All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
This is a brief announcement of llm-gemini version 0.31, posted by Simon Willison on May 7, 2026. The content appears to be metadata and navigation elements from a blog or news site covering developments in large language models (LLMs, AI systems trained on vast amounts of text data) and Google's Gemini AI model, rather than detailed technical information about the release itself.
In November 2023, OpenAI CEO Sam Altman was suddenly removed from his position because he was "not consistently candid in his communications with the board." Through a lawsuit called Musk v. Altman, details from former CTO Mira Murati's testimony are now revealing what actually happened during that dramatic weekend at OpenAI.
Apple is developing AirPods with built-in cameras that are approaching production testing stages. The cameras won't take traditional photos or videos, but instead capture low-resolution visual information that users can ask Siri (Apple's AI assistant) to analyze, such as identifying what meals they could make with ingredients in front of them.
OpenAI is launching an optional safety feature called 'Trusted Contact' that lets adult ChatGPT users designate an emergency contact (friend, family member, or caregiver) who will be notified if the AI detects concerning conversations about self-harm or suicide. The feature is designed to connect people in crisis with trusted people they know, working alongside existing mental health helplines.
BentoML's `bentoml build` command has a symlink traversal vulnerability (following attacker-controlled symbolic links, which are shortcuts to files) that allows attackers to copy files from outside the build directory into the generated Bento artifact (the packaged application). If a developer builds an untrusted repository, an attacker can hide a symlink pointing to sensitive files like credentials or API tokens, and these files will be copied into the final package where they could be leaked through export or upload workflows.
This article covers testimony in Elon Musk's lawsuit against OpenAI and its leaders, where a witness testified about discussions around 2017-2018 regarding whether OpenAI should remain a nonprofit or become a for-profit company. Musk claims OpenAI broke promises to stay nonprofit and focus on charitable work, while the company established a for-profit subsidiary after he left in 2018. The testimony reveals various corporate structure options were debated, including a proposal where OpenAI would join Tesla and Musk would offer Altman a board seat there.
Attackers can steal OAuth tokens (digital keys that grant access to connected services) from Claude Code, an AI system that performs tasks autonomously, through a man-in-the-middle attack (intercepting communication between two parties). The attack involves installing a malicious npm package that modifies Claude Code's configuration file to redirect all traffic through the attacker's infrastructure, allowing them to capture tokens while remaining undetected.
Save to Spotify is a command-line tool (a program you run through text commands rather than clicking buttons) that lets AI agents like Claude Code create audio summaries and podcasts that automatically save to your Spotify library. Users can set it up by downloading the tool from GitHub and then asking their AI to create content with the instruction to 'save to Spotify,' and the resulting podcast will appear in their Spotify feed alongside regular episodes.
Anthropic, an AI startup, announced a deal to use all the computing power from SpaceX's Colossus 1 data center in Tennessee to improve service for its paid Claude Pro and Claude Max subscribers. The deal will give Anthropic access to significant computational resources (the processing power needed to run AI models) to better handle demand from paying customers.
A legal trial between Elon Musk and OpenAI leaders centers on whether OpenAI broke promises to remain a nonprofit, but testimony has also highlighted broader AI safety concerns, including risks like job displacement, misinformation, and the potential dangers of AGI (artificial general intelligence, an advanced AI system that surpasses humans at many tasks). Expert witness Stuart Russell warned that the competitive race to develop AGI first poses a threat to humanity, though the judge has tried to keep the trial focused on the nonprofit dispute rather than AI's dangers.
This is a monthly digest of AWS security resources from April 2026 covering topics like AI security, identity management, and data protection. The posts provide practical guidance on securing agentic AI systems (AI systems that can act independently), implementing fine-grained access controls using ABAC (attribute-based access control, which grants permissions based on user characteristics rather than just roles), and defending against emerging threats like token abuse and privilege escalation attacks.
Mozilla used early access to Claude Mythos (an advanced AI model) to find and fix hundreds of security vulnerabilities in Firefox that had gone undetected for years. The AI became much more useful for this task once the model became more capable and Mozilla developed better techniques for controlling the AI, filtering out false reports, and combining multiple AI analyses together.
