aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Industry News

New tools, products, platforms, funding rounds, and company developments in AI security.

to
Export CSV
2889 items

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

criticalnews
security
Apr 28, 2026

LeRobot, Hugging Face's open-source robotics platform, has a critical unpatched vulnerability (CVE-2026-25874, CVSS score 9.3) that allows unauthenticated attackers to execute arbitrary code by sending malicious data through unencrypted network connections. The flaw stems from unsafe deserialization (a process of converting data back into code without properly checking if it's trustworthy) using pickle, an unsafe data format, which enables attackers to compromise the server, steal sensitive data, or impact connected robots.

Fix: A fix is planned in version 0.6.0. The LeRobot team acknowledged the issue in January 2026 and noted that the vulnerable part of the codebase will need to be almost entirely refactored.

The Hacker News

Google and Pentagon reportedly agree on deal for ‘any lawful’ use of AI

infonews
policy
Apr 28, 2026

Google has reportedly signed a classified agreement allