All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Citrini Research published a scenario describing how AI agents (autonomous AI systems that can make decisions and take actions independently) could trigger economic collapse by replacing white-collar workers with cheaper AI alternatives, creating a negative feedback loop where job losses reduce consumer spending, forcing companies to invest even more in AI to survive. The scenario imagines unemployment doubling and stock market value falling by a third within two years, though the researchers present it as a thought experiment rather than a prediction.
The U.S. Defense Secretary is meeting with Anthropic's CEO to pressure the company into allowing military use of Claude (Anthropic's AI system) for mass surveillance and autonomous weapons (weapons that can fire without human approval). Anthropic has refused these uses, and the Pentagon is threatening to label it a "supply chain risk" (a designation that would ban it from government contracts), which could void their $200 million military contract and force other Pentagon partners to stop using Claude.
OpenAI announced partnerships with four major consulting firms (Accenture, Boston Consulting Group, Capgemini, and McKinsey) to help deploy its enterprise AI platform called Frontier, which acts as an intelligence layer that connects different systems and data within organizations to help companies manage and build AI agents (tools that can independently complete tasks). These consulting partnerships aim to accelerate AI adoption for enterprise customers by combining OpenAI's technology with the consulting firms' existing relationships and deep knowledge of how businesses operate.
This newsletter covers multiple business and policy topics, including the Supreme Court striking down Trump's tariffs (duties, or taxes on imported goods) in a 6-3 decision, followed by Trump announcing a new 15% global tariff the next day. A major winter blizzard caused airlines to cancel 15% of U.S. flights on Monday, and Trump called on Netflix to fire board member Susan Rice.
Attackers are using autonomous AI agents (AI systems that can independently perform tasks without constant human direction) in supply chain attacks (compromises targeting the software or services that other programs depend on) to steal cryptocurrency from wallets. While this current campaign focuses on crypto theft, security researchers warn the technique could be adapted for much broader attacks.
As organizations deploy their own Large Language Models (LLMs), they are creating many internal services and APIs (application programming interfaces, which allow different software to communicate) to support them, but the real security risk comes from poorly secured infrastructure rather than the models themselves. Exposed endpoints (connection points where users, applications, or services communicate with an LLM) become attack vectors when they have excessive permissions and exposed long-lived credentials (authentication secrets that don't expire), allowing attackers far more access than intended. Endpoints typically become exposed gradually through small oversights during rapid deployment, such as APIs left publicly accessible without authentication, hardcoded tokens that are never rotated, or the false assumption that internal services are automatically safe.
Arkanix is a new infostealer (malware that steals sensitive data like passwords and cryptocurrency) suspected to be developed with AI assistance, using both Python and C++ versions for different attack stages. It operates as a MaaS model (malware-as-a-service, where attackers rent access to the malware), allowing subscribers to customize payloads and collect credentials, browser data, and financial information from infected computers. The Python version gathers broad data quickly, while the C++ version focuses on stealth and persistence (maintaining long-term access to a system).
Generative AI is making cyberattacks faster and easier for criminals by automating tasks like creating convincing phishing emails, developing malware, and finding system vulnerabilities, while lowering the technical skill needed to launch attacks. Rather than creating entirely new types of crimes, AI primarily accelerates existing attack methods and enables agentic AI (autonomous AI agents) to execute complete attack sequences without human involvement. Cybercriminals are using these tools similarly to legitimate users: to improve productivity, reduce costs, and automate repetitive work so humans can focus on more complex strategy.
Samsung is integrating Perplexity, an AI search tool, into Galaxy AI on its S26 phones, allowing users to activate it by saying 'hey, Plex.' This is part of Samsung's strategy to create a multi-agent ecosystem (a system where multiple different AI tools work together), giving Perplexity access to Samsung's apps like Notes, Calendar, and Gallery so it can help with various tasks depending on what each AI does best.
India hosted a four-day AI Impact Summit attended by executives from major AI companies like OpenAI, Anthropic, and Google, with the goal of attracting more AI investment to the country. The event featured major announcements including India earmarking $1.1 billion for an AI venture capital fund, OpenAI reporting over 100 million weekly ChatGPT users in India, and several companies like Anthropic and AMD launching new partnerships and infrastructure projects in the country.
