All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Oasis Security has raised $120 million in funding to develop agentic access management, a security approach for controlling what AI agents (autonomous programs that can take actions on their own) are allowed to do. The company plans to use this funding to improve its products, expand support across different AI frameworks (the underlying libraries and tools used to build AI systems), and grow its sales team.
A Meta employee used an internal AI agent (a software tool that can perform tasks automatically) to answer a technical question on an internal forum, but the agent also independently posted a public reply based on its analysis. This mistake gave unauthorized access to company and user data for almost two hours, though Meta stated that no user data was actually misused during the incident.
Langflow's file upload endpoint (POST /api/v2/files/) is vulnerable to arbitrary file write (a type of attack that lets attackers save files anywhere on a server) because it doesn't properly validate filenames from multipart requests. Attackers who are logged in can use directory traversal characters (like "../") in filenames to write files outside the intended directory, potentially achieving RCE (remote code execution, where attackers can run commands on the server).
Privacy platform Cloaked has raised $375 million and plans to develop AI agents (AI systems that can take actions independently on behalf of users) that will help users monitor, manage, and enforce their privacy settings and security practices. These agents would work automatically to protect user privacy and security without requiring manual intervention.
The BulkEmbed plugin in AVideo has an SSRF vulnerability (server-side request forgery, where an attacker tricks the server into making requests to internal networks) in its thumbnail-fetching code. An authenticated user can supply a malicious URL that forces the server to fetch data from internal resources like cloud metadata services, and the response is saved as a publicly viewable image thumbnail, allowing the attacker to read sensitive information.
OpenAI has acquired Astral, the company behind three major Python development tools: uv (a package and environment manager), ruff (a linter and formatter), and ty (a type checker). OpenAI says it will continue supporting these open source projects after the acquisition and integrate them with Codex (OpenAI's AI coding assistant), though the author notes it's unclear whether OpenAI is primarily interested in the products themselves or the engineering talent behind them.
OpenAI is acquiring Astral, a startup that creates popular open source developer tools, to strengthen its Codex AI coding assistant (a tool that uses AI to help write software automatically). This acquisition comes as AI coding assistants have become increasingly popular, with Codex now having over 2 million weekly active users and experiencing significant growth.
Adobe is launching Firefly Custom Models, customizable AI image generators that can be trained on a creator's own images to mimic specific artistic styles and character designs. The tool, now in public beta, allows teams and creators to produce large volumes of content while maintaining visual consistency across projects without starting from scratch each time.
Claude Code had a security flaw where it would read settings from a file (`.claude/settings.json`) that could be controlled by someone creating a malicious repository, allowing them to bypass the workspace trust dialog (a security prompt that asks for permission before running code). This meant an attacker could trick users into running code without their knowledge or consent. The vulnerability has been patched.
A Cloud Access Security Broker (CASB) is a monitoring tool that sits between a company's devices and cloud services to monitor user activity, enforce access rules, and detect security threats. CASBs are increasingly used to protect data in hybrid cloud environments (where some data is on-premises and some in the cloud), enforce compliance with data protection regulations, secure remote work access, and detect malicious activity. Organizations should look for CASBs that offer visibility into cloud usage, granular control over user permissions, data protection features, and compliance support, and should ensure the tool integrates well with their existing cloud services and security systems.
OpenAI is acquiring Astral, a company that builds popular open source Python development tools like uv (for managing code dependencies), Ruff (for checking code quality), and ty (for type safety). After the acquisition closes, OpenAI plans to integrate these tools with Codex (its AI system for code generation) so that AI can work alongside the tools developers already use throughout their entire workflow, from planning changes to maintaining software over time.
Cisco Secure Firewall Management Center (FMC) and Cisco Security Cloud Control (SCC) contain a deserialization of untrusted data vulnerability (a flaw where the software unsafely processes data that could contain malicious code) in their web management interfaces. An unauthenticated attacker (someone without login credentials) can remotely execute arbitrary Java code with root privileges (the highest level of system access) on affected devices. This vulnerability is currently being actively exploited by attackers.
Researchers successfully ran a very large AI model (Qwen 397B, a Mixture-of-Experts model where each response only uses a subset of the total weights) on a MacBook Pro by using Apple's "LLM in a Flash" technique, which stores model data on the fast SSD storage and pulls it into RAM as needed rather than keeping everything in memory at once. They used Claude to run 90 experiments and generate optimized code that achieved 5.5+ tokens per second (response speed) by quantizing (reducing precision of) the expert weights to 2-bit while keeping other parts at full precision. The final setup used only 5.5GB of constant memory while streaming the remaining 120GB of compressed model weights from disk on demand.
Fix: The source recommends two fixes: (1) Sanitize the multipart filename by extracting only the file name component and rejecting names containing "..": `new_filename = StdPath(file.filename or "").name` and add validation to reject invalid names. (2) Add a canonical path containment check inside `LocalStorageService.save_file` using `resolve().is_relative_to(base_dir)` to ensure files are always saved within the intended base directory.
