All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Microsoft's 'Agent ID Administrator' role, designed to let AI agents have controlled identities in Entra ID (Microsoft's identity management system), had a security flaw that let users take ownership of unrelated service principals (the tenant-specific identities that applications use to authenticate and access resources). This meant attackers could gain the same privileges as more powerful administrator roles and potentially take over the entire tenant (organization's cloud environment).
Fix: Microsoft patched the issue by blocking the Agent ID Administrator role from modifying non-agent service principals. The fix was fully rolled out by April 9, 2026, across all cloud environments.
CSO OnlineElon Musk is suing Sam Altman and OpenAI, claiming they violated their founding agreement by converting OpenAI from a non-profit (an organization that doesn't aim to make money for owners) to a for-profit business. The lawsuit alleges fraud and breach of contract, with the trial beginning in Oakland, California, and expected to last two to three weeks.
Microsoft and OpenAI amended their partnership agreement to clarify their long-term relationship and how they will work together on AI development. Key changes include OpenAI gaining freedom to sell products through any cloud provider (not just Microsoft's Azure), Microsoft receiving a non-exclusive license to OpenAI's technology through 2032, and changes to how the companies share revenue. The amendment aims to give both companies flexibility while maintaining their collaborative work on building large-scale AI systems.
Choco, an AI-powered food distribution platform serving over 100,000 buyers, uses OpenAI APIs to power AI agents that automate order processing from multiple input types (emails, texts, images, voice calls). OrderAgent and VoiceAgent convert unstructured customer inputs into structured ERP (enterprise resource planning, a system that manages business operations) orders by learning from each customer's ordering history, achieving up to 50% reduction in manual work and error rates below 1-5%.
A vulnerability (CVE-2026-7061) was found in Toowiredd chatgpt-mcp-server version 0.1.0 that allows OS command injection (running unauthorized system commands on a server through malicious input) in the MCP/HTTP component. The flaw can be exploited remotely by attackers, and public exploit code is already available, but the developers have not yet responded to the security report.
Elon Musk is suing Sam Altman and OpenAI in court, claiming that Altman broke the company's original founding agreement. The lawsuit focuses on OpenAI's early years when it was started as a nonprofit, and the trial could influence the direction of AI development in the tech industry.
The Cannes Film Festival banned AI-generated content from its main competition (the Palme d'Or), arguing that AI cannot create emotionally meaningful work. However, a new World AI Film Festival (WAIFF) launched at the same event and showcased AI-generated films, attracting investment from major tech companies and Hollywood studios, suggesting a growing movement to create cinema with generative AI (artificial intelligence systems that can produce images, text, or video).
A security flaw called CVE-2026-7020 was found in Ollama versions up to 0.20.2 that allows path traversal (an attack where someone manipulates file paths to access files they shouldn't be able to reach) through the digestToPath function in the Tensor Model Transfer Handler component. An attacker can exploit this remotely, though it requires high complexity to perform, and the vulnerability details have been released publicly.
LiteLLM had a security flaw in two test endpoints (`POST /mcp-rest/test/connection` and `POST /mcp-rest/test/tools/list`) that allowed authenticated users to run arbitrary commands on the server. These endpoints accepted server configurations including command and arguments, and would execute them as subprocesses with the proxy's privileges, even for users with low-level permissions.
Top software executives from companies like Salesforce, Snowflake, and Datadog are being recruited by AI companies OpenAI and Anthropic with large compensation packages, because these AI giants want their expertise in selling to enterprise customers (large organizations). This talent drain is part of a broader shift where AI companies are prioritizing business growth in the enterprise segment, which is more profitable, while traditional software companies are struggling with concerns that AI tools will disrupt their business models.
Tesla and other automakers are integrating AI chatbots like Grok (xAI's conversational AI assistant) into vehicles to provide hands-free information access, but safety experts warn these tools create dangerous distractions for drivers. A Tesla owner demonstrated how engaging with Grok while driving—even with Tesla's partially automated driving system (FSD, or Full Self-Driving Supervised) active—caused him to lose attention to the road, raising concerns about driver distraction that isn't yet well understood.
DeepSeek released V4, a new AI model that can process longer text more efficiently and matches the performance of leading competitors from OpenAI, Anthropic, and Google while remaining open source. Researchers are increasingly focused on developing world models (AI systems that understand and can interact with the physical world, not just digital tasks) to overcome limitations of current language models and enable advances in robotics and physical tasks like laundry folding or navigation.
