All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
An Anthropic employee accidentally exposed the source code for Claude Code (an AI programming tool) by leaving a source map file (.map file, a debugging file that translates minified code back to human-readable form) in a package published on npm (a registry where developers share code). This is a security risk because hackers can use source maps to understand how the code works, find vulnerabilities, and potentially steal secrets like API keys that might be hidden in the code.
Fix: According to secure coding trainer Tanya Janca, developers should: (1) disable source maps in the build/bundler tool; (2) add the .map files to the .npmignore or package.json files field to explicitly exclude them, even if generated during the build by accident; and (3) exclude them from production. Anthropic stated they are 'rolling out measures to prevent this from happening again,' though specific details are not provided in the source.
CSO OnlineGradient Labs has built an AI system that acts as a dedicated account manager for bank customers, handling complex issues like fraud and blocked payments by following strict procedures. The system uses OpenAI models (specifically GPT-5.4 mini and nano for production) and includes 15+ guardrail systems (safety checks running in parallel) to ensure conversations stay compliant and accurate, achieving 97% trajectory accuracy (following the correct procedure path from start to finish) compared to competitors at 88%.
TorchGeo versions 0.4–0.6.0 had a critical vulnerability where the `eval` function (a Python function that executes code from text input) was used in the model weight API, allowing attackers to run arbitrary commands on systems using the library. Any platform exposing TorchGeo's get_weight() or trainers functions publicly was at risk.
OpenClaw had a vulnerability in its SSRF guard (a security check that blocks requests to internal network addresses), which incorrectly classified certain IPv6 special-use ranges (reserved address groups in the newer internet protocol) as public. This allowed attackers to potentially access internal or non-routable addresses that should have been blocked.
OpenClaw's host environment sanitization (a security check that removes dangerous settings before running code) was missing protections for two environment variables: `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE`. An attacker could exploit this by approving a code execution request that redirects git or AWS tools to attacker-controlled files, allowing them to run untrusted code or steal credentials.
OpenClaw's jq safe-bin policy had a security flaw where it blocked direct `env` commands but still allowed access to environment variables through the `$ENV` filter, potentially letting approved commands leak sensitive environment data. This vulnerability affected versions up to 2026.3.24 in the file `src/infra/exec-safe-bin-semantics.ts` (the code that enforces safe command restrictions).
The Claude SDK for Python (versions 0.86.0 to 0.86.x) had a vulnerability in its async local filesystem memory tool where the system checked that file paths were safe but then used an unresolved path, allowing an attacker to redirect file operations outside the intended sandbox (a restricted storage area) using symlinks (shortcuts to other files or directories). The synchronous (non-async) version of this tool was not affected.
The Claude SDK for TypeScript had a security flaw in its filesystem memory tool (a feature that lets AI models read and write files) where path validation was incomplete, allowing an attacker using prompt injection (tricking the AI with hidden instructions in its input) to access files outside the intended sandbox directory. This vulnerability affected versions 0.79.0 through 0.80.x and could let attackers read or modify files they shouldn't have access to.
The Claude SDK for Python (a library that lets Python programs use Claude AI) had a security flaw in versions 0.86.0 through 0.87.0 where memory files were created with overly permissive access controls (mode 0o666, meaning world-readable and world-writable permissions). On shared computers or in Docker containers, attackers could read the stored state of AI agents or modify memory files to change how the model behaves.
OpenAI, the company behind ChatGPT, completed a $122 billion funding round and reached a valuation of $852 billion, making it one of the world's most valuable private companies. The funding came from major tech companies like Amazon, Nvidia, and SoftBank, along with individual investors, and reflects the rapid growth in the AI industry.
Claude AI helped discover remote code execution (RCE, where attackers can run commands on a system they don't own) vulnerabilities in Vim and GNU Emacs text editors that trigger simply by opening a malicious file. In Vim, the issue involved improper security checks in modeline handling (special instructions at the start of a file), while in GNU Emacs, the vulnerability exploits automatic Git operations that run user-defined programs from untrusted configuration files.
This is a brief announcement about datasette-llm version 0.1a4, posted by Simon Willison on March 31, 2026. The content primarily promotes a monthly sponsorship option for curated LLM (large language model) news digests rather than discussing technical details, vulnerabilities, or features of the software itself.
OpenAI closed a record $122 billion funding round, valuing the company at $852 billion, with major investors including SoftBank, Amazon, and Nvidia. The company, which launched ChatGPT in 2022, now has over 900 million weekly active users and generates $2 billion in monthly revenue, though it is not yet profitable. OpenAI is preparing for a potential IPO while reducing spending on certain projects like its video app Sora.