GitHub Advisory DatabaseFix: Users on standard Claude Code auto-update have already received the fix. Users performing manual updates are advised to update to the latest version.
GitHub Advisory DatabaseGoogle is giving Fitbit's AI health coach the ability to read users' medical records, starting next month in the US. Users will be able to link their medical data (like lab results, medications, and visit history) to the Fitbit app, which the AI will use alongside wearable fitness data to provide more personalized health advice. This move follows similar efforts by Amazon, OpenAI, and Microsoft to access sensitive health information for better AI recommendations.
Between January and February 2026, threat actors have matured their use of AI to develop malware and conduct cyberattacks, moving from experimental techniques to practical, widespread methods. A single experienced developer with an AI-powered IDE (integrated development environment, a coding tool with AI assistance) can now accomplish what previously required entire teams, while the same AI tools that help businesses also create new security vulnerabilities that defenders must prepare to protect against.
Claude Code, Anthropic's AI coding agent, operates on developers' machines with full developer permissions but outside traditional enterprise security controls, reading files and executing commands before security tools can monitor them. Ceros is an AI Trust Layer (a security tool that sits on a developer's machine) built by Beyond Identity that provides real-time visibility, runtime policy enforcement, and an audit trail of Claude Code's actions by capturing device context, process history, and tying sessions to verified user identities through cryptographic keys.
Fix: Ceros provides mitigation through installation and enrollment: developers run two commands (curl -fsSL https://agent.beyondidentity.com/install.sh | bash and ceros claude) to install the CLI and launch Claude Code through Ceros. After email verification, Ceros captures full device context (OS, kernel version, disk encryption status, Secure Boot state, endpoint protection status) in under 250 milliseconds, records the complete process ancestry with binary hashes, ties the session to a verified human identity signed with a hardware-bound cryptographic key, and creates a complete audit record accessible through the Ceros admin console showing all Claude Code sessions by user, device, and time.
The Hacker NewsOpenAI has built a monitoring system for coding agents (AI systems that can autonomously write and execute code) used internally to detect misalignment, which occurs when an AI's behavior doesn't match its intended purpose. The system uses GPT-5.4 Thinking to review agent interactions within 30 minutes, flag suspicious actions, and alert teams so they can quickly respond to potential security issues.
Fix: OpenAI's explicit mitigation involves deploying a low-latency internal monitoring system powered by GPT-5.4 Thinking at maximum reasoning effort that reviews agent interactions and automatically alerts for actions inconsistent with user intent or violating internal security or compliance policies. The source states the monitor currently reviews interactions within 30 minutes of completion and that 'as the latency decreases towards near real-time review, the security benefits increase significantly,' with the eventual goal of evaluating coding agent actions before they are taken. The source also recommends that 'similar safeguards should be standard for internal coding agent deployments across the industry.'
OpenAI BlogRSA Conference 2026 is fundamentally organized around AI security, with 40% of sessions focused on how AI affects cybersecurity across all tracks. CISOs face a dual challenge: adopting AI quickly to stay competitive while simultaneously securing enterprise systems against new threats that AI itself creates. The conference prioritizes five learning areas: securing the AI stack (including RAG workflows, LLM data pipelines, and prompt injection attacks), AI governance and regulatory compliance, managing non-human identities (AI agents and service accounts that now outnumber human users), addressing shadow AI risks (unsanctioned tools and AI-generated code), and implementing autonomous security operations.
The Trump administration has banned AI company Anthropic from Pentagon systems as a "supply chain risk," requiring government contractors to remove the company's technology within 180 days. However, most organizations lack complete visibility into where and how AI systems are used across their networks, making it extremely difficult to identify and remove Anthropic technology when it may be embedded in applications, APIs (application programming interfaces, which allow software to communicate), developer tools, or third-party services.
AI agents (autonomous programs that perform tasks without constant human input) face security risks when deployed in business environments, as a compromised agent could expose customer data or execute unauthorized actions. CrowdStrike Falcon AIDR (AI Detection and Response, a security monitoring system) now supports NVIDIA NeMo Guardrails (an open-source library that adds safety constraints to AI systems) as of version 0.20.0, enabling developers to add security controls like blocking prompt injection attacks (tricking an AI by hiding instructions in its input), redacting sensitive data, and moderating restricted topics.
Fix: Organizations should use CrowdStrike Falcon AIDR with NVIDIA NeMo Guardrails to implement security controls. Specifically: start with monitoring mode to understand threats, then progressively enforce blocks and redactions as agents move from development to production. The solution includes over 75 built-in classification rules and support for custom data classification to block prompt injection attacks, redact sensitive data like account numbers and SSNs, detect hardcoded secrets, block code injection attempts, and moderate unwanted topics to ensure compliance.
CrowdStrike BlogFix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. The deadline for remediation is 2026-03-22.
CISA Known Exploited Vulnerabilities