All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
This is an academic survey paper that reviews different prompting frameworks, which are structured approaches to asking large language models (AI systems trained on huge amounts of text) questions or giving them instructions to complete tasks. The paper, published in a major computer science journal, catalogues and analyzes various methods researchers have developed to improve how effectively people interact with and get useful results from LLMs.
A vulnerability in the Linux kernel's AppArmor security module (a tool that controls what programs can access on a system) causes the system to crash when removing many nested profiles due to stack exhaustion from recursive function calls. The fix replaces the recursive profile removal method with an iterative approach (a method that repeats steps instead of calling itself) that achieves the same result without using excessive memory.
Palo Alto Networks revealed security problems in Google Cloud Platform's Vertex AI (Google's AI service for building and deploying machine learning models) after researchers demonstrated how to weaponize AI agents, which are autonomous programs that can perform tasks with minimal human input. Google has begun addressing these disclosed security issues.
This is a brief announcement about datasette-enrichments-llm version 0.2a0, posted by Simon Willison on April 1st, 2026. The content primarily consists of a sponsorship pitch for a monthly email digest covering important LLM (large language model) developments, rather than discussing a specific security issue or technical problem.
datasette-llm-usage version 0.2a0 removed features for tracking allowances and pricing, which moved to a separate tool called datasette-llm-accountant, and added the ability to log complete prompts, responses, and tool calls (automated functions the AI can call) to a database table if enabled through a configuration setting. The simple prompt page was redesigned and now requires specific user permissions to access.
datasette-llm 0.1a5 is a release of a plugin that lets other software tools integrate with large language models. The update improves the llm_prompt_context() plugin hook (a mechanism that other plugins can connect to), so it now tracks both individual prompts and chains of prompts executed together, including tool call loops (repeated back-and-forth exchanges between the AI and external functions).
An Anthropic employee accidentally exposed the source code for Claude Code (an AI programming tool) by leaving a source map file (.map file, a debugging file that translates minified code back to human-readable form) in a package published on npm (a registry where developers share code). This is a security risk because hackers can use source maps to understand how the code works, find vulnerabilities, and potentially steal secrets like API keys that might be hidden in the code.
Gradient Labs has built an AI system that acts as a dedicated account manager for bank customers, handling complex issues like fraud and blocked payments by following strict procedures. The system uses OpenAI models (specifically GPT-5.4 mini and nano for production) and includes 15+ guardrail systems (safety checks running in parallel) to ensure conversations stay compliant and accurate, achieving 97% trajectory accuracy (following the correct procedure path from start to finish) compared to competitors at 88%.
TorchGeo versions 0.4–0.6.0 had a critical vulnerability where the `eval` function (a Python function that executes code from text input) was used in the model weight API, allowing attackers to run arbitrary commands on systems using the library. Any platform exposing TorchGeo's get_weight() or trainers functions publicly was at risk.
OpenClaw had a vulnerability in its SSRF guard (a security check that blocks requests to internal network addresses), which incorrectly classified certain IPv6 special-use ranges (reserved address groups in the newer internet protocol) as public. This allowed attackers to potentially access internal or non-routable addresses that should have been blocked.
OpenClaw's host environment sanitization (a security check that removes dangerous settings before running code) was missing protections for two environment variables: `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE`. An attacker could exploit this by approving a code execution request that redirects git or AWS tools to attacker-controlled files, allowing them to run untrusted code or steal credentials.
OpenClaw's jq safe-bin policy had a security flaw where it blocked direct `env` commands but still allowed access to environment variables through the `$ENV` filter, potentially letting approved commands leak sensitive environment data. This vulnerability affected versions up to 2026.3.24 in the file `src/infra/exec-safe-bin-semantics.ts` (the code that enforces safe command restrictions).
Claude Code users are experiencing unexpected rapid consumption of tokens (the units of payment for using AI services), hitting their usage limits much faster than expected. Anthropic announced it is investigating the issue as a top priority, though the exact cause remains unclear. The problem may be compounded by recent peak-hour throttling (slowing service during high-demand times to manage load), which causes tokens to be consumed more quickly.
Code coverage metrics can be misleading because they measure whether code runs, not whether it's actually tested—a gap that mutation testing (introducing intentional bugs to check if tests catch them) can reveal. The article announces MuTON and mewt, new mutation testing tools designed for AI agents that work across multiple programming languages, addressing limitations of older regex-based tools like universalmutator that were slow and couldn't handle complex code patterns.