ChatGPT is now available on Apple's CarPlay (Apple's in-car interface) if you have iOS 26.4 or newer and the latest ChatGPT app version. Users can only interact with ChatGPT through voice commands on CarPlay, not text, because Apple's guidelines restrict apps from displaying text or images as responses on the platform.
Anthropic, a major AI company, accidentally leaked part of the internal source code for Claude Code, its popular coding assistant tool, due to a packaging error. The company confirmed no customer data or credentials were exposed, but the leak could help competitors understand how the tool was built. Anthropic stated it is rolling out measures to prevent this from happening again.
The llm-all-models-async 0.1 plugin allows synchronous (blocking) AI models from LLM plugins to work as asynchronous (non-blocking) models by running them in a thread pool (a group of worker threads that handle tasks in parallel). This solves a compatibility problem where Datasette, which only supports async models, couldn't use sync-only plugins like llm-mrchatterbox.
Attackers compromised the npm account of Axios' lead maintainer and published malicious versions (axios@1.14.1 and axios@0.30.4) containing a remote access trojan (malware that gives attackers control over infected computers). The attack was detected within minutes and packages were removed within 2-3 hours, but the damage was significant because Axios receives roughly 100 million downloads per week and is used in 80% of cloud and code environments.
Fix: The source describes Gradient Labs' approach to ensuring reliability rather than discussing a fix to a problem: they replay real customer conversations to compare system behavior against expected procedures, generate synthetic conversations to test edge cases before deployment, and give teams control over how the system is introduced by analyzing historical support data to map customer issue types.
OpenAI BlogAnthropic accidentally leaked the closed-source code for Claude Code when they published version 2.1.88 on NPM, which included a 60 MB source map file (a debugging file that links compiled code back to original source code) containing approximately 1,900 files and 500,000 lines of code. Anthropic confirmed no customer data or credentials were exposed and stated this was a human error in release packaging, not a security breach. The company is also investigating a separate bug where Claude Code users are hitting usage limits much faster than expected.
Fix: Anthropic stated they are 'rolling out measures to prevent this from happening again.' The company has also begun issuing DMCA infringement notifications to take down the leaked source code where possible online.
BleepingComputerFix: The `eval` statement was replaced with a fixed enum lookup (a safer way to match input to predefined options). Users are encouraged to upgrade to TorchGeo 0.6.1 or newer. For unpatched versions, input validation and sanitization (checking and cleaning user input before processing) can be used to avoid the vulnerability.
GitHub Advisory DatabaseGoogle Dawn has a use-after-free vulnerability (a bug where software tries to use memory that has already been freed), which could let a remote attacker run arbitrary code on affected systems through a malicious HTML page. This affects multiple Chromium-based browsers including Chrome, Edge, and Opera, and is currently being exploited by attackers.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. For more information, see the Chrome releases blog and the NVD vulnerability database (links provided in source).
CISA Known Exploited VulnerabilitiesFix: Update OpenClaw to version 2026.3.28 or later. The fix was implemented in commit d61f8e5672 with the change "Net: block missing IPv6 special-use ranges."
GitHub Advisory DatabaseFix: Upgrade to OpenClaw version 2026.3.28 or later. The fix was implemented in commit `6eb82fba3c` titled 'Infra: block additional host exec env keys', which adds `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` to the blocklist in `src/infra/host-env-security-policy.json` and `src/infra/host-env-security.ts`.
GitHub Advisory DatabaseFix: Update to version 2026.3.28 or later. The fix was implemented in commit `78e2f3d66d` with the message "Exec: tighten jq safe-bin env checks".
GitHub Advisory DatabaseAnthropic's Claude Code version 2.1.88 update accidentally included a source map file (a file that maps compiled code back to its original TypeScript source code) containing over 512,000 lines of the tool's internal code. The leak exposed details about upcoming features, AI instructions, and the system's memory architecture.
Fix: Update to version 0.87.0 or later, where this issue has been patched.
NVD/CVE DatabaseFix: Update the Anthropic TypeScript SDK to version 0.81.0 or later, where this issue has been patched.
NVD/CVE DatabaseFix: This issue has been patched in version 0.87.0. Update the Claude SDK for Python to version 0.87.0 or later.
NVD/CVE DatabaseFix: For Vim: A patch was released in version 9.2.0272 that addresses the vulnerability (all versions 9.2.0271 and earlier are affected). For GNU Emacs: The maintainers have not patched the issue, but the researcher suggested that GNU Emacs could modify Git calls to explicitly block 'core.fsmonitor' to prevent dangerous scripts from executing automatically. Until a patch is released, users are advised to exercise caution when opening files from unknown sources or downloaded online.
BleepingComputerFix: Anthropic spokesperson stated: "We're rolling out measures to prevent this from happening again." However, no specific technical measures, patches, or implementation details are described in the source text.
CNBC Technology