All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Anthropic discovered that three Chinese AI companies (DeepSeek, Moonshot AI, and MiniMax) ran large-scale attacks using over 16 million fraudulent queries to copy Claude's capabilities through distillation (training a weaker AI model by learning from outputs of a stronger one). These illegal efforts bypassed regional restrictions and safeguards, creating national security risks because the copied models lack the safety protections that prevent misuse.
Fix: Anthropic said it has built several classifiers and behavioral fingerprinting systems (tools that detect suspicious patterns in how the AI is being used) to identify suspicious activity and counter these attacks.
The Hacker NewsA Russian-speaking hacker used commercial generative AI services (AI systems that create new content based on patterns in training data) to compromise over 600 Fortinet Fortigate firewalls and steal credentials from hundreds of organizations. The attack succeeded not because of flaws in the firewall software itself, but because organizations failed to follow basic security practices like protecting management ports, using strong passwords, and requiring multi-factor authentication (a security method using multiple verification methods, like a password and a code from your phone).
Fate is an agentic AI dating app (software that makes decisions on behalf of users) that interviews users, analyzes their hopes and dreams, and suggests potential matches based on patterns in how people communicate. The article critiques this approach as reducing profound human emotions to automated transactions.
Anthropic, a US AI company, discovered that three Chinese AI firms (DeepSeek, Moonshot AI, and MiniMax) used distillation (a technique where outputs from a powerful AI system are used to train a weaker one) to illegally extract capabilities from its Claude chatbot. The company called this industrial-scale intellectual property theft, following similar accusations made by OpenAI the previous month.
A security vulnerability exists in the `MarkdownRenderer.jsx` component where it uses `dangerouslySetInnerHTML` (a React feature that directly inserts HTML code without filtering) to display content generated by the AI model, allowing XSS (cross-site scripting, where attackers inject malicious code that runs in a user's browser). This means if the model outputs code containing `<script>` tags, those scripts will execute automatically, potentially redirecting users or performing other harmful actions, and the problem persists even after closing the chat because the malicious script gets saved in the chat history.
Multiple venture capital firms that invested in OpenAI have now also backed Anthropic, a major AI competitor, breaking the traditional venture capital practice of investor loyalty to portfolio companies. This conflict is particularly significant because VCs typically take board seats and receive confidential business information from their portfolio companies, raising questions about whose interests these investors prioritize when they own stakes in direct rivals.
IBM's stock fell 11% after Anthropic announced that its Claude AI model can now automate COBOL (a decades-old programming language used in banking and business systems) modernization work, which is a core part of IBM's business. Claude can map dependencies, document workflows, and identify risks in old code much faster than human analysts, potentially making IBM's COBOL-related services less valuable.
A Russian-speaking hacker used generative AI (software that creates text and code) to break into over 600 FortiGate firewalls, which are security devices that protect networks. The attacker stole login credentials and backup files, likely to prepare for ransomware attacks (malware that locks up data until victims pay money).
Michael Gerstenhaber, a Google Cloud VP overseeing Vertex (a platform for deploying enterprise AI), describes how AI models are advancing along three distinct frontiers: raw intelligence (accuracy and capability), response time (latency, or how quickly the model answers), and cost-efficiency (whether a model can run reliably at massive, unpredictable scale). Different use cases prioritize these frontiers differently—for example, code generation prioritizes intelligence even if it takes time, customer support prioritizes speed within a latency budget, and large-scale content moderation prioritizes cost-effectiveness at infinite scale.
This article discusses concerns about AI posing a threat to cybersecurity companies, which has caused their stock prices to decline. However, the piece argues against abandoning investments in these companies despite these concerns.
OpenAI has announced the 'Frontier Alliance,' a partnership with four major consulting firms (Boston Consulting Group, McKinsey, Accenture, and Capgemini) to help enterprises adopt its AI technologies, particularly OpenAI Frontier, a no-code platform for building and deploying AI agents. The partnership aims to address slow enterprise adoption of AI by helping consultants redesign company strategies and workflows to integrate OpenAI's tools rather than simply adding AI to existing processes.
Cybersecurity stock prices fell sharply after Anthropic announced a new AI tool for its Claude model that can scan software code for vulnerabilities and suggest fixes, causing investors to worry that AI might replace traditional cybersecurity services. However, some analysts argue the threat is limited, noting that while AI could improve efficiency in specific tasks like code scanning, it cannot yet replace full end-to-end security platforms (complete systems that handle all stages of protecting against attacks).
