new recognition models, achieving success rates between 84-93% against systems designed to resist such attacks.
Canva released AI 2.0, a major update that adds prompt-based editing capabilities, allowing users to describe what they want and have the AI assistant create or modify designs accordingly. The update includes a new orchestration layer (a system that coordinates multiple AI models) that lets users access Canva's full toolkit through a single conversational interface instead of separate tools.
This article discusses how enterprise organizations can gain competitive advantage in AI by treating it as an operating layer (the combination of software, data capture, feedback loops, and governance that connects AI models to actual business operations) rather than just using AI as an on-demand service. The key difference is that an operating layer allows intelligence to accumulate and improve over time through organizational feedback, whereas calling an API (application programming interface, a way to request services from software) for each task treats AI as stateless and interchangeable. Incumbent organizations have a structural advantage because they already possess proprietary operational data, domain expert workers, and accumulated knowledge that startups must build from scratch.
Microsoft's Windows Recall feature remains vulnerable to data theft even after a security rebuild, because malware running with normal user permissions can extract captured screenshots and text without needing special access or breaking encryption. The vulnerability exists because decrypted data is processed in an unprotected part of the system where user-level code can reach it, despite Microsoft's claims that the redesigned architecture would prevent this type of attack.
Codex, an AI tool used by over 3 million developers weekly, has received a major update that lets it operate computers directly by seeing, clicking, and typing, generate images, remember user preferences, and integrate with 90+ developer tools and apps. The update adds features like background computer use (where the AI can work on your Mac without interfering with your own work), an in-app browser for web development, image generation, and the ability to schedule long-term tasks across multiple days or weeks. These improvements are designed to help developers move faster through all stages of software development, from writing code to reviewing changes, all within one workspace.
Scientists and environmental experts are developing new measurement tools to assess how well humans live alongside nature, moving away from metrics that focus only on environmental destruction and damage. Rather than using dread-based measurements like carbon parts per million, they're creating positive metrics that measure whether nature is thriving and accessible, being used with care, and being safeguarded. The United Nations is planning to launch a Nature Relationship Index (NRI) in 2026 that will rank countries on their human-nature relationships, aiming to shift how nations view their environmental programs.
Anthropic, the company behind the Claude AI chatbot, announced plans to expand its London office to accommodate 800 people, following a similar move by competitor OpenAI. The expansion reflects growing interest in establishing AI research and development hubs in the UK, which has strong AI talent and institutions focused on AI safety.
Researchers discovered a vulnerability called 'Comment and Control' that affects multiple AI coding assistants, including Claude Code, Gemini CLI, and GitHub Copilot Agents. The attack works by hiding malicious instructions in code comments, which the AI systems then follow as if they were legitimate user requests. This is a type of prompt injection (tricking an AI by hiding instructions in its input) that specifically targets AI tools designed to help developers write code.
Misconfigured cloud services (incorrectly set up cloud infrastructure) regularly cause data breaches, with studies showing that 28% of security professionals experienced cloud-related breaches and up to 70% of virtual machines (computing resources running on cloud platforms) have configuration errors. Common mistakes include failing to enable logging (recording system activity), monitoring, and MFA (multi-factor authentication, requiring multiple verification steps to access accounts), as well as leaving databases and services exposed on insecure networks instead of private ones.
The LangSmith SDK (a tool for monitoring AI applications) has a security flaw where its output redaction feature (hideOutputs in JavaScript, hide_outputs in Python) doesn't work for streaming token events. When an LLM produces streamed output, each piece of data is recorded as a new_token event with unredacted content that bypasses the redaction process entirely, potentially leaking sensitive information to LangSmith storage.
OpenAI has released GPT-Rosalind, a specialized AI model designed to help life sciences researchers work faster across biology, drug discovery, and medicine research. The model is built to assist with complex research workflows like literature review, hypothesis generation, and experimental planning by helping scientists connect to scientific tools and databases. It is available as a research preview through ChatGPT, Codex, and an API for qualified customers.
Public sector organizations face unique challenges deploying AI due to strict data security requirements, limited internet connectivity, and lack of GPU (graphics processing units, specialized computer hardware for running complex AI models) infrastructure. Small language models (SLMs, specialized AI models using billions rather than hundreds of billions of parameters) offer a practical solution because they can run locally on government systems, use less computing power than large language models (LLMs, the biggest AI systems like ChatGPT), and keep sensitive data under government control.
Fix: Use small language models (SLMs) instead of large language models (LLMs) in public sector environments. SLMs can be housed locally for greater security and control, are less computationally demanding, and allow sensitive information to be used effectively while avoiding operational complexity. Implement methods such as smart retrieval, vector search, and verifiable source grounding to build AI systems that meet public sector needs. Store data securely outside the model and access it only when queried, using carefully engineered prompts to retrieve only the most relevant information.
