All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Modern cybersecurity operations face attacks that happen in seconds, overwhelming traditional human-centered defenses. CrowdStrike introduced Charlotte AI AgentWorks and Charlotte Agentic SOAR, two interconnected systems that use AI agents (autonomous software that can reason and take actions) to work alongside security analysts, automating routine tasks while keeping humans in control through oversight and guardrails.
OpenAI has shut down Sora, its AI video-generation app (software that creates realistic videos from text descriptions), less than two years after launch, to focus on other projects like robotics and autonomous AI agents. The closure ends both the consumer app and professional platform, though image-making tools in ChatGPT remain unaffected. Disney, which had recently licensed its intellectual property (creative works and characters owned by a company) to Sora in a landmark deal, said it will now explore partnerships with other AI platforms.
OpenAI abruptly shut down Sora, its AI video generator tool (software that creates realistic videos from text descriptions), just six months after launching it as a standalone app in 2024. The company announced the closure on social media, thanking users who created and shared videos with the platform.
OpenAI shut down its Sora app, a tool that let users generate short videos (create videos from text descriptions) and remix videos from other users, just six months after launching it despite reaching one million downloads. The company is cutting costs to justify its $730 billion valuation and focus on high-productivity business uses, particularly competing in the enterprise (business) market rather than consumer applications.
CVE-2026-24158 is a vulnerability in NVIDIA Triton Inference Server's HTTP endpoint that allows attackers to cause a denial of service (temporarily making a service unavailable) by sending a large compressed payload. The vulnerability stems from improper memory allocation (CWE-789, where a system reserves too much memory based on untrusted input).
NVIDIA Model Optimizer for Windows and Linux has a vulnerability in its ONNX quantization feature (a technique that makes AI models smaller and faster by reducing precision) where unsafe deserialization (unsafely converting data from a file into program objects) can occur when a user provides a specially crafted input file. A successful attack could allow an attacker to execute code, gain higher privileges, change data, or steal information.
NVIDIA Triton Inference Server has a vulnerability (CVE-2025-33254) where an attacker can corrupt internal state, a condition that occurs when data becomes inconsistent or broken, potentially causing a denial of service (making a service unavailable to legitimate users). The vulnerability is caused by a race condition (a bug that happens when multiple processes access shared data at the same time without proper coordination).
NVIDIA APEX for Linux has a vulnerability where attackers can deserialize untrusted data (process data from untrusted sources, potentially running malicious code hidden in that data), affecting PyTorch versions earlier than 2.6. A successful attack could allow code execution, denial of service (making a system unavailable), privilege escalation (gaining higher access levels), data tampering, and information disclosure.
CVE-2025-33238 is a vulnerability in NVIDIA Triton Inference Server's Sagemaker HTTP server that allows an attacker to trigger an exception, potentially causing a denial of service (DoS, where a system becomes unavailable to legitimate users). The underlying issue involves a race condition (a timing flaw when multiple processes access shared resources without proper protection).
OpenAI has discontinued Sora, its video generation tool (AI that creates videos from text descriptions), along with the standalone app and developer API access that launched in late 2024. This shutdown affects a major licensing deal with Disney announced just months earlier, in which Disney had agreed to invest $1 billion in OpenAI.
Arm, a UK chip design company, is manufacturing its first CPU (central processing unit, the main processor in a computer) called the Arm AGI CPU, designed specifically for inference (running AI models in the cloud). Meta will be the first customer, using this chip in its data centers alongside processors from other companies like Nvidia and AMD to power AI tools.
Wallos, an open-source tool for tracking subscriptions that users can run on their own servers, had incomplete security protections in versions before 4.7.0. A logged-in attacker could bypass these protections by sending specially crafted web addresses to three different features (AI Ollama settings, AI recommendations, and notification scheduling), allowing them to reach internal systems or cloud configuration services they shouldn't access.
OpenAI has launched a Safety Bug Bounty program to identify AI abuse and safety risks in its products, complementing its existing Security Bug Bounty program. The new program focuses on issues like prompt injection (tricking an AI by hiding instructions in its input) that hijacks AI agents to perform harmful actions, unauthorized feature access, and proprietary information leaks, even if they don't qualify as traditional security vulnerabilities. Researchers can submit reports on reproducible safety issues that pose plausible and material harm to users.
Anthropic introduced auto mode for Claude Code, a new permissions system where Claude automatically decides whether to allow actions with safeguards in place. A separate classifier model (Claude Sonnet 4.6) reviews each action before it runs to block requests that go beyond the task scope, target untrusted infrastructure, or appear malicious, using customizable default filters that cover allowed operations like read-only requests and local file work, while blocking risky actions like force-pushing to git repositories or executing external code.
The Cloud Security Alliance has created a new nonprofit organization called the CSAI Foundation to help manage and secure autonomous AI agents (AI systems that can make decisions and take actions on their own). The foundation will use risk intelligence (methods to identify and understand potential dangers) and certification (official verification of safety standards) to govern these AI ecosystems.
Baltimore has become the first major U.S. city to sue Elon Musk's xAI over its Grok image generator, which can create deepfakes (AI-manipulated videos or images that realistically fake someone's appearance or actions) of non-consensual sexual content involving women and children. The lawsuit claims xAI violated consumer protection laws by marketing Grok and X as safe while allowing mass creation of non-consenting intimate images (sexually explicit content created without permission) and child sexual abuse material. Baltimore is asking the court to force xAI to stop targeting its residents, redesign its platforms to prevent exploitation, and change its marketing practices.
Anthropic, an AI company, is suing the US Department of Defense in federal court to challenge a ban on government use of its Claude AI chatbot after the company refused to allow the technology to be used in autonomous weapons systems (machines that can make lethal decisions without human control) and mass surveillance. The Defense Secretary declared Anthropic a supply chain risk (a company considered unsafe to do business with), which the company argues will cause massive financial and business harm.
Baltimore's mayor and city council sued Elon Musk's xAI company, claiming that its Grok chatbot (an AI assistant designed for general conversation) violated consumer protection laws by creating nonconsensual sexualized images. The lawsuit argues that xAI deceptively marketed Grok and its platform X without disclosing the risks and potential harms users could face.
Agentic AI systems (AI that can independently take actions rather than just make suggestions) are becoming more powerful by gaining direct access to computer systems, creating new governance challenges. The article uses OpenClaw as a case study to illustrate why better oversight and control mechanisms are needed as these autonomous systems become more capable and integrated into real-world operations.
A subscriber-only eBook discusses whether society is adequately prepared for the growing autonomy being given to AI agents, featuring expert perspectives on potential risks. The content suggests that continuing on the current development path without proper safeguards could pose serious existential concerns.
Fix: Update to version 4.7.0, which patches this vulnerability.
NVD/CVE Database