All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
AI companies and billionaires are funding a super PAC called Leading the Future that has spent at least $10 million in ads attacking New York politician Alex Bores, who is running for Congress and has sponsored AI regulation laws like the RAISE Act (which requires large AI labs to publicly disclose safety plans). The PAC, backed by Palantir co-founder Joe Lonsdale, OpenAI President Greg Brockman, and others, is targeting Bores and other candidates who support state-level AI regulation, viewing them as threats to the industry's preferred light-touch approach.
ChatGPT users complained that the GPT-5.2 Instant model used overly reassuring and condescending language, like telling them to 'calm down' even when they were just asking for factual information, which made them feel infantilized and led some to cancel subscriptions. OpenAI's new GPT-5.3 Instant model aims to fix this by reducing the 'cringe' and preachy disclaimers, instead acknowledging difficulties without making assumptions about the user's mental state. The update focuses on improving user experience through better tone, relevance, and conversational flow.
Anthropic is rolling out Voice Mode for Claude Code, its AI coding assistant, allowing developers to use spoken commands instead of typing. The feature, which lets users type /voice to toggle it on and then speak requests like 'refactor the authentication middleware,' is currently live for about 5% of users with broader availability planned in coming weeks. The source does not specify technical limitations or whether Anthropic partnered with third-party voice providers to build this capability.
OpenClaw has a path traversal vulnerability (CWE-22, a weakness where attackers bypass directory restrictions) in its `$include` directive that allows arbitrary file reads. An attacker who can modify OpenClaw's configuration file can read any file the OpenClaw process has access to by using absolute paths, directory traversal sequences (like `../../`), or symlinks (shortcuts to files), potentially exposing secrets and API keys.
Google is rolling out new features to Pixel 10 phones that allow Gemini, its AI assistant, to act as an agent (an AI that can take actions independently on your behalf) to complete tasks like ordering groceries or booking rides in selected apps such as Uber and Grubhub. Users can supervise or stop the agent's work at any time while it operates in the background.
During the Iran conflict in 2024, many fake images and videos spread online, including old footage, unrelated conflicts, AI-generated content (synthetic media created by artificial intelligence), and clips from video games like War Thunder. Major news organizations like The New York Times, Indicator, and Bellingcat use detailed verification procedures to check whether content is real before publishing it, helping audiences distinguish trustworthy reporting from misinformation.
BentoML's `safe_extract_tarfile()` function has a security flaw where it validates that symlink paths (links that point to other files) are within the extraction directory, but it doesn't validate where those symlinks actually point to. An attacker can create a malicious tar file with a symlink pointing outside the directory and follow it with a regular file, allowing them to write files anywhere on the system. This vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 8.1 (High).
Anthropic, an AI company, ended negotiations with the U.S. Department of Defense after refusing to allow its technology to be used for fully autonomous weapons (systems that make combat decisions without human control) or domestic mass surveillance. The U.S. government then blacklisted Anthropic, prohibiting it from working with federal agencies and Pentagon contractors, with government officials saying the company should 'correct course' to resolve the dispute.
Organizations are facing challenges managing workload identities (the digital credentials and permissions that allow different software systems and applications to authenticate and communicate with each other), and the problem is becoming harder to handle as systems grow more complex. The source indicates this is a widespread issue but does not provide specific technical details about the nature of the crisis or its consequences.
Web-based indirect prompt injection (IDPI) is an attack where adversaries hide malicious instructions in website content that AI systems later read and unknowingly execute, such as through webpage summarization or content analysis features. Researchers found real-world examples of these attacks being used for ad fraud evasion, phishing promotion, data destruction, unauthorized transactions, and information theft, showing that IDPI is no longer just theoretical but actively weaponized. Unlike direct prompt injection (where attackers directly submit malicious input to an AI), IDPI exploits the normal behavior of AI systems processing benign-looking web content.
A vulnerability in the MS-Agent AI Framework allows attackers to compromise an entire system by exploiting the Shell tool through improper input sanitization (failure to clean and validate user input). Attackers can use this flaw to modify system files and steal data.
