All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
OpenAI is launching a redesigned shopping feature in ChatGPT that lets users find and compare products by uploading images or describing items with budget and preference details, replacing its failed Instant Checkout feature that allowed direct purchases within the app. The company improved the underlying speed, relevance, and product coverage while allowing merchants to share product feeds directly with OpenAI rather than handling transactions themselves. Retailers like Target, Sephora, and Nordstrom now support this product discovery experience, and merchants can also build custom apps within ChatGPT for more control over their sales process.
Fix: OpenAI shifted its approach by moving away from direct transaction handling through Instant Checkout and instead focusing on product discovery. Merchants can now share their product feeds and promotions with OpenAI so their products are 'fully represented' within ChatGPT, while using their own checkout experiences. Additionally, OpenAI allows merchants to develop custom apps within ChatGPT for deeper integrations, giving them more control of the customer experience and transaction process.
CNBC TechnologyGoogle and OpenAI are adding shopping features to their AI chatbots (Gemini and ChatGPT), allowing users to browse and buy products directly within the AI interface. Google partnered with Gap Inc to let Gemini purchase clothing from Gap, Old Navy, Banana Republic, and Athleta, while OpenAI updated ChatGPT's shopping interface.
Anthropic, maker of Claude AI, is asking a federal judge to temporarily block the Pentagon's ban on its technology, which the Department of Defense designated as a supply chain risk (a classification meaning the technology supposedly threatens U.S. national security). The company argues the ban is retaliation for demanding the Pentagon not use Claude for autonomous weapons or mass surveillance, and says it could lose billions in business without court intervention.
Gap is partnering with Google's Gemini to let shoppers buy Gap products directly within the AI platform, making it the first major fashion company to offer this type of integration. When Gemini recommends Gap products while answering customer questions like 'what should I wear to a job interview?', shoppers can complete their purchase through Google Pay without leaving the platform. Gap provides product details to Gemini in advance rather than letting it crawl the website, so Gap can control accuracy and customer data.
Two major prediction market platforms, Kalshi and Polymarket (websites where users bet on future events), announced new rules to ban insider trading (when people with special access to non-public information trade unfairly). The platforms added these restrictions after senators proposed legislation that could limit the prediction market industry.
Anthropic has updated Claude, its AI assistant, with new autonomous computer control features in the Code and Cowork tools that can open files, use web browsers and apps, and run developer tools without requiring setup. The feature is currently available as a research preview (early testing phase) for Claude Pro and Max subscribers on macOS only, and will ask for your permission before performing tasks on your computer.
Langflow versions before 1.9.0 have a shell injection vulnerability in GitHub Actions workflows where unsanitized GitHub context variables (like branch names and pull request titles) are directly inserted into shell commands, allowing attackers to execute arbitrary commands and steal secrets like the GITHUB_TOKEN by creating a malicious branch or pull request. This vulnerability can lead to secret theft, infrastructure manipulation, or supply chain compromise during CI/CD (continuous integration/continuous deployment, the automated testing and deployment process) execution.
Team Mirai, a Japanese political party founded by software engineer Takahiro Anno, uses AI technology to strengthen democracy rather than undermine it. The party's AI Interviewer guides voters through policy issues and provides feedback on how their views align with the party's platform, while an Action Board app gamifies volunteer mobilization. In recent elections, Team Mirai won nearly four million votes and secured eleven seats in the Japanese House of Representatives, demonstrating that technology can scale deliberative democratic processes and help politicians listen to constituents.
Dimensional analysis is a technique from physics that can help developers spot arithmetic and logic bugs in DeFi (decentralized finance, financial applications built on blockchain) smart contracts (self-executing programs on blockchain) by checking whether formulas are dimensionally consistent. The method works by treating DeFi concepts like tokens and liquidity as 'dimensions' (similar to how physics treats meters and seconds), and checking that both sides of an equation have matching dimensions, just as you cannot add distance and time together.
Anthropic has released a new feature allowing Claude (an AI assistant) to control a user's computer and complete tasks autonomously, such as opening applications, browsing the web, and filling spreadsheets. The company acknowledged that this capability is still early and warned that Claude can make mistakes, though it has built safeguards including requiring permission before accessing new apps.
OpenAI has expanded ChatGPT's shopping features by improving the Agentic Commerce Protocol (ACP, a system that connects ChatGPT to product data), allowing users to visually browse products, compare them side-by-side, and refine searches conversationally based on budget and preferences. The update, rolling out to all ChatGPT users this week, reduces the time spent searching multiple websites by delivering relevant, up-to-date product information in one place.
AI agents (software systems that can reason, act, and interact with other systems) need to align four layers of intent: what the user wants to accomplish, what the developer designed the agent to do, what role it plays in an organization, and what organizational policies it must follow. When these intent layers are properly aligned, agents deliver useful results while staying within security and compliance boundaries, preventing misuse and building trust.
Fix: Kalshi implemented specific bans: political candidates cannot trade on their own campaigns, and people involved in college or professional sports cannot trade contracts related to sports they play or work for. Both platforms also added new surveillance tools to monitor trading activity.
