All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
According to a Reuters report, Grok (Elon Musk's AI chatbot) is not performing well and has minimal adoption, appearing in only 3 out of over 400 documented cases of U.S. government AI use, and only for basic tasks like document drafting or social media management. This low usage is a sign of trouble for xAI's flagship product, despite Musk's plans to make it central to a major financial offering.
Kiro CLI, a command-line tool that lets developers use AI to run code and shell commands, has a security flaw (CVE-2026-9255) where it doesn't properly check where input comes from before authorizing tool execution. An attacker on the same computer could trick the tool into running arbitrary commands without the user's permission by sending specially crafted data through stdin (the standard input stream that feeds data into a program).
A story selected for a prestigious British literary award appears to have been written by an LLM (large language model, an AI trained on text to generate human-like writing) rather than by a human author, raising concerns about how the literary world will handle AI-generated submissions. The story exhibits characteristic patterns of AI-generated text, such as repetitive sentence structures and predictable phrasing.
Spotify has partnered with Universal Music Group (UMG) to create a new tool that uses generative AI (AI that creates new content from patterns in training data) to let users make remixes and covers of songs from UMG's music catalog. The article expresses concern that this tool will make it even easier to flood the internet with AI-generated music covers, which already appear widely on platforms like YouTube, TikTok, and Instagram.
Between December 2025 and February 2026, a single attacker compromised nine Mexican government agencies using AI as the core tool to carry out the entire attack, rather than just a helper tool. The attacker accessed sensitive data including tax records, civil registry information, patient files, and electoral systems, and researchers only discovered the breach after finding materials on the attacker's servers.
SpaceX, OpenAI, and Anthropic are planning major initial public offerings (IPOs, where companies sell shares to the public for the first time) in 2026, with SpaceX targeting a $1.75 trillion valuation. However, analysts warn these mega-cap floats resemble the late-1990s dot-com bubble, noting that all three companies are unprofitable and have opaque business models, with SpaceX's only profitable division being its Starlink internet service while its AI and space divisions operate at significant losses.
SpaceX released a 300+ page investor document (prospectus, which outlines a company's finances and plans to potential investors) as part of its plan to go public on the US stock market, revealing financial details and various risk warnings about the company's ambitious plans. The document includes unusual disclosures that reflect Elon Musk's vision for space exploration and shows how interconnected his different businesses are with each other.
Google is integrating CodeMender, an AI agent that automatically finds and fixes software vulnerabilities, into its larger Agent Platform ecosystem rather than keeping it as a standalone tool. CodeMender uses Gemini reasoning models (advanced AI that can think through complex problems) to analyze code vulnerabilities, generate fixes, and test them before showing them to developers. This shift suggests Google believes enterprises want autonomous security tools embedded within a governed infrastructure framework with identity and monitoring systems, rather than as isolated products.
OpenAI's Codex, an AI tool that helps developers write and manage code, has been recognized as a Leader by Gartner in enterprise coding agents. Codex goes beyond simple autocomplete (where an AI completes code as you type) by letting developers delegate complex tasks like understanding large codebases, running tests, and preparing work for human review while maintaining security and governance controls. The recognition highlights Codex's strengths in enterprise features like approval gates, RBAC (role-based access control, which limits what different users can do), sandboxing (isolating code in a safe environment), and audit trails.
Network-AI v5.4.4 has a critical authentication bypass where the MCP server (a tool that lets AI models call external functions) defaults to an empty secret, causing all authentication checks to pass unconditionally. Additionally, the server allows requests from any origin (CORS wildcard), so an attacker can trick a user into visiting a malicious website that sends commands to their localhost Network-AI server without needing any password, potentially invoking dangerous tools like config_set and agent_spawn.
Boxlite, a sandbox service for running containers, has a path traversal vulnerability (a security flaw where attackers can access files outside intended boundaries) in how it extracts container images. When processing tar files (compressed archives), Boxlite doesn't validate symlink targets (shortcuts to files or directories), allowing an attacker to create a malicious container image that writes files anywhere on the host system, potentially leading to remote code execution (running unauthorized commands on the computer).
BoxLite is a sandbox service that runs untrusted code in lightweight virtual machines (VMs, which are isolated computing environments). It claims to protect host files by mounting directories in read-only mode (preventing writes), but the vulnerability bypasses this: BoxLite tells the underlying VM system (libkrun) to mount directories without actually enforcing read-only restrictions, and it doesn't limit container capabilities (special permissions), so malicious code can remount directories as read-write and modify files that should be protected.
Fix: Update kiro-cli to version 1.28.0 or later. The affected versions are kiro-cli prior to 1.28.0.
AWS Security BulletinsMicrosoft is testing agentic AI (AI that can perform multi-step tasks automatically) in its Edge for Business browser to help employees complete routine work like filling forms and gathering information across tabs. A key focus is protecting corporate data through features that keep AI prompts within the company's Microsoft 365 tenant (a private cloud environment), prevent copy-paste operations, block sensitive uploads, and allow companies to audit what users do.
Fix: Microsoft provides several data protection features in Edge for Business: enterprises can block copy and paste functionality, ensure all AI prompts and responses stay within their Microsoft 365 tenant (preventing use for model training), enable audit capabilities for prompts, and use the Purview compliance tool to analyze file uploads and detect sensitive data to block risky actions. These protections are active as soon as users sign into Edge for Business.
CSO OnlineFederated learning (a system where multiple computers train an AI model together while keeping their data private) can be unfair to some participants and vulnerable to attacks where bad actors tamper with the process. FairRoP is a new method that uses adaptive client selection (choosing which computers to include based on their trustworthiness) and a bandit algorithm (a technique for balancing exploration and exploitation in decision-making) to improve both fairness and robustness against attacks. The approach combines three components: fairness awareness, attack detection, and q-Balance to handle the different challenges involved.
This article addresses how radar systems (devices that detect objects using electromagnetic waves) can better allocate their time between searching for targets and tracking known ones when facing jamming (intentional interference meant to disrupt detection). The researchers propose a dynamic scheduling strategy using receding-horizon optimization (a method that repeatedly solves shorter planning problems instead of one big long-term problem) combined with mathematical techniques to keep radar performance strong even under jamming attacks.
At Anthropic's developer event, nearly half the attendees reported shipping code written entirely by Claude (an AI assistant), with many not reading it first before deploying it live. The article discusses how AI coding tools are becoming increasingly capable and how developers are automating their work, though not everyone agrees this approach is beneficial.
AI security strategies often fail in operational technology (OT) environments, like power plants and factories, because critical legacy systems don't send data to AI systems—a maintenance laptop running unpatched Windows 7 is common. AI trained on typical IT data (like web traffic logs) often misclassifies normal industrial traffic as threats, and automated responses can accidentally shut down production lines faster than actual attacks, because in OT systems availability (keeping things running) is more important than the IT security priorities of confidentiality and integrity.
This research paper proposes E2E-PP, a system that protects privacy in mobile crowdsensing (collecting data from many mobile devices) by combining compressive sensing (a technique that reduces data size while preserving important information) with personalized differential privacy (a method that adds customized noise to data to prevent identifying individuals). The system aims to let mobile devices share sensor data for collective purposes while keeping personal information private.
This academic paper analyzes how Internet of Things devices (smart devices connected to the internet, like security cameras or smart home systems) receive and install software updates. The research examines the mechanisms these devices use to stay current with security patches and new features. The publication appears in a peer-reviewed security journal and was made available online in May 2026.
Drupal Core has a SQL injection vulnerability (a flaw where attackers insert malicious database commands into user input) that could allow attackers to gain higher privileges and execute remote code through specially crafted requests to the database API. This vulnerability is actively being exploited in the wild, with a deadline of May 27, 2026 to address it.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. More details are available at https://www.drupal.org/sa-core-2026-004.
CISA Known Exploited Vulnerabilities