Google researchers found that indirect prompt injection attacks (hidden traps where malicious instructions in external data trick AI systems into bypassing their safety rules) on websites are increasing, with a 32% rise between November 2025 and February 2026, but current attacks remain relatively unsophisticated. The attacks they discovered fell into two categories: exfiltration attempts that try to steal data like IP addresses and credentials, and destruction attempts that aim to delete files, though neither showed advanced techniques. Researchers warn that while today's attacks are low in sophistication, the upward trend suggests the threat will soon grow in both scale and complexity.
Anthropic's Claude Mythos is an AI system that can discover vulnerabilities much faster than human teams, but organizations are unprepared for the remediation (fixing) side of the process. The real problem isn't finding vulnerabilities quickly, it's that most teams lack the infrastructure to triage, prioritize, and verify fixes once they're discovered, so faster discovery just creates a growing backlog of unfixed critical issues.
AI is transforming DevSecOps (the practice of integrating security into software development processes) by embedding security checks earlier in coding and automating vulnerability detection and fixes. The shift moves security from happening after code is written to happening during code generation itself, with AI tools providing secure coding guidance, scanning for vulnerabilities using reasoning rather than fixed rules, and suggesting automated fixes integrated directly into developer workflows.
Rather than eliminating SOC analyst jobs, agentic AI (AI systems that can independently execute tasks) is transforming entry-level analysts from performing repetitive investigative work into 'managers of agents' who oversee AI systems and make decisions based on their findings. The shift moves analysts from manually gathering evidence across multiple systems to reviewing AI-generated investigations and validating conclusions, allowing them to handle more alerts at a higher level of judgment.
Google DeepMind announced a partnership with South Korea's Ministry of Science and ICT to advance AI research and development in the country. The collaboration includes establishing an AI Campus in Seoul where Korean researchers can access Google's advanced AI models for breakthroughs in life sciences, weather, climate, and energy, while also supporting talent development through internships and scholarships.
This academic paper explores how Software Bill of Materials (SBOMs, detailed lists of all software components used in a project) can be extended to cover agentic AI systems (AI systems that can independently make decisions and take actions). The paper discusses schema extensions, how to organize and orchestrate these agentic components, and methods to evaluate whether AI systems produce reproducible results.
Fix: The source explicitly recommends three practices: (1) 'Start with evaluation from day one: Even a small ground-truth dataset (10–20 examples) enables teams to measure progress, validate improvements, and iterate with confidence.' (2) 'Invest in AI-native observability: Debugging AI systems requires more than traditional logs—capturing model inputs, outputs, and reasoning traces is essential to understand and improve performance.' (3) 'Set the right expectations early: Unlike deterministic software, LLMs are probabilistic. Educating teams and users on this difference is key to building trust and avoiding friction during adoption.'
OpenAI BlogThis research paper evaluates whether multiple AI agents working together can effectively help identify privacy threats in software systems using LINDDUN GO, a structured methodology for privacy threat modeling (a process of identifying ways a system could leak or misuse personal data). The study, published in July 2026, examines whether collaborative multi-agent LLM (large language model) systems can improve the quality and completeness of privacy threat identification compared to single AI agents or human analysis.
n8n-mcp (a tool for connecting AI systems to external services) was logging sensitive information like passwords and API keys when running in HTTP mode (a way to communicate over the internet). When authenticated users made requests to call tools, their secret credentials were written to server logs before being hidden, which could expose them if logs were shared or accessed by unauthorized people. The issue only affected HTTP mode and required authentication, so it couldn't be exploited by random internet users.
Fix: Upgrade to n8n-mcp v2.47.13 or later using either `npx n8n-mcp@latest` (npm) or `docker pull ghcr.io/czlonkowski/n8n-mcp:latest` (Docker). The patch changes how tool arguments are logged by using a `summarizeToolCallArgs` function that records only the structure and size of data, never the actual secret values. As a temporary workaround if you cannot upgrade immediately: restrict HTTP port access through firewall or VPN, limit who can read server logs, or switch to stdio transport mode (`MCP_MODE=stdio`).
GitHub Advisory DatabaseFix: Fixed in version 1.83.7. Both test endpoints now require the `PROXY_ADMIN` role (a permission level for administrators only). As a temporary workaround, developers should block `POST /mcp-rest/test/connection` and `POST /mcp-rest/test/tools/list` at their reverse proxy or API gateway (the server that sits between users and the application to filter traffic).
GitHub Advisory Database