New tools, products, platforms, funding rounds, and company developments in AI security.
Cybersecurity researchers discovered a prompt (a text input) that bypasses ChatGPT's safety guardrails (built-in restrictions designed to prevent harmful outputs) and causes the AI to generate disturbing images. The episode explores what this vulnerability reveals about how AI systems are trained and how bad actors could potentially exploit these weaknesses.
A flaw in Google's Vertex AI SDK for Python allowed attackers to hijack machine learning model uploads through bucket squatting (creating a Cloud Storage bucket with a name the victim's SDK would predictably generate). Attackers could replace the uploaded model with malicious code that executes when the model loads, potentially stealing credentials and accessing other data in Google's infrastructure. The attack required only the victim's public project ID and no access to their account.
France's intelligence service is switching from Palantir, a US company's AI data analysis tool, to a domestic provider called ChapsVision to reduce dependence on foreign technology. The French government argues that relying on tools controlled by other countries poses a strategic risk, and that France should develop and use its own AI systems instead.
SpaceX announced a $60 billion agreement to acquire Cursor, an AI startup that built a popular coding tool helping developers generate and review code. The deal comes after Cursor experienced rapid growth since 2022, though its market share has recently declined from 41% to 26% as competitors like Anthropic have gained ground, and SpaceX expects the merger to close in the third quarter pending regulatory approval.
Magnitude, a cybersecurity startup, launched with $10 million in funding to address third-party risk management (TPRM, the process of monitoring security risks from external vendors and partners) using an autonomous AI workforce. The company's AI agents continuously monitor vendors, products, and dependencies for vulnerabilities, automatically identify exposed systems when new risks emerge, and help organizations respond to threats at the speed of AI-powered attacks.
N/A -- This content is not about an AI/LLM-related technical issue, vulnerability, or problem. It is a newsletter header about SpaceX's IPO and mentions only in passing that the US government ordered limits on Anthropic's advanced AI model due to cybersecurity concerns, but provides no details about what that concern is or how it works.
SpaceX is acquiring Cursor, an AI-powered programming platform, for $60 billion to strengthen its enterprise software offerings and compete with other AI companies like Anthropic and OpenAI. The deal was negotiated earlier with an option to either complete the purchase or pay a $10 billion breakup fee, and SpaceX expects to finalize it by the third quarter of 2026.
Researchers discovered a vulnerability in Google Cloud's Vertex AI SDK for Python (versions 1.139.0 and 1.140.0) that allowed attackers to hijack model uploads through bucket squatting (exploiting predictable cloud storage bucket names to intercept files). By predicting the victim's bucket name based on their project ID, an attacker could create that bucket in their own account, intercept the model upload, inject malicious code, and achieve RCE (remote code execution, where attackers run commands on systems they don't own) when the victim deployed the poisoned model.
Zero trust is a security strategy based on 'never trust, always verify' that was defined 15 years ago, but most organizations struggle to implement it correctly. Studies show that 88% of organizations face significant challenges with zero trust, and security researchers have found vulnerabilities in zero-trust network access (ZTNA, a tool that controls remote access based on verification) offerings, suggesting vendors sometimes fail to secure data properly. The main problem is confusion about what zero trust actually is: it's a mindset and strategy, not a product or specific technology, yet many vendors misleadingly market zero-trust products that only deliver a small fraction of the security controls needed.
Qualcomm is developing over 40 new AI-powered devices, with CEO Cristiano Amon predicting that AI agents (autonomous software programs that can perform complex tasks across apps and services) will gradually replace traditional apps and smartphones as the center of how people interact with technology. These new devices include wearables like smart glasses, earbuds with cameras, and jewelry designed to give users constant access to these agents, potentially becoming as popular as smartphones within a few years.
Anthropic received a US export control directive (a government order restricting what can be shared outside the country) on Friday requiring the company to suspend access to its Claude Mythos 5 and Fable 5 AI models for all foreign nationals, including foreign employees. To comply with the order, Anthropic had to completely disable the products and planned to travel to Washington to appeal the directive to President Trump.
A critical three-stage attack called 'SearchLeak' could allow attackers to steal data from Microsoft Copilot with just one click by exploiting prompt injection (tricking an AI by hiding instructions in its input) through hidden URLs and other hidden variables. This attack is part of a larger category of security issues affecting AI systems that use similar injection techniques. The vulnerability has already been patched.
Fix: Update the google-cloud-aiplatform SDK to version 1.148.0 or later, which adds bucket ownership verification to block bucket squatting. Additionally, explicitly set the staging_bucket parameter to a Cloud Storage location you control when uploading models, and check the SDK version wherever it runs (notebooks, CI/CD jobs, training pipelines, and production services).
