All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Flowise has a critical IDOR (insecure direct object reference, a flaw where an app trusts user input to identify which data to access without checking permissions) vulnerability in its login configuration endpoint. An attacker with a free account can modify any organization's single sign-on settings by simply specifying a different organization ID, enabling account takeover by redirecting logins to attacker-controlled credentials and bypassing enterprise license restrictions.
A mass assignment vulnerability (a type of attack where an attacker controls internal fields by sending them in a request) exists in Flowise's `/api/v1/leads` endpoint, allowing unauthenticated users to override auto-generated fields like `id`, `createdDate`, and `chatId` by including them in the request body. The vulnerability occurs because the code uses `Object.assign()` to copy all properties from user input directly into the database entity without filtering, bypassing the intended auto-generation of these fields.
London Mayor Sadiq Khan invited AI company Anthropic to expand in the city after the U.S. Pentagon designated it a supply chain risk (a label meaning the government views the company as not secure enough to work with) because Anthropic refused to give defense agencies unrestricted access to its AI tools and raised concerns about using its Claude model for mass surveillance or autonomous military targeting. The company plans to challenge the Pentagon's designation in court, and Microsoft announced it would continue using Anthropic's technology except for the U.S. Department of Defense.
Agentgateway is an open source data plane (a software layer that handles data movement for AI agents working across different frameworks) that had a security flaw in versions before 0.12.0, where user input in paths, query parameters, and headers were not properly cleaned up when converting tool requests to OpenAPI format. This lack of input validation (CWE-20, checking that data matches expected rules) could potentially be exploited, but the vulnerability has been patched.
The U.S. Department of Defense designated Anthropic (maker of Claude AI) as a supply-chain risk after the company refused to provide unrestricted access for military applications like mass surveillance and autonomous weapons. Microsoft, Google, and AWS confirmed that Claude will remain available to non-defense customers through their platforms, and the designation only restricts direct Department of Defense use, not broader commercial applications.
The article discusses how generative AI (AI systems that can create new text, images, or other content) is being rapidly integrated into many areas of life, but both supporters and critics use exaggerated language that makes it hard to understand what AI actually does and how it works. A documentary called 'The AI Doc' attempts to clarify the current state of AI development by examining perspectives from both optimistic and pessimistic viewpoints.
Flowise has a file upload vulnerability where the server only checks the `Content-Type` header (MIME type spoofing, pretending a file is one type when it's actually another) that users provide, instead of verifying what the file actually contains. Because the upload endpoint is whitelisted (allowed without authentication), an attacker can upload malicious files by claiming they're safe types like PDFs, leading to stored attacks or remote code execution (RCE, where attackers run commands on the server).
Flowise has a critical authorization bypass flaw in its `/api/v1` routes where the middleware trusts any request with the header `x-request-from: internal`, even though this header can be spoofed by any user. This allows a low-privilege authenticated tenant (someone with a valid browser cookie) to call internal administration endpoints, like API key creation and credential management, without proper permission checks, effectively escalating their privileges.
Claude, an AI chatbot made by Anthropic, is gaining users rapidly on mobile devices after the company's leadership refused to let the Pentagon use it for mass surveillance or autonomous weapons. Claude's daily active users on phones reached 11.3 million in early March, up 183% since the start of the year, and the app became the top-ranked app in the U.S. and 15 other countries, with over 1 million new sign-ups per day.
Fix: This issue has been patched in version 0.12.0. Update Agentgateway to version 0.12.0 or later to resolve the vulnerability.
NVD/CVE DatabaseAmazon announced that AWS customers can continue using Anthropic's Claude AI models for all work except Department of Defense projects, after the federal government labeled Anthropic a "supply chain risk." Anthropic says it will challenge this designation in court, and major cloud providers (Amazon, Microsoft, and Google) are helping customers transition to alternative AI models for defense-related work.
