All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Google Cloud announced AI Threat Defense, a new security platform that uses AI to automatically detect and stop cyberattacks powered by AI before they cause damage. The platform combines threat intelligence, cloud security scanning, and code repair tools (powered by Google's Gemini AI model) to find weaknesses in software, predict attack paths, and deploy security fixes within minutes rather than days.
Fix: Google describes AI Threat Defense's four-step framework: (1) map environments and make sensitive assets unreachable from the internet; (2) conduct deep-dive code analysis and AI-driven testing to find vulnerabilities in internet-accessible applications and business-critical systems; (3) use AI agents to generate and test patches, with CodeMender automatically creating fixes in developers' tools at build time and tagging libraries across source control and production; and (4) implement machine-speed detection and real-time defense with consistent operational tracking. Google states this approach reduces remediation time to minutes by proactively generating verified fixes before attackers can exploit vulnerabilities.
SecurityWeekMistral AI, a French startup competing with OpenAI and Anthropic, is exploring the design of its own semiconductor chips to reduce costs and gain more control over its infrastructure, though it currently relies on Nvidia chips. The company is also expanding data centers in France and Sweden, and launching a new enterprise platform called Vibe that uses agentic AI (systems that can autonomously complete tasks like coding and drafting) to help customers with work tasks.
A robot named Lightning recently broke the human world record at a Beijing half marathon, sparking interest in whether robots are about to become common in everyday life like chatbots have. China is leading robotics development with over £100 billion in planned government investment over the next 20 years, and researchers are working on giving robots human-like abilities so they can eventually perform tasks like cleaning homes and weeding gardens.
MUFG, one of Japan's largest financial groups, is partnering with OpenAI to become an AI-native company (an organization where AI is integrated into everyday work processes) by rolling out ChatGPT Enterprise to approximately 35,000 employees at Mitsubishi UFJ Bank starting in 2026. The bank chose ChatGPT Enterprise for its broad applicability and enterprise-grade security (security features designed for large organizations), and paired the technology rollout with mandatory employee training, custom workshops, and guidance to help workers understand how to use AI confidently and in compliance with financial regulations.
Cybercriminals are increasingly using data theft and extortion without encryption (ransomware, a type of malware that locks files until payment is made), shifting from the 90% encryption rates seen in 2021-2024 to just 78% in 2025. This change is driven by better backup systems, stricter regulations like GDPR's 72-hour reporting requirement, and the fact that data exposure alone now costs organizations an average of $5.08 million in fines and lawsuits. Threat actors are particularly targeting mid-sized firms in Professional Services, Healthcare, and Construction, focusing on valuable business data like financial records and bids.
claude-code-cache-fix is a tool that speeds up Claude Code by caching results. Versions 3.5.0 through 3.5.1 have a code injection vulnerability (CWE-94, inserting malicious code into a program) in a file called tools/quota-statusline.sh, where user input containing certain byte sequences (''') can break out of a Python string and execute arbitrary code on the user's system. This is a high-severity bug that affects local attackers who can control the input to Claude Code.
Langroid versions before 0.63.0 have a vulnerability where SQLChatAgent (a tool that lets an AI execute SQL queries) can be tricked through prompt injection (hiding malicious instructions in input data) into running dangerous SQL commands. If the database is configured with elevated privileges, an attacker can achieve RCE (remote code execution, where an attacker runs commands on a system they don't own) on the database server, potentially stealing or deleting data.
OpenAI and Anthropic have shifted their enterprise pricing models away from discounted per-seat plans to usage-based API pricing (paying for every token, a unit of text processed by the AI model), making enterprise costs equivalent to their public API rates. Both companies released new, more expensive AI models in April 2026 and locked enterprise customers into year-long contracts at these higher prices, suggesting they have found a profitable business model with coding agents and enterprise customers willing to pay $200+ per month per user.
Researchers discovered a malicious npm package (a collection of code shared through Node Package Manager, a repository for JavaScript libraries) called "mouse5212-super-formatter" that steals files from Claude AI users' directories. The package disguises itself as a legitimate tool but actually uploads files to a threat actor-controlled GitHub account by authenticating with stolen or hard-coded credentials during installation.
Gradio versions before 6.15.0 have a cookie injection vulnerability that lets attackers perform session fixation (tricking a system into using a fake session ID) across multiple user spaces. An attacker controlling one Gradio Space can inject a cookie into a shared HTTP client (a tool that sends web requests) that automatically gets sent to all other legitimate Spaces, affecting every user on that Gradio deployment.
A flaw in Starlette (CVE-2026-48710), the framework that powers FastAPI, allows unauthenticated attackers to bypass authentication by sending a malformed character in a web request's Host header. The flaw tricks Starlette into parsing the request path differently than the actual server sees it, so security checks on one path may allow access to a protected route, potentially enabling SSRF (server-side request forgery, where an attacker makes the server request data from unintended locations) or even remote code execution on affected systems.