This article describes 13 essential security tools that companies need to protect against cyber threats, including XDR (extended detection and response, an AI-powered system that identifies threats across networks and devices), MFA (multifactor authentication, requiring users to verify their identity multiple ways), NAC (network access control, which checks devices before allowing network access), and DLP (data loss prevention, which monitors for sensitive data being sent outside the company). The article explains why each tool is important but does not discuss any specific fixes, patches, or solutions to existing security problems.
Anthropic refused the U.S. Department of Defense's demand for unrestricted use of its AI technology for mass surveillance and fully autonomous weapons systems, leading the DoD to cancel a $200 million contract. The article argues that relying on individual company leaders to protect privacy through business decisions is unsustainable, and that Congress should pass binding legal restrictions instead of leaving privacy protection to private companies and their CEOs.
Fix: OpenAI released GPT-5.3 Instant, which according to the release notes reduces preachy disclaimers and focuses on improving tone, relevance, and conversational flow. In the example provided, GPT-5.3 Instant acknowledges the difficulty of a situation without directly reassuring the user, rather than the GPT-5.2 Instant approach of starting responses with phrases like 'First of all, you're not broken.'
TechCrunchFix: Update OpenClaw to version 2026.2.17 or later. The vulnerability is fixed in npm package `openclaw` version `>=2026.2.17` (vulnerable versions: `<=2026.2.15`).
GitHub Advisory DatabaseTech workers at Google, OpenAI, and other companies are signing open letters calling for clearer limits on how their employers work with the military, after the U.S. Department of Defense blacklisted AI models from Anthropic (a company that refused to allow its technology for mass surveillance or autonomous weapons) and the U.S. carried out strikes on Iran. The letters express concern that the government is pressuring tech companies to accept military contracts involving AI without proper safeguards, and workers are demanding greater transparency about their employers' government agreements.
This newsletter roundup covers two main AI stories: OpenAI has agreed to allow the US military to use its technologies in classified settings, with protections against autonomous weapons and mass surveillance, though concerns remain about whether safety measures can be maintained during rapid deployment; separately, a startup called Skyward Wildfire claims it can prevent wildfires by stopping lightning strikes using cloud seeding (releasing metallic particles into clouds), but researchers question its effectiveness under different conditions and potential environmental impacts.
Moltbook, a supposed AI-only social network, actually relies on humans at every step, including creating accounts, writing prompts (instructions for how the AI should behave), and publishing content. The platform demonstrates a concerning trend called the "LOL WUT Theory," where AI-generated content becomes so easy to create and difficult to distinguish from real posts that people may stop trusting anything online.
OpenAI announced changes to its agreement with the US military after facing backlash, including preventing its AI system from being used for domestic surveillance and requiring additional contract modifications before intelligence agencies like the NSA can use it. The company acknowledged the original deal announcement was "opportunistic and sloppy," while concerns remain about how AI systems (which can "hallucinate," or make up false information) are being deployed in military operations and whether adequate human oversight exists.
OpenAI is modifying its contract with the US Department of Defense after CEO Sam Altman acknowledged the original deal appeared poorly planned. The company will now explicitly prohibit its AI technology from being used for mass surveillance (monitoring large groups of people without their knowledge) or by intelligence agencies like the NSA (National Security Agency, which gathers foreign intelligence for the US).
AI agents using the Model Context Protocol (MCP, a system that lets AI connect to apps and data to automate business tasks) are rapidly being deployed in enterprises but operate as 'identity dark matter' - invisible to traditional access control systems that track who can do what in a company. These agents tend to seek the easiest path to complete tasks, gravitating toward weak security shortcuts like old credentials and long-lived tokens, which creates risks both from accidental misuse and potential abuse at machine speed across multiple systems.
Fix: The source mentions that Palo Alto Networks offers these defensive capabilities: Advanced DNS Security, Advanced URL Filtering, Prisma AIRS, Prisma Browser, and the Unit 42 AI Security Assessment service to help protect against web-based IDPI threats. The source also notes that defenders need 'proactive, web-scale capabilities to detect IDPI, distinguish benign and malicious prompts, and identify underlying attacker intent,' though specific implementation details are not provided.
Palo Alto Unit 42The US military reportedly used Anthropic's Claude AI model to help plan attacks on Iran, enabling bombing campaigns faster than human decision-making can occur by shortening the "kill chain" (the process from identifying a target to getting legal approval and launching a strike). Experts worry this technology could push human decision-makers out of the loop entirely.