Anthropic has signed a deal with SpaceX/xAI to use all capacity from the Colossus 1 data center, which has a poor environmental record including unpermitted gas turbines that lack pollution controls and have been linked to increased hospital admissions from poor air quality. The deal also creates a potential supply chain risk (a vulnerability where a company depends on another company that could cut off essential services) since Elon Musk, who owns xAI, has stated he reserves the right to reclaim the compute if Anthropic's AI causes harm, with the criteria for 'harm' decided by Musk himself.
Anthropic's Mythos model, an advanced AI system for finding bugs, has dramatically improved Firefox's ability to discover software vulnerabilities (flaws in code that attackers can exploit), unearthing thousands of high-severity bugs including some hidden for over a decade. Unlike older AI bug-finding tools that produced many false positives (incorrect alerts), Mythos uses agentic systems (AI that can assess and filter its own work) to deliver higher-quality results, leading Firefox to ship 423 bug fixes in April 2026 compared to 31 a year earlier. However, Mozilla's engineers still manually write and review patches rather than deploying AI-generated code directly, as they have not found the fix-writing process automatable.
Researchers at Cisco discovered that attackers can manipulate vision-language models (AI systems that read and interpret images) by making tiny, imperceptible changes to image pixels that humans cannot see. These changes can make hidden malicious instructions embedded in images readable to the AI, allowing attackers to trick the AI into following commands like stealing data, while content filters and humans see only visual noise or blurry content.
LLM-based agents now use MCP tools (model context protocol tools, standardized connectors that let AI agents interact with external programs and services) to access external resources, but this creates a security vulnerability called tool poisoning attacks, where malicious MCP tools can trick these agents into behaving in harmful ways. Researchers developed AutoMalTool, an automated red teaming framework (a security testing approach where researchers simulate attacks to find weaknesses) that generates malicious MCP tools to expose these vulnerabilities in mainstream LLM-based agents.
OpenAI released GPT-5.5 and a specialized version called GPT-5.5-Cyber with Trusted Access for Cyber (TAC), a framework that verifies the identity of cybersecurity defenders and gives approved users lower refusal rates so they can perform defensive security tasks like vulnerability analysis and malware detection. The system maintains safeguards to block malicious activities like credential theft and system exploitation, and requires users to have phishing-resistant authentication (protection against attacks where hackers trick users into revealing passwords) by June 2026.
Fix: The source explicitly mentions one safeguard: "Individual members of Trusted Access for Cyber accessing our most cyber capable and permissive models will be required to enable Advanced Account Security beginning June 1, 2026. Organizations with trusted access can, as an alternative, attest that they have phishing resistant authentication as part of their single sign-on workflow." No other mitigation or fix beyond this account security requirement is discussed in the source.
OpenAI BlogA security issue called 'TrustFall' allows malicious code repositories to execute code in Claude Code, Cursor CLI (a code editor tool), Gemini CLI, and CoPilot CLI (command-line interfaces for AI coding tools) with little or no user action needed, because the warning messages shown to users are minimal and easy to ignore. This means an attacker could potentially run harmful code on a developer's computer without much effort.
Enterprises migrating between different SIEM platforms (security information and event management systems, which collect and analyze security data) struggle because each vendor uses different query languages and data models, requiring manual rule rewrites. Researchers developed ARuleCon, an AI system that can automatically translate detection rules across platforms while preserving their detection logic, improving accuracy by 10-15% over standard AI approaches. However, security experts debate whether the problem truly needs AI, since manual translation is slow but some argue deterministic engineering (rule-based programming without AI) could solve it.
Fix: ARuleCon combines AI-driven reasoning with deterministic approaches by using AI to infer detection intent and iteratively refine translated rules while constraining outputs through syntax validation and semantic checks. According to the researchers, the system is not intended to replace deterministic approaches entirely, but to combine "their reliability with the flexibility of AI-driven reasoning."
CSO OnlineThis academic paper examines privacy risks in vertical federated learning (a machine learning approach where different organizations each hold different features of the same data and train a model together) when facing agnostic inference attacks (attacks where the attacker doesn't know the model's structure in advance). The paper analyzes how attackers could potentially infer private information from the shared computations in this system.