New tools, products, platforms, funding rounds, and company developments in AI security.
A fake repository on Hugging Face (a platform for sharing AI models) impersonated OpenAI's Privacy Filter model and tricked 244,000 users into downloading malware disguised as a legitimate tool. The malicious repository copied the real project's description verbatim and included a loader script that deployed an information stealer, a type of malware that harvests sensitive data like passwords, screenshots, and cryptocurrency wallet information from Windows machines.
Fix: Access to the malicious model has since been disabled by Hugging Face.
The Hacker NewsOpenAI is launching the OpenAI Deployment Company, a new business unit staffed with Forward Deployed Engineers (FDEs, specialists in integrating AI systems into organizations) to help businesses build and deploy AI technology across their operations. The company, backed by $4 billion in initial investment and partnerships with major investment firms and consulting companies, acquired Tomoro to bring approximately 150 experienced FDEs on board and aims to help organizations redesign workflows and infrastructure around AI to achieve measurable results.
Attackers are running a malware campaign that uses Google Ads and fake Claude.ai shared chats to trick Mac users searching for Claude into downloading malware. The malicious chats pretend to be official installation guides and trick users into pasting commands in Terminal that download and run hidden malware, which steals browser passwords, cookies, and data from macOS Keychain (the system that stores passwords and sensitive information on Macs).
Ollama, a popular framework for running large language models locally, has a critical out-of-bounds read vulnerability (CVE-2026-7482, CVSS score 9.1) that allows attackers to leak sensitive data like API keys and conversation history from process memory by uploading a specially crafted GGUF file (a file format for storing language models). The vulnerability affects versions before 0.17.1 and potentially impacts over 300,000 servers globally.
This article describes a legal trial between Elon Musk and OpenAI's leadership taking place in Oakland, focusing on disputes over the future of artificial intelligence. The piece is a journalistic account of the courtroom drama, featuring prominent tech figures and highlighting tensions between wealthy individuals and companies in the AI industry.
A fake OpenAI repository on Hugging Face (a platform where developers share AI models and code) disguised itself as a legitimate project and tricked users into downloading a malicious loader script that steals sensitive data like passwords, cryptocurrency wallets, and browser cookies. The fake repository reached the top of Hugging Face's trending list with 244,000 downloads before the platform removed it after researchers reported the threat.
This article covers week two of a lawsuit where Elon Musk is suing OpenAI and its leaders, claiming they broke promises to keep the company as a nonprofit dedicated to safe AI development. OpenAI's president Greg Brockman countered that Musk actually pushed for the company to become for-profit and wanted majority control, and that Musk is suing because he left the company in 2018 and now sees it as a competitor to his own AI company, xAI (an artificial intelligence system). Musk is seeking $134 billion in damages and wants to remove the current leadership and undo OpenAI's recent restructuring.
This article discusses using HTML instead of Markdown when requesting output from Claude, an AI assistant. HTML allows Claude to create richer explanations by including SVG diagrams, interactive widgets, and better navigation, which was less practical with older language models that had strict token limits (tokens being units of text that count toward a model's processing capacity).
Sony views generative AI (machine learning systems that can create new content like images or text) as a useful tool for game development, particularly for automating repetitive tasks. The company emphasizes that AI should enhance developer creativity rather than replace human talent, and that the artistic vision and emotional impact of games will continue to come from Sony's studios and performers.
Court documents from a lawsuit between Elon Musk and Sam Altman revealed that Microsoft's executives were worried OpenAI might leave to work with Amazon instead and publicly criticize Microsoft's cloud service (Azure, Microsoft's platform for running applications online). The documents show communications between Microsoft CEO Satya Nadella and OpenAI CEO Sam Altman from 2017 when they were beginning to discuss a partnership to fund OpenAI's AI research.
This article discusses the chaotic leadership transition at OpenAI in 2024, when Sam Altman was removed as CEO under unclear circumstances involving video calls and informal communications between current and former leadership. The situation's complexity is now being revealed through an ongoing legal dispute between Elon Musk and Altman.
Claude in Chrome, Anthropic's browser extension, has a bug called ClaudeBleed that allows malicious extensions to hijack it and trick it into performing unauthorized actions like stealing files, sending emails, or stealing code from private repositories. The vulnerability exists because the extension trusts any script from its origin (claude.ai) without checking who is actually running it, breaking Chrome's normal security model. Anthropic released a partial fix in version 1.0.70 on May 6, but researchers found the vulnerability can still be exploited by switching the extension to privileged mode.
A vulnerability called ClaudeBleed in the Claude extension for Chrome allows attackers to take over the AI agent by exploiting weak permission checks and improper trust verification. The flaw lets any malicious Chrome extension send commands to Claude and use prompt injection (tricking the AI by hiding instructions in its input) to control its actions, potentially stealing data from Gmail or Google Drive or sending emails on the user's behalf.
This article discusses how major tech companies like Palantir and Anthropic are using fashion and lifestyle products as marketing tools to build their brand image and appear more culturally sophisticated. The piece describes examples such as Palantir selling a $239 branded denim jacket made in Montana and Anthropic taking over a coffee shop, suggesting these companies are attempting to appeal to customers and the public through lifestyle branding rather than traditional tech marketing.