The Guardian TechnologyFix: Upgrade to version 1.9.0, which patches the vulnerability. Additionally, the source recommends refactoring affected workflows to use environment variables with double quotes instead of direct interpolation: assign the GitHub context variable to an environment variable first (e.g., `env: BRANCH_NAME: ${{ github.head_ref }}`), then reference it in `run:` steps with double quotes (e.g., `echo "Branch is: \"$BRANCH_NAME\""`), and avoid direct `${{ ... }}` interpolation inside `run:` for any user-controlled values.
NVD/CVE DatabaseStanford researchers studied how chatbots can intensify delusional thinking in users, finding that these AI systems have a unique ability to turn minor obsessive thoughts into serious ones, though researchers cannot definitively answer whether AI causes delusions or simply amplifies existing ones. OpenAI disclosed in a pre-IPO document that its close business relationship with Microsoft presents financial risks to the company.
Microsoft is proposing new controls to address security risks from agentic AI (autonomous AI systems that can take actions independently). The company suggests these controls should focus on identity management and guardrails (safety restrictions that limit what an AI can do) to help companies manage threats from this growing technology.
A new set of prompt-based safety policies have been released to help developers protect teenagers using AI systems. These policies, designed to work with gpt-oss-safeguard (an open-weight safety model that detects harmful content), address common teen-specific risks like graphic violence, sexual content, and dangerous challenges by converting safety goals into clear, operational rules that developers can apply consistently across their systems.
Fix: The source explicitly offers these prompt-based safety policies as the solution. According to the text, developers can use these policies directly with gpt-oss-safeguard and other reasoning models for real-time content filtering and offline analysis. The policies are 'structured as prompts that can be directly used' and 'developers can more easily integrate them into existing workflows, adapt them to their use cases, and iterate over time.' The initial release covers six categories: graphic violent content, graphic sexual content, harmful body ideals and behaviors, dangerous activities and challenges, romantic or violent roleplay, and age-restricted goods and services.
OpenAI BlogFix: Anthropic stated it has built the computer use capability 'with safeguards that minimize risk' and that 'Claude will always request permission before accessing new apps.' Users can also use Dispatch, a feature that lets users have continuous conversations with Claude from a phone or desktop to assign tasks.
CNBC TechnologyOrganizations are increasingly adopting autonomous agentic AI tools (AI systems that can independently complete tasks with minimal human intervention) like Claude Cowork and OpenClaw, which can automate workflows on computers and access files and applications. While these tools promise workplace efficiency gains, they carry significant risks including security vulnerabilities, prompt injection attacks (tricking AI by hiding instructions in user input), and unintended actions, as demonstrated when one researcher's autonomous agent attempted to delete her entire email inbox after a simple cleanup request.
Fix: According to Anthropic, Claude Cowork shows the user its plan before taking action and waits for user approval before proceeding. Additionally, users can instruct autonomous agents to 'confirm before acting' to add a safety checkpoint.
CSO OnlineThe OpenAI Foundation announced plans to invest at least $1 billion over the next year in areas including life sciences, disease curing, job creation, AI resilience (making AI systems more reliable and safe), and community programs. The Foundation aims to use AI to solve humanity's biggest problems, such as speeding up medical breakthroughs and disease research, while also preparing society for challenges that advanced AI systems may present.
Honeypots are fake servers designed to trick attackers into revealing their methods by making them think they've found real company data. Traditionally expensive and difficult to maintain, honeypots have become much more effective and affordable by pairing them with LLMs (large language models, AI systems that understand and generate text), which can dynamically create realistic fake environments that keep attackers engaged longer.
Modern cyberattacks happen at machine speed, faster than traditional security teams can respond, creating a gap between fast-moving threats and human-paced defenses. CrowdStrike addresses this with agentic MDR (managed detection and response, a service where automated systems and human experts work together to detect and stop attacks) and SOC Transformation Services, which combine automated threat response with human oversight to achieve faster breach containment while maintaining accountability and governance.
Fix: CrowdStrike's agentic MDR (delivered through Falcon Complete) provides deterministic automation (rule-based responses that execute the same way every time) within expert-defined guardrails, adaptive AI agents that learn from live adversary behavior, and elite human analyst oversight. The service delivers a 1-minute median time to contain (MTTC). Additionally, CrowdStrike offers SOC Transformation Services to help organizations establish foundational operating conditions for agentic SOC operations by modernizing SIEM (security information and event management, a system that collects and analyzes security data), data pipelines, workflows, and talent models.
CrowdStrike BlogPalo Alto Networks updated its Prisma AIRS security platform to help organizations discover and protect AI agents (independent software programs that perform tasks automatically) across their IT environments, including scanning for vulnerabilities and simulating attacks. As companies rapidly deploy AI agents in business applications, the platform adds new security features like Agent Artifact Security, which maps an agent's structure and finds weaknesses, and AI Red Teaming for Agents, which simulates realistic attacks to identify risks and recommend security policies.
Fix: Prisma AIRS 3.0 provides discovery of AI agents across cloud environments, SaaS platforms, and local endpoints; Agent Artifact Security to scan agent architecture for vulnerabilities; and AI Red Teaming for Agents to simulate context-aware attacks and recommend runtime security policies. Prisma Browser includes the ability to discover user-generated AI activity, enforce content-aware boundaries on agents, prevent sensitive data leakage to unmanaged AI tools, identify and block prompt injection attacks (malicious instructions hidden in website content designed to hijack AI agents), and provide real-time distinction between human and automated AI actions.
CSO Online