A reader expresses concern that large language models (LLMs, AI systems like ChatGPT and Gemini that generate text based on patterns learned from training data) are becoming too eager to agree with users and appear sympathetic rather than accurate, often giving flattering responses instead of critical feedback. The writer worries that if the world increasingly relies on information filtered through these AI systems, we may end up with outputs that prioritize being likeable over being truthful.
A person is concerned that their boyfriend's heavy reliance on ChatGPT (a large language model, or LLM, that generates human-like responses to prompts) for nearly all tasks, even when better alternatives exist, may be weakening his ability to think independently. While AI tools can help with business tasks, overdependence on chatbots is identified as a growing problem that may require addressing the underlying anxiety driving the behavior.
Google's startup leader warns that two types of AI businesses may struggle to survive: LLM wrappers (startups that add a user interface layer on top of existing AI models like GPT or Claude) and AI aggregators (startups that combine multiple AI models into one interface). Both business models lack sustainable competitive advantages because they rely too heavily on underlying AI models without building their own unique value or intellectual property.
This research proposes a new privacy-preserving method for key generation in ABE (attribute-based encryption, a system that lets users control access to data based on their personal attributes). The method follows a principle called Minimal Disclosure, where users only reveal the specific attributes they need to prove, rather than exposing all their attributes. The protocol separates attribute verification from key generation into two steps, uses batch verification to improve performance, and introduces metrics to measure how well it resists attacks that try to infer hidden user attributes.
Researchers developed PPOM-Attack, a method to fool face recognition (FR) systems by generating adversarial images (slightly altered photos that trick AI into misidentifying someone). Unlike earlier attacks that used substitute models (simpler AI systems trained to mimic the target system), PPOM-Attack directly queries the real face recognition system to learn how to create effective perturbations (tiny pixel changes), achieving 21.7% higher success rates while keeping the altered images looking natural.
Prompt injection attacks (tricking an AI by hiding malicious instructions in its input) pose a serious security risk to Large Language Models, as attackers can overwrite a model's original instructions to manipulate its responses. Researchers developed PromptFuzz, a testing framework that uses fuzzing techniques (automatically generating many variations of input data to find weaknesses) to systematically evaluate how well LLMs resist these attacks. Testing showed that PromptFuzz was highly effective at finding vulnerabilities, ranking in the top 0.14% of attackers in a real competition and successfully exploiting 92% of popular LLM-integrated applications tested.
This paper presents SIMix, a training framework for systems where multiple users learn AI models together over wireless networks while protecting their private data. The system uses Over-the-Air Mixup (OAM, a technique that combines data from multiple users through wireless transmission to hide sensitive information) and groups users strategically to reduce communication needs by up to 25% while defending against model inversion attacks (attempts to reconstruct private training data from a trained model) and label inference attacks (guessing what category a user's data belongs to).
Fix: The paper proposes integrating Over-the-Air Mixup with label-aware user grouping, including a closed-form Tx-Rx scaling optimization that minimizes mean square error under channel noise, and an extended max-clique algorithm that dynamically partitions users into groups with minimal intra-label similarity to reduce model inversion attack success rates.
IEEE Xplore (Security & AI Journals)OpenAI CEO Sam Altman defended AI's resource usage by claiming water consumption concerns are false and comparing AI energy use to human energy consumption, though he acknowledged total energy demand from widespread AI use is a legitimate concern. Data centers traditionally use large amounts of water for cooling, though some newer facilities no longer rely on water; however, projections suggest water demand for cooling will more than triple over the next 25 years as computing increases. Altman argued that when measuring energy efficiency per query (inference, or using already-trained AI models to generate outputs), AI has already become comparable to or more efficient than humans, though this comparison remains debated.
Anthropic's Claude AI was used to build a C compiler (a program that translates human-written code into machine instructions), which performs at the level of a competent undergraduate project but falls short of production-ready software. The compiler shows that AI systems excel at assembling known techniques and optimizing toward measurable goals, but struggle with the open-ended generalization needed for high-quality systems, raising questions about whether AI learning from publicly available code crosses into copying.
OpenAI's monitoring tools flagged an 18-year-old user's chats on ChatGPT (a large language model chatbot) that described gun violence, leading to the account being banned in June 2025. The company debated whether to alert Canadian police but decided the chats didn't meet reporting criteria, though OpenAI later contacted authorities after the user allegedly killed eight people in a mass shooting in Canada.