All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Anthropic released Claude Security, an AI-powered tool designed to help security teams find and fix vulnerabilities faster by scanning code repositories, identifying security flaws, and generating targeted patches. The tool is available in public beta for Claude Enterprise customers and integrates with existing security platforms from companies like CrowdStrike and Microsoft, aiming to reduce the time from vulnerability discovery to fix from days to a single session.
Fix: Claude Security provides automated vulnerability scanning, generates confidence ratings on severity, offers reproduction instructions, and creates targeted patch instructions that can be worked through with Claude Code on the Web. Users can also schedule regular scans for ongoing coverage rather than one-off audits. The tool is available now to Claude Enterprise customers through Claude.ai/security and works with Claude Opus 4.7 without requiring API integration or custom agent setup.
SecurityWeekOpenTelemetry's disk retry feature for OTLP (OpenTelemetry Protocol, a standard format for sending telemetry data) had a security flaw where it stored temporary blob files (serialized data chunks) in a shared system temp directory accessible to other user accounts on multi-user systems. This allowed attackers to inject fake telemetry data, read sensitive telemetry information, or cause performance problems by filling the directory with large files.
A security flaw in n8n-mcp's URL validation allowed attackers to bypass SSRF (server-side request forgery, where an attacker tricks a server into making unwanted requests) protections using IPv4-mapped IPv6 addresses like `http://[::ffff:169.254.169.254]`. This could let an attacker who controls the `n8nApiUrl` input force the server to request sensitive data from cloud metadata endpoints, private networks, or localhost services, and the responses would be returned to the attacker along with API credentials.
OpenAI launched Advanced Account Security, an optional protection feature for high-risk ChatGPT and Codex users like journalists and dissidents that replaces passwords with physical security keys or passkeys to prevent account takeover attacks (when someone gains unauthorized access to an account). The feature also uses recovery keys instead of email/SMS for account recovery, enforces shorter login sessions, and sends alerts on sign-ins, making it much harder for attackers to breach accounts through phishing (tricking users into revealing login credentials) or social engineering (manipulating support staff).
Jupyter Notebook has a stored XSS (cross-site scripting, a type of attack where malicious code runs in a user's browser when they view a webpage or file) vulnerability that lets attackers steal authentication tokens (credentials that prove who you are) by tricking users into clicking fake controls in malicious notebook files. An attacker who steals these tokens can take over a user's account, read files, run code, and access the system.
Gemini, a crypto exchange, received approval from the U.S. Commodity Futures Trading Commission (CFTC, the federal agency that regulates futures and derivatives) to operate its own regulated derivatives clearinghouse, allowing it to process trades internally rather than through outside services. This approval enables Gemini to expand into prediction markets (betting platforms where users forecast future events) and perpetual futures (leveraged contracts that never expire), giving the company more control over these products and potentially more stable revenue streams.
Google is updating vehicles equipped with Google built-in to replace their current Google Assistant with Gemini, a more advanced AI assistant. The upgrade will be available to both new and existing vehicles through a software update, offering improvements in natural conversations, vehicle information retrieval, and settings adjustments.
Microsoft and OpenAI have restructured their business partnership, with the key change allowing OpenAI to offer its products and services through multiple cloud providers (computing platforms that deliver software and services over the internet) instead of being limited to Microsoft's cloud. The companies maintained an amicable relationship despite previous tensions over contracts and AI infrastructure.
OpenAI discovered that its AI models were unexpectedly inserting references to goblins and other creatures into their responses, a behavior that started appearing in the GPT-5.1 model, particularly when using the "Nerdy" personality option. The company traced this quirk to patterns in the training data and added instructions to prevent the models from discussing these creatures.
OpenAI discovered that ChatGPT and other tools powered by its GPT-5 model were randomly mentioning goblins, gremlins, and other creatures in their responses, with goblin mentions increasing 175% after the GPT-5.1 launch in November. The problem stemmed from a "nerdy personality" developed during training that was rewarding mentions of these creatures in metaphors, and OpenAI found this personality was responsible for 66.7% of all goblin mentions. The issue illustrates how AI training systems can accidentally reinforce quirks and errors when they reward certain language patterns.
A critical vulnerability in Gemini CLI, an open source AI agent for terminal access to Google's Gemini, allowed attackers to execute arbitrary code on the host system by planting malicious configuration files in a workspace folder. The flaw was particularly dangerous in CI/CD pipelines (automated systems that build, test, and deploy software) because attackers could steal credentials and perform supply chain attacks (compromising software before it reaches users) by exploiting the trusted access that these pipelines have.
A maximum-severity vulnerability in Google Gemini CLI allowed remote code execution (RCE, where attackers can run commands on a system they don't own) when the tool processed untrusted inputs in automated environments like CI/CD pipelines (automated workflows that test and deploy code). The flaw occurred because the CLI automatically trusted workspace configurations without verification, letting attackers inject malicious code that would execute before security protections kicked in.
Despite heavy promotion by tech companies, young people (Gen Z) are increasingly using AI chatbots like ChatGPT while simultaneously expressing strong negative feelings toward AI technology. Polling data shows widespread cultural backlash against AI among Gen Z students and workers, even as they continue to adopt these tools.