The Hacker NewsAnthropic took its advanced Claude Fable 5 and Mythos 5 AI models offline after the U.S. government restricted them, citing concerns that these models can find and exploit software vulnerabilities (weaknesses in code that attackers can use). However, experts warn that restricting one company's models is ineffective because other AI companies and open-source developers will likely develop similar dangerous capabilities within months, and existing AI systems can already be used for vulnerability research with refined prompting (techniques to get better answers from AI).
AI agents (autonomous systems that can perform complex tasks independently) are becoming more powerful but also riskier, so Google developed the AI Control Roadmap, a 'defense-in-depth' security framework that combines traditional safeguards like sandboxing (isolating software to limit damage) with monitoring systems and permission controls to protect against agents that may not be perfectly aligned (trained to match human goals) with organizational values. The roadmap treats AI agents as potential insider threats and uses trusted AI supervisors to constantly monitor their reasoning and actions, blocking harmful behaviors before they occur.
Fix: The source describes Google's implemented mitigations within the AI Control Roadmap: (1) using other trusted AI systems as 'supervisors' to constantly monitor a working agent's reasoning, actions, and plans; (2) having supervisors step in to block harmful actions before damage occurs; and (3) continuously measuring performance using three metrics—coverage (fraction of traffic monitored), recall (fraction of misaligned behaviors caught), and time-to-response. The roadmap also employs traditional safeguards including sandboxing, endpoint security, and prompt injection resistance, plus granting AI agents permissions based on their verified behavior.
DeepMind Safety ResearchAI models can now discover vulnerabilities and create working exploits in hours, forcing organizations to adopt faster security practices that match AI speed rather than traditional weekly or monthly patching cycles. The Wiz Exposure Management Dashboard uses Continuous Threat Exposure Management (CTEM, a proactive strategy that continuously identifies, prioritizes, and validates the most critical attack paths) and AI-powered agents to help security teams automate vulnerability identification, prioritization, and remediation at machine speed to keep pace with AI-driven threats.
Cybersecurity executives are urging the Trump administration to reverse its ban on foreign nationals using Anthropic's latest AI models (Mythos 5 and Fable 5), arguing the restriction could help U.S. adversaries more than protect national security. Anthropic took these models offline to comply with the directive because the AI can find and exploit computer vulnerabilities better than human experts, but the executives' letter contends that other AI models have similar capabilities and that China's AI is rapidly catching up to American technology.
Fix: Google completed fixes to address this issue in v1.148.0, released April 15, 2026. Developers should upgrade to this fixed version of the SDK.
Palo Alto Unit 42OpenAI developed Deployment Simulation, a method that tests new AI models by replaying real conversations from previous deployments to see how the new model would behave before release. This approach helps identify unexpected problems and predict how often undesired behaviors might occur in real-world use, addressing limitations of traditional evaluation methods like coverage gaps and selection bias (favoring certain test scenarios over others).
The U.S. Department of Justice seized two websites, CFAKE.com and SOCFAKE.com, that hosted nonconsensual AI-generated nude images and videos of women, marking the first major enforcement action under the TAKE IT DOWN Act. Deepfakes (AI-generated or AI-manipulated media depicting people in ways that never occurred) of politicians, celebrities, and other public figures were shared on these sites, and the seizure resulted from a coordinated investigation involving U.S., Italian, and French authorities. The TAKE IT DOWN Act, signed into law in May 2025, makes it a federal crime to publish sexually explicit altered images without consent and requires online platforms to remove reported intimate images within 48 hours.
Fix: The TAKE IT DOWN Act (47 U.S.C. § 223) requires online platforms to remove reported intimate images and deepfakes within 48 hours of receiving a valid request from a victim. Violators are subject to fines, imprisonment, or both.
BleepingComputerThe U.S. Commerce Department used an export control directive to force Anthropic to take its Fable 5 and Mythos 5 AI models offline, citing national security concerns without providing specifics. Security experts argue the action was based on a misunderstanding of a guardrail bypass (a method to get an AI to ignore its safety restrictions) that cannot be meaningfully fixed without weakening the models' security capabilities, and they contend the government's intervention appears retaliatory rather than justified by technical merit.
Fix: The attack has been patched, though the source does not specify the patch version or detailed remediation steps.
Dark ReadingThe White House ordered Anthropic to block foreign access to its newly released AI models, Fable 5 and Mythos 5, after researchers discovered potential jailbreaks (methods to make the AI ignore its safety guidelines) that could be exploited for cyberattacks. Anthropic complied by shutting off access to both models for all users, though the company disagreed with the decision, arguing that a narrow security flaw shouldn't justify recalling models used by hundreds of millions of people.
Fix: Anthropic removed access to Fable 5 and Mythos 5 for all users in response to the government's legal directive.
The Verge (AI)