All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Starting with GPT-5.1, OpenAI's models began frequently mentioning goblins and gremlins in their responses, a behavior that grew worse in later versions. The root cause was discovered to be the training process for the "Nerdy" personality feature, which unknowingly gave high rewards for outputs containing creature metaphors, causing the model to learn and amplify this quirk over time. The problem was highly concentrated in the Nerdy personality (which made up only 2.5% of responses but accounted for 66.7% of goblin mentions), and was identified through comparing model outputs and analyzing which reward signals (scoring systems that guide AI training) favored creature-word language.
LLM 0.32a0 is an alpha release that redesigns how the LLM Python library handles inputs and outputs to better support modern AI models. Instead of the old simple text-in, text-out model, it now represents conversations as sequences of messages (with user and assistant roles) and allows responses to contain different types of content, making it easier to work with APIs like OpenAI's chat completions.
This is a brief announcement about llm version 0.32a0, posted by Simon Willison on April 29, 2026. The post appears to be part of a monthly briefing series covering important LLM developments, with an option for readers to sponsor the author for curated updates.
OpenTelemetry.Resources.Azure has a vulnerability where it reads unlimited amounts of data from Azure VM metadata service responses into memory, allowing an attacker to cause the application to crash by sending extremely large responses (a denial of service attack where the system runs out of memory). This affects applications using the Azure VM resource detector that connect to a compromised or intercepted metadata endpoint.
A legal trial between Elon Musk and Sam Altman is revealing documents from OpenAI's founding, including emails and corporate records that show Musk drafted much of OpenAI's early mission and structure, Nvidia provided computational resources, and early leaders had concerns about various aspects of the organization's direction. The case is still ongoing and more evidence is expected to be disclosed as it progresses.
OpenAI has restructured its relationship with Microsoft multiple times in six months, most recently ending Microsoft's exclusive access to OpenAI's models and technology. The company is now moving its AI services to Amazon Web Services (cloud computing infrastructure), Microsoft's major competitor, after committing $100+ billion in spending to AWS and receiving a $50 billion investment from Amazon. This shift suggests OpenAI is deliberately diversifying away from its decade-long partnership with Microsoft to work with multiple cloud providers and meet more customers' needs.
OpenAI's Stargate project aims to build massive compute infrastructure (computer hardware and power systems) to support advanced AI development and deployment, with a goal of securing 10GW of capacity in the United States by 2029, which they have already exceeded. The company emphasizes that meeting growing AI demand requires partnerships across multiple sectors including energy providers, chipmakers, construction firms, and local communities, rather than relying on any single organization. OpenAI plans to expand compute capacity further while investing in local communities through education programs and workforce development.
ChatGPT is experiencing slower growth and rising uninstall rates, with users leaving the app or switching to competing chatbots. According to market data, uninstalls jumped 413 percent year-over-year in May following OpenAI's partnership with the Pentagon, while monthly user growth dropped from 168 percent in January to 78 percent in April.
Researchers discovered malicious code in npm packages (repositories where developers share reusable code) that were designed to steal cryptocurrency wallet credentials and funds. The attack, linked to North Korean hackers, used a two-layer approach where harmless-looking packages contained hidden dependencies that executed the actual malware, and the malicious packages mimicked the names of legitimate libraries to avoid detection.
Oracle, a traditional database company, has shifted its business strategy to focus on AI rather than building its own foundation models (large language models like ChatGPT). Instead, it is positioning itself as a software-as-a-service provider (cloud-based software you access online) in the AI infrastructure space, betting on a specific version of AI's future as its traditional database business declines.
Ollama for Windows has a remote code execution vulnerability (the ability for an attacker to run commands on your computer) in its update system. The vulnerability happens because the application builds file paths using information from HTTP headers without checking if they're legitimate, allowing attackers to use path traversal sequences (like ../ to navigate directories) to write malicious executable files to dangerous locations like the Windows Startup folder. When combined with a missing signature verification flaw, an attacker can automatically execute malicious code without the user knowing.
This document outlines how to build safety and trust into AI applications using Amazon Bedrock (AWS's generative AI service) by following a responsible AI framework. Organizations that implement responsible AI practices see significant business benefits, including 82% improvement in employee trust and 25% increase in customer loyalty. Safety should be integrated throughout the AI development lifecycle across three phases: design and development (evaluating risks and building guardrails), deployment (implementing multiple layers of protection including red team testing, which simulates attacks to find vulnerabilities), and operations (continuous monitoring and adaptation as technology and usage patterns evolve).