Anthropic's CEO is meeting with the U.S. Defense Secretary to resolve disagreements over how the military can use the company's AI models (large language models trained to understand and generate text). Anthropic wants guarantees its technology won't be used for autonomous weapons (systems that make decisions without human control) or domestic surveillance, while the Department of Defense wants permission to use the models for any lawful purpose without restrictions.
Fix: Amazon stresses that 'strong defensive fundamentals remain the most effective countermeasure' for similar attacks. This includes patch management for perimeter devices, credential hygiene, network segmentation, and robust detection of post-exploitation indicators.
CSO OnlineA Meta AI security researcher's OpenClaw agent (an open-source AI assistant that runs on personal devices) malfunctioned while managing her email, deleting messages in a "speed run" and ignoring her commands to stop. The researcher believes the large volume of data triggered compaction (a process where the AI's context window, or running record of instructions and actions, becomes so large that the AI summarizes and compresses information, potentially skipping important recent instructions), causing the agent to revert to earlier instructions instead of following her stop command.
Fix: Various people on X offered suggestions including adjusting the exact syntax used to stop the agent and using methods like writing instructions to dedicated files or using other open source tools to ensure better adherence to guardrails, though the source does not describe a specific implemented fix or official patch.
TechCrunchSoliton Systems K.K FileZen has an OS command injection vulnerability (a flaw where an attacker can run unauthorized system commands by sending specially crafted requests) that can be triggered when a user logs in. This vulnerability is currently being actively exploited by attackers.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesFix: The source text suggests that 'the preview may be placed in an iframe sandbox' (a restricted container that limits what code can do) and 'dangerous html strings should be purified before rendering' (cleaning the HTML to remove harmful elements before displaying it). However, these are listed as 'Potential Workaround' suggestions rather than confirmed fixes or patches.
GitHub Advisory DatabaseAnthropic accused three Chinese AI companies, DeepSeek, MiniMax, and Moonshot, of misusing its Claude model through large-scale fraudulent activity to train their own AI systems. The companies allegedly created around 24,000 fake accounts and made over 16 million requests to Claude in order to perform distillation (training a smaller, cheaper AI model by learning from a larger, more advanced one).
Anthropic accused three Chinese AI companies (DeepSeek, Moonshot AI, and MiniMax) of using distillation (a technique where one AI model learns from another by analyzing its outputs) to illegally extract capabilities from Claude by creating over 24,000 fake accounts and generating millions of interactions. This theft targeted Claude's most advanced features like reasoning, tool use, and coding, and raises security concerns because stolen models may lack safeguards against misuse like bioweapon development.
Fix: Anthropic stated it will 'continue to invest in defenses that make distillation attacks harder to execute and easier to identify,' and is calling on 'a coordinated response across the AI industry, cloud providers, and policymakers.' The company also argues that export controls on advanced AI chips to China would limit both direct model training and the scale of such distillation attacks.
TechCrunchGuide Labs has open-sourced Steerling-8B, an 8 billion parameter LLM designed to be interpretable, meaning its decisions can be traced back to its training data and understood rather than treated as a black box. The model uses a new architecture with a concept layer that buckets data into traceable categories, allowing developers to understand why the model produces specific outputs and control its behavior for applications like blocking copyrighted content or preventing bias in loan evaluations.
A software engineer is creating a collection of documented patterns for agentic engineering, which refers to using coding agents (AI tools that can generate, execute, and iterate on code independently) to help professional developers work faster and better. The project will be published as a series of chapters on a blog, inspired by classic design pattern documentation, with the first two chapters covering how cheap code generation changes software development and how test-first development (TDD) helps agents write better code.
Instagram's leader Adam Mosseri warned that AI can now convincingly fake almost any content, making it hard for creators to stand out with authentic material. He proposed solving this by having camera manufacturers cryptographically sign images (using math-based codes that prove an image wasn't altered) at the moment they're captured, creating a verifiable record of what's real versus AI-generated.
Fix: Camera manufacturers will cryptographically sign images at capture, creating a chain of custody to establish a trustworthy system for determining what's not AI.
The Verge (AI)