Fix: Replace the recursive __aa_profile_list_release() approach with an iterative approach in __remove_profile(). The function repeatedly finds and removes leaf profiles until the entire subtree is removed, maintaining the same removal semantic without recursion.
NVD/CVE DatabaseAnthropic confirmed that Claude Code's source code was accidentally leaked through an npm package (a JavaScript library repository) containing a source map file, exposing nearly 2,000 TypeScript files and over 512,000 lines of code. The leaked code revealed internal features like a self-healing memory architecture and a stealth mode for making hidden contributions to open-source projects, creating security risks because attackers can now study how the system works to bypass its safeguards. Additionally, users who downloaded the affected version between specific times on March 31, 2026 may have received a trojanized HTTP client (compromised software) containing malware.
Fix: Anthropic stated it is 'rolling out measures to prevent this from happening again.' Users who installed or updated Claude Code via npm on March 31, 2026 between 00:21 and 03:29 UTC are advised to immediately downgrade to a safe version and rotate all secrets (regenerate passwords and access keys).
The Hacker NewsMeta's smartglasses include a built-in camera and AI assistant (software that can understand and respond to user requests) that can describe what the wearer is looking at and provide information like weather forecasts. The article explores how these devices raise privacy concerns, with some people calling them problematic because they can record video of others without their knowledge or consent.
This article is a buying guide for Attack Surface Management tools, which help companies find and reduce the digital resources that attackers could potentially target. The article explains that CAASM (Cyber Asset Attack Surface Management) and EASM (External Attack Surface Management) tools continuously monitor for new assets and security configuration problems, with increasing use of agentic AI (AI systems that can take independent actions) to identify and reduce risks.
Fix: According to secure coding trainer Tanya Janca, developers should: (1) disable source maps in the build/bundler tool; (2) add the .map files to the .npmignore or package.json files field to explicitly exclude them, even if generated during the build by accident; and (3) exclude them from production. Anthropic stated they are 'rolling out measures to prevent this from happening again,' though specific details are not provided in the source.
CSO OnlineFix: The source describes Gradient Labs' approach to ensuring reliability rather than discussing a fix to a problem: they replay real customer conversations to compare system behavior against expected procedures, generate synthetic conversations to test edge cases before deployment, and give teams control over how the system is introduced by analyzing historical support data to map customer issue types.
OpenAI BlogAnthropic accidentally leaked the closed-source code for Claude Code when they published version 2.1.88 on NPM, which included a 60 MB source map file (a debugging file that links compiled code back to original source code) containing approximately 1,900 files and 500,000 lines of code. Anthropic confirmed no customer data or credentials were exposed and stated this was a human error in release packaging, not a security breach. The company is also investigating a separate bug where Claude Code users are hitting usage limits much faster than expected.
Fix: Anthropic stated they are 'rolling out measures to prevent this from happening again.' The company has also begun issuing DMCA infringement notifications to take down the leaked source code where possible online.
BleepingComputerFix: The `eval` statement was replaced with a fixed enum lookup (a safer way to match input to predefined options). Users are encouraged to upgrade to TorchGeo 0.6.1 or newer. For unpatched versions, input validation and sanitization (checking and cleaning user input before processing) can be used to avoid the vulnerability.
GitHub Advisory DatabaseGoogle Dawn has a use-after-free vulnerability (a bug where software tries to use memory that has already been freed), which could let a remote attacker run arbitrary code on affected systems through a malicious HTML page. This affects multiple Chromium-based browsers including Chrome, Edge, and Opera, and is currently being exploited by attackers.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. For more information, see the Chrome releases blog and the NVD vulnerability database (links provided in source).
CISA Known Exploited VulnerabilitiesFix: Update OpenClaw to version 2026.3.28 or later. The fix was implemented in commit d61f8e5672 with the change "Net: block missing IPv6 special-use ranges."
GitHub Advisory DatabaseFix: Upgrade to OpenClaw version 2026.3.28 or later. The fix was implemented in commit `6eb82fba3c` titled 'Infra: block additional host exec env keys', which adds `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` to the blocklist in `src/infra/host-env-security-policy.json` and `src/infra/host-env-security.ts`.
GitHub Advisory DatabaseFix: Update to version 2026.3.28 or later. The fix was implemented in commit `78e2f3d66d` with the message "Exec: tighten jq safe-bin env checks".
GitHub Advisory DatabaseAnthropic's Claude Code version 2.1.88 update accidentally included a source map file (a file that maps compiled code back to its original TypeScript source code) containing over 512,000 lines of the tool's internal code. The leak exposed details about upcoming features, AI instructions, and the system's memory architecture.