Fix: The source text describes approaches rather than specific technical fixes. For the design and development phase, it recommends thoroughly evaluating safety risks, understanding application capabilities and limits, and building safety guardrails from the beginning. For deployment, it recommends implementing robust safety measures through multiple layers including comprehensive user training, proactive monitoring and review processes, clear safety protocols and user guidelines, and red team testing. For the operations phase, it recommends implementing real-time feedback mechanisms, conducting regular performance evaluations, and continuously monitoring for shifts in application usage or functions that could compromise safety.
AWS Security BlogFix: Fixed in OpenTelemetry.Resources.Azure version 1.15.0-beta.2. The fix introduces limits to HttpClient requests so that response bodies are streamed rather than loaded entirely into memory, with responses greater than 4 MiB being ignored. As workarounds, you can disable the Azure VM resource detector or use network-level controls (firewall rules, mTLS, or service mesh) to prevent Man-in-the-Middle attacks on the Azure VM instance metadata endpoint.
GitHub Advisory DatabaseSeven families are suing OpenAI and its CEO after a school shooting in Tumbler Ridge, Canada, claiming the company failed to alert police about the shooter's suspicious ChatGPT activity. The families allege that OpenAI detected concerning conversations about gun violence but stayed silent to protect its reputation and an upcoming IPO (initial public offering, when a company first sells stock to the public).
AI models can now find and exploit software vulnerabilities faster than security teams can defend against them, creating urgent security challenges for AI-driven development. Wiz addressed this by launching an AI-BOM (a tool that automatically catalogs AI frameworks, models, and IDE extensions like GitHub Copilot and Cursor) to give security teams visibility into how AI tools interact with their data, plus embedding security guardrails directly into developer IDEs through plugins that catch hardcoded secrets, misconfigurations, and AI-specific risks like prompt injection (tricking an AI by hiding instructions in its input) before code is committed.
Fix: Wiz Code plugins for AI-native IDEs (like Claude Code and Cursor) embed security directly into development workflows using pre-commit hooks (automated checks that run before code is saved) to catch hardcoded secrets, IaC (infrastructure-as-code) misconfigurations, vulnerabilities, and AI-specific issues. Additionally, Wiz Skills allow developers to automatically pull active security issues from the Wiz Security Graph and apply fixes directly in the IDE using the Wiz Green Agent, which generates fixes based on full code-to-cloud context.
Wiz Research BlogAmbShield is a security method that uses ambient backscatter devices (AmBDs, which are passive devices that reflect wireless signals without needing their own power source) to protect wireless networks from eavesdropping. The system works by having these devices act as both friendly jammers that create interference to disrupt eavesdroppers and as passive relays that strengthen the signal for legitimate users, all without requiring extra power or complex deployment.
This research addresses privacy and data quality challenges in federated learning (FL, a technique where multiple computers train an AI model together without sharing raw data) for skeleton-based action recognition (identifying human movements from body joint positions). The authors propose Fed-C&E, a system that uses data condensation on client devices to reduce privacy risks, then expands the condensed data on a central server using techniques like a prototype-to-sequence similarity transformation matrix pool and feature expansion with second-order statistics to recover lost information and prevent overfitting.
This research proposes K-TCDP (K-Temporal Correlated Differential Privacy), a new method for training large language models privately using LoRA (a technique that adds small trainable adapters to a model). Standard privacy-preserving training adds random noise that degrades model quality, but K-TCDP uses strategically correlated noise over time so that noise added in early steps can be partially canceled out by noise in later steps, improving model performance while maintaining privacy guarantees.
BlockAthena is a new forensic framework designed to detect long-term crimes on blockchains (distributed ledgers that record transactions) by analyzing transaction patterns over extended periods. The system identifies criminal behavior by recognizing botnet-style activity (coordinated malicious networks) and APT tactics (advanced persistent threat methods used by sophisticated attackers), segmenting transaction data into meaningful chunks based on crime phases, and using graph analysis to spot suspicious patterns while using less computer memory than previous approaches.
When employees connect unapproved AI apps to work platforms like Google Workspace or Salesforce using OAuth (a system that lets apps access your accounts), they create persistent bridges that attackers can exploit if the AI app gets hacked. The Vercel breach showed this risk in action: an employee used a trial version of Context.ai without approval, and when Context.ai was compromised, attackers used the OAuth tokens (digital keys that grant access) to reach sensitive Vercel data like API keys and employee records.
Scammers are creating deepfakes (AI-generated fake videos that realistically mimic real people) of celebrities like Taylor Swift and Rihanna on TikTok to trick users into fake reward programs. These deepfakes often manipulate real footage with AI and use TikTok's official branding to appear legitimate, but they redirect users to third-party websites that steal personal information.