Fix: Update to Ollama version 0.17.1 or later. Additionally, the source recommends: limit network access to Ollama instances, audit running instances for internet exposure, isolate and secure them behind a firewall, and deploy an authentication proxy or API gateway in front of all Ollama instances since the REST API does not provide authentication by default.
The Hacker NewsFix: Users who downloaded files from the malicious repository are advised to reimage the machine (completely reinstall the operating system), rotate all stored credentials, replace cryptocurrency wallets and seed phrases, and invalidate browser sessions and tokens.
BleepingComputerAI models can now autonomously discover zero-day vulnerabilities (previously unknown security flaws), create working exploits, and combine multiple weaknesses together, making vulnerabilities appear faster and get exploited more quickly than before. Organizations need to respond by acting faster to identify and fix vulnerabilities, and by having complete visibility across their entire environment (cloud systems, code, infrastructure, and software supply chain). The framework recommends reducing unnecessary exposure, prioritizing what can actually be exploited, patching quickly, and using AI-driven scanning to continuously validate every exposed system.
Fix: The source recommends a four-pillar framework but does not describe explicit fixes or patches. The closest guidance is: 'organizations need to move faster in how they assess exposure, prioritize what matters, and remediate issues before they can be exploited,' and 'scan every exposure with AI' to 'continuously scan every exposure, determine whether it can be exploited.' The source also cites the Firefox team as an example: 'after scanning with Mythos, the Firefox team fixed more security bugs in April than they had in the entire previous year.' However, no specific software update, patch version, or concrete mitigation technique is provided in the text.
Wiz Research BlogAnthropic released Mythos, an AI model that can find thousands of previously unknown software vulnerabilities (flaws in code that haven't been patched yet), which sparked concern among banks, governments, and tech companies about a new wave of AI-enabled cyberattacks. However, cybersecurity experts say this vulnerability-finding capability already exists in older, publicly available AI models from Anthropic and OpenAI, and can be achieved through orchestration (coordinating multiple tools or models to work together on a task).
OpenAI's Codex is a coding agent that can autonomously perform tasks like reviewing code and running commands, which creates security risks that need careful control. To deploy Codex safely, OpenAI uses sandboxing (technical boundaries limiting where the agent can write and what it can access), approval policies (requiring human review for risky actions), network restrictions (blocking unexpected connections), and audit logging (recording what the agent does). These controls work together to let Codex move quickly on routine, low-risk tasks while stopping for review on higher-risk actions.
Fix: OpenAI's explicit mitigations include: sandboxing to define execution boundaries, approval policies requiring human review for higher-risk actions, auto-approval mode for routine low-risk requests, managed network policies (allowing expected destinations and blocking unwanted ones), secure credential storage in the OS keyring, forcing authentication through ChatGPT tied to enterprise workspace controls, command rules that allow benign commands without approval but block or require approval for dangerous commands, and agent-native telemetry and audit trails for visibility into agent behavior.
OpenAI BlogFix: Anthropic released version 1.0.70 on May 6 with added security checks that prevent extensions from executing remote commands in standard mode. The company also stated that 'a fix that removes the affected message handler has been merged and will ship in an upcoming extension release,' though the source notes this promised fix did not fully materialize in version 1.0.70.
CSO OnlineMajor tech companies like Meta and Google are racing to develop AI agents (AI tools that can perform tasks for users rather than just answer questions), following the viral success of OpenClaw earlier this year. While AI agents promise major business benefits through increased user engagement and revenue opportunities, significant security and governance challenges remain unresolved, particularly the risk of agents "doing the wrong thing" rather than just saying the wrong thing.
Model Context Protocol (MCP, a plugin system that lets AI agents connect to external tools) has become a major security blind spot because organizations aren't scanning for or monitoring MCP risks, leaving them vulnerable to attacks that exploit supply chain vulnerabilities, exposed credentials, and malicious AI tool installations. The article highlights how attackers can compromise widely-trusted MCP packages (like the postmark-mcp npm package that exfiltrated emails from 300 organizations) and how developers often hardcode sensitive credentials into AI configurations, making MCP a vehicle for old attack types (like supply chain attacks and credential theft) to cause new damage.
Penetration tests (security checks where experts try to break into systems) show that AI and large language model (LLM, advanced AI systems trained on huge amounts of text) systems have significantly more high-risk security flaws than traditional software, with 32% of AI findings rated high-risk compared to 13% for legacy systems. LLM vulnerabilities are also fixed less often, with only 38% of high-risk issues resolved, and experts attribute this to AI systems being deployed quickly without mature security controls, newer attack surfaces like prompt injection (tricking an AI by hiding instructions in its input), and unclear responsibility for fixing problems across teams.
Fix: Anthropic released a patch that added internal security checks to prevent extensions running in 'standard' mode from executing remote commands. However, LayerX noted this fix only partially addressed the issue, as attackers can switch the extension to 'privileged' mode to bypass the protection, and users are not notified or asked to approve this mode switch.
SecurityWeek