Google and Microsoft announced they will continue offering Anthropic's Claude AI models to their cloud customers for non-defense work, after the U.S. Defense Department designated Anthropic as a supply chain risk (a company that poses potential security or operational threats to government operations). The announcements came after the Trump administration instructed federal agencies to stop using Anthropic's technology, but the companies determined that non-defense projects are still permitted under this designation.
The Pentagon and AI companies are in a dispute over whether existing U.S. law allows the government to use AI to analyze bulk commercial data collected from Americans for surveillance purposes. Legal experts point out that current law has a major gap: public information, commercial data (like location and browsing records), and information accidentally collected during foreign surveillance are not legally considered "surveillance," so the government can use them without warrants or court orders, even as AI makes this surveillance much more powerful than before.
Anthropic used Claude Opus 4.6 (an advanced AI model) to test Firefox's code and discovered 22 vulnerabilities, including 14 severe ones, over two weeks. Most of these bugs have already been fixed in Firefox 148 released in February, though some fixes will come in a later update. The AI was much better at finding security problems than creating working exploits to demonstrate them.
Fix: Most vulnerabilities have been fixed in Firefox 148 (released February). A few remaining fixes will be addressed in the next release.
TechCrunch (Security)A 2025 survey of 704 IT executives found that AI is now the top concern for IT management, ahead of cybersecurity and aligning IT with business goals. While most organizations are increasing IT salaries (90.5%), fewer are hiring new IT staff (54.2%), and cost control has dropped as a priority for measuring how well IT leaders perform.
A banking group implemented a retrieval-augmented AI-powered compliance assistant (a system where AI pulls in external compliance documents to answer questions) to help with regulatory requirements while maintaining human oversight. The article identifies key challenges with this approach, including authority illusion (over-trusting the AI's answers), unclear responsibility for decisions, loss of human judgment about context, and gaps in understanding how the system works, then proposes a four-phase framework to help organizations move from passive AI assistants toward systems where AI and humans reason together.
Anthropic and the Pentagon failed to agree on how much control the military should have over Anthropic's AI models, particularly regarding use in autonomous weapons and mass surveillance, causing a $200 million contract to fall apart and leading the Pentagon to designate Anthropic a supply-chain risk (a category indicating potential security or reliability concerns). The Department of Defense then turned to OpenAI instead, which accepted the contract, though this decision led to a significant surge in ChatGPT uninstalls. The situation raises an important question about balancing national security needs with responsible AI deployment.
The UN and AI companies are debating who should control how artificial intelligence is used in military contexts, especially after the US military's use of AI in the Iran crisis. AI company Anthropic refused to remove safeguards (safety features built into their AI) that would prevent the US Department of Defense from using its technology for mass surveillance or autonomous lethal weapons (weapons that can select and fire at targets without human control), while OpenAI later agreed to work with the Pentagon despite similar concerns. The article emphasizes that decisions about military AI use raise urgent questions about democratic oversight and international controls, rather than leaving these choices solely to companies or governments.
CISOs (chief information security officers, the executives responsible for an organization's cybersecurity) and corporate boards spend only about 30 minutes per quarter discussing cyber risk, and these conversations lack depth and strategic engagement. The report found that while 95% of CISOs report to their boards regularly, most discussions are brief check-ins rather than collaborative problem-solving, and boards want better insight into emerging threats like AI-driven attacks (attacks powered by artificial intelligence).
Anthropic and other major AI companies are competing in a market where their AI models have similar performance levels, with only small quality improvements appearing every few months. In this competitive environment, Anthropic is trying to stand out by branding itself as the most ethical and trustworthy AI provider, which gives it value with both individual users and large organizations.
Anthropic lost a US Department of Defense contract after refusing to let the Pentagon use its AI models for mass surveillance or fully autonomous weapons (systems that make kill decisions without human input), while OpenAI secured the contract by agreeing to provide classified government systems with AI. The article argues this outcome may benefit Anthropic by reinforcing its brand as a trustworthy, ethical AI provider in a competitive market where different AI models perform similarly.