MIT Technology ReviewFix: According to the researcher, a short-term fix would be for Microsoft to add stronger code integrity and process protections to AIXHost.exe (the process that displays the Recall timeline), which currently has none. A longer-term solution would require Microsoft to either render data inside a protected process or use a compositing model where unencrypted data never leaves the secure enclave (a trusted area where sensitive operations happen).
CSO OnlineAI systems are now actively controlling weapons in warfare, but the assumption that human oversight provides adequate safeguards is flawed because humans cannot understand how AI systems make decisions (they are "black boxes" where even creators cannot fully interpret their reasoning). The real danger is that humans may approve AI actions without knowing the system's hidden reasoning, creating an "intention gap" between what operators think the AI will do and what it actually does.
Fix: The science of AI must comprise both building highly capable AI technology and understanding how this technology works. Huge advances have been made in developing and building more capable models, but the source text cuts off before completing this section on solutions.
MIT Technology ReviewIn 2024, 68% of cloud breaches were caused by compromised service accounts and forgotten API keys, which are unmanaged non-human identities (automated credentials like tokens and API keys) that attackers can exploit. Organizations have 40 to 50 automated credentials per employee, most remaining active and unmonitored after projects end or employees leave, creating security risks that traditional identity management systems cannot address. The webinar promises to teach how to discover, right-size permissions for, and automatically revoke these 'ghost identities' using a discovery scan, permission framework, lifecycle policy, and cleanup checklist.
Fix: The source describes a framework that includes: (1) running a full discovery scan of every non-human identity in your environment, (2) implementing a framework for right-sizing permissions across service accounts and AI integrations, (3) setting up an automated lifecycle policy so dead credentials get revoked before attackers find them, and (4) using a ready-to-use Identity Cleanup Checklist provided during the webinar session.
The Hacker NewsAnthropic's Mythos AI model, released through Project Glasswing (a controlled access program for vetted organizations), has generated significant hype for its offensive security capabilities, but VulnCheck's analysis found only one CVE (common vulnerabilities and exposures, a list of known security flaws) explicitly attributed to the project itself. Despite the limited number of publicly confirmed discoveries, security experts view Mythos as significant because it achieved a 72% exploit success rate (the ability to successfully turn vulnerabilities into working attacks), suggesting that advanced AI exploit development is no longer a specialized skill and this capability will likely spread to other AI models and organizations without the same safety protections.
Major insurance companies are withdrawing or limiting coverage for AI-related mistakes and damages because they cannot understand how AI systems reach their conclusions, a problem called lack of explainability (the inability to see the reasoning behind an AI's output). Some insurers are declining to cover AI errors entirely, while others are significantly raising prices, creating a situation where companies using AI may struggle to find affordable insurance for AI-related risks.
Researchers studied how humans behave when playing strategic games (like a guessing game where players try to guess 2/3 of the average guess) against AI language models (LLMs) versus other humans. They found that people choose much lower numbers when playing against LLMs, especially people who are good at strategic thinking, because they believe LLMs will reason carefully and cooperate fairly rather than try to win.
CrowdStrike has been selected for OpenAI's Trusted Access for Cyber (TAC) program, which gives verified security defenders controlled access to GPT-5.4-Cyber, a frontier model (a cutting-edge AI system designed for a specific task) built for defensive cybersecurity. As AI agents become more common in enterprise systems, CrowdStrike addresses security challenges by monitoring AI execution at endpoints (the individual computers and devices where AI actually runs), tracking over 1,800 AI applications to ensure governance and detect suspicious actions.
Fix: The source provides nine tips for more secure cloud configurations, including: (1) Implement Multi-Factor Authentication for all cloud access, not just certain users; (2) Use private networks for all services by configuring databases and cloud services to communicate only over private networks. The text also recommends involving cybersecurity teams in cloud decisions from the start, conducting due diligence during mergers and acquisitions, and regularly resetting user permissions after development is complete rather than leaving expanded access in place.
CSO OnlineOpenAI has launched Trusted Access for Cyber, a program that gives advanced AI cybersecurity tools to defensive security teams while controlling access based on trust and validation. The program provides $10 million in API credits to help defenders of all sizes, from small open-source teams to major enterprises, use frontier AI models (advanced, cutting-edge AI systems) to protect digital infrastructure.
Apache ActiveMQ has a vulnerability where it doesn't properly check user input, allowing attackers to inject malicious code (code injection, where an attacker inserts commands into an application). This vulnerability is currently being actively exploited by real attackers.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. The due date for action is 2026-04-30.
CISA Known Exploited Vulnerabilities