This is an academic survey article that reviews methods for making traditional machine learning models more explainable and interpretable across different fields. The survey covers techniques that help users understand how machine learning models make decisions, rather than treating them as "black boxes" where the reasoning is hidden. It was published in a peer-reviewed computer science journal in September 2026.
OpenAI has published a Frontier Governance Framework that describes how its safety and security practices meet new legal requirements from California and the EU, building on its existing Preparedness Framework for managing risks from advanced AI systems. The framework covers risk assessment and mitigation in areas like cyber attacks, dangerous biological/chemical/nuclear risks, manipulation, and loss of control, along with model reporting and incident response. OpenAI says it will update this framework as AI capabilities and regulations evolve.
Fix: OpenAI worked with MUFG on security requirements by offering concrete proposals through product improvements and updates to address security and governance barriers. Additionally, OpenAI supported the rollout through guidance for enterprise use, operational planning, product education, training programs for all employees, custom GPT workshops, and executive study sessions. MUFG also implemented mandatory AI training, requiring employees to complete e-learning before they could use ChatGPT Enterprise.
OpenAI BlogGovernments and private companies must quickly adapt their security practices as adversaries use AI to evade financial sanctions and finance weapons of mass destruction, with countries like North Korea and Iran now deploying AI models to create fraudulent documents, manage fake company networks, and hide cryptocurrency transactions. AI is making these illegal activities faster, higher quality, and more coordinated, shifting from AI-assisted evasion (using AI for individual tasks like writing emails) to AI-enabled evasion (where AI orchestrates entire deception schemes across multiple systems and channels). Enterprise IT managers face a critical challenge because traditional security boundaries designed for human attackers are being bypassed by automated technologies.
Fix: Dr. Aaron Arnold advises IT managers to protect their organizations by "incorporating defensive AI, the use of behavior-based analytics, using 'circuit breakers' when there is heavy use of API or MCPs (management control planes, systems that oversee how applications connect), updating personnel training, and hardening identity verification, especially for any remote hiring."
CSO OnlineA Cisco study found that popular AI models from OpenAI, Anthropic, Google, and others are much more vulnerable to attack when faced with multiple prompts in a conversation compared to single-prompt tests. Current safety benchmarks (standardized tests that measure how well models resist harmful requests) only test models with one prompt at a time, but real attackers use iterative techniques like role-playing, breaking tasks into smaller steps, and gradually escalating requests across multiple turns, which bypass safety guardrails far more effectively than official scores suggest.
Fix: This vulnerability is fixed in version 3.5.2. Users should update to claude-code-cache-fix 3.5.2 or later.
NVD/CVE DatabaseATLAS v2026.05 introduces a major structural overhaul that separates versioning for content updates from format changes, moving to a new YAML format (v6.0.0) with improved consistency and relationship handling. The update adds support for multiple AI platforms (Predictive, Generative, Agentic, and Enterprise) to techniques and introduces new tooling including Pydantic schemas (strict data validation), SQLAlchemy ORM models (database storage), and a FastAPI REST API (web service for managing the data). Historical ATLAS releases have been migrated and preserved in the new structure.
Fix: Fixed in v0.63.0 by defaulting SQLChatAgent to a SELECT-only sqlglot-parsed statement allowlist (a list of approved SQL operations) with a dialect-aware dangerous-pattern blocklist. Users can restore the previous unrestricted behavior by setting allow_dangerous_operations=True, but only for trusted deployments.
GitHub Advisory DatabaseGryph is a security tool that protects AI coding agents (software that writes code with AI help) by controlling what information gets saved to a local database. Before version 0.7.0, Gryph's documentation incorrectly stated that logging (recording activity) was set to a minimal level by default, but it was actually set to standard, causing sensitive file content to be stored in the database even though Gryph was supposed to filter it out.
Fix: This vulnerability is fixed in version 0.7.0.
NVD/CVE DatabaseN/A -- This content is a navigation menu and feature listing for GitHub v6.0.0, not a security issue or AI/LLM problem. It describes GitHub's product offerings (Copilot for code generation, Actions for automation, security tools) but contains no specific technical concern to analyze.
Researchers have developed PacketPatch, a method for creating adversarial packets (malicious network data designed to fool AI systems) that can deceive byte-feature-based encrypted traffic classification systems (AI models that identify what type of network traffic is flowing through encrypted connections by analyzing raw data patterns). The work demonstrates how attackers could potentially manipulate encrypted network communications to evade detection by these AI-powered security systems.
OpenAI and other AI companies have spent millions through a political action committee to oppose Alex Bores, a New York state assemblyman who wrote AI safety regulations, inadvertently making him more famous and turning him into a prominent figure in the AI regulation debate. The article suggests this corporate spending against Bores has backfired by drawing public attention to him and the issue of who should regulate AI technology.
Fix: Update Gradio to version 6.15.0 or later. The vulnerability is fixed in the release available at https://github.com/gradio-app/gradio/releases/tag/gradio%406.15.0.
NVD/CVE DatabaseFix: Starlette's maintainer released a patch through an official GitHub security advisory. Additionally, researchers created badhost.org, a website that can test whether applications are vulnerable to this flaw.
CSO Online