A supply chain attack called "mini Shai-Hulud" compromised npm packages (code libraries hosted on npm, a JavaScript package repository) used in SAP development, injecting malware that stole developer credentials and cloud secrets during installation. The attackers exploited configuration gaps in npm's OIDC trusted publishing (a system that verifies package publishers) and used stolen credentials to add malicious GitHub Actions workflows (automated tasks in code repositories) and persist through developer tool configuration files, treating developer workstations as entry points to compromise the entire software supply chain.
N/A -- The provided content is a navigation menu and feature listing from GitHub's website, not an AI/LLM security issue, vulnerability, or technical problem.
Fix: If an immediate upgrade to a patched version is not possible: 1. Avoid enabling disk retry in shared environments. 2. Configure a dedicated directory with strict ACL/ownership and least privilege (access control lists that restrict who can read or write). 3. Ensure the directory is not shared across tenants/users. 4. Monitor for unexpected `*.blob` files or abnormal retry backlog growth.
GitHub Advisory DatabaseElon Musk testified in court that his AI startup xAI used OpenAI's models to train its own AI system called Grok through model distillation (a technique where a larger AI model teaches a smaller one by transferring knowledge). Model distillation is a common practice in the AI industry, though it can be used legitimately within a single company or potentially misused by competitors trying to copy a rival's AI performance.
Fix: Upgrade to **v2.47.14 or later** (via `npx n8n-mcp@latest` for npm or `docker pull ghcr.io/czlonkowski/n8n-mcp:latest` for Docker). If immediate upgrade is not possible, the source mentions three workarounds: (1) validate URLs before passing them to the SDK by rejecting IP literal hostnames and accepting only DNS-resolvable hostnames; (2) restrict outbound network traffic from the n8n-mcp process to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), link-local addresses (169.254.0.0/16), and cloud metadata endpoints; and (3) do not accept user-controlled `n8nApiUrl` values and derive the URL from internal configuration only.
GitHub Advisory DatabaseFix: OpenAI's explicitly mentioned mitigations for Advanced Account Security users include: (1) requiring two physical security keys or passkeys instead of passwords, (2) eliminating email and SMS recovery routes in favor of recovery keys, backup passkeys, or physical security keys, (3) blocking OpenAI support team access to recovery options to prevent social engineering attacks on support portals, (4) enforcing shorter sign-in windows and sessions before re-authentication is required, (5) generating login alerts that users can review in their dashboard, and (6) enabling data opt-out from model training by default. OpenAI also partnered with Yubico to offer lower-cost YubiKey bundles to these users. Members of OpenAI's Trusted Access for Cyber program must enable Advanced Account Security by June 1, 2024, or submit an alternative attestation of phishing-resistant authentication through enterprise single sign-on.
Wired (Security)Fix: Update to Jupyter Notebook 7.5.6 or JupyterLab 4.5.7, which include patches. As a temporary workaround, disable the help extension by running: `jupyter labextension disable @jupyter-notebook/help-extension` and `jupyter labextension disable @jupyterlab/help-extension`. For additional hardening, disable command linker functionality by adding this to `overrides.json`: `{"@jupyterlab/apputils-extension:sanitizer": {"allowCommandLinker": false}}`.
GitHub Advisory DatabaseWiz Red Agent is an AI security tool powered by Anthropic's Claude Opus models that automatically scans production environments (web applications and APIs) to find exploitable security vulnerabilities by reasoning like a human attacker. It analyzes over 150,000 applications weekly and has discovered thousands of previously unknown high and critical security risks across major organizations with zero false positives.
Goodfire, a startup, has created Silico, a tool that uses mechanistic interpretability (a technique for understanding how AI models work by mapping their neurons and the connections between them) to help developers debug and adjust LLM behavior. Instead of treating model development as trial-and-error, Silico lets developers zoom into a trained model, see which neurons control specific behaviors like hallucinations (false information the AI generates), and adjust those neurons to improve or suppress certain outputs.
Fix: OpenAI said it took steps to mitigate the issue by instructing its coding agent Codex to avoid referring to goblins, gremlins, raccoons, trolls, ogres, pigeons, and other creatures "unless it is absolutely and unambiguously relevant to the user's query." The company also retired the "nerdy personality" system that had been incentivizing these mentions.
BBC TechnologyAI-powered GitHub Actions from companies like OpenAI, Anthropic, and Google have a critical security flaw where prompt injection (tricking an AI by hiding instructions in its input) attacks can be triggered by external attackers, even when configuration settings are meant to restrict access. The vulnerability stems from these actions not properly distinguishing between trusted internal apps and untrusted external apps, allowing anyone to potentially manipulate the AI's behavior through pull requests, issues, or other user-controlled inputs.
Fix: The vulnerability was patched by Google in both Gemini CLI and the 'run-gemini-cli' GitHub Action.
SecurityWeekFix: The issue was fixed in @google/gemini-cli versions 0.39.1 and 0.40.0-preview.3, and in run-gemini-cli version 0.1.22. The patches removed implicit workspace trust in headless (non-interactive) environments and now require explicit trust decisions before loading workspace configurations. Additionally, the fix enforces stricter tool allowlisting (a list of permitted commands) to prevent command execution outside intended restrictions. Workflows that pin a specific gemini-cli version are advised to upgrade to a patched release and review their existing Gemini CLI configurations.
CSO OnlineOpenAI is launching GPT-5.5-Cyber, a specialized AI model designed to help organizations defend against cyberattacks, but it will only be available to a limited group of vetted "cyber defenders" rather than the general public. The company plans to roll out access within days and will work with other organizations and government agencies to establish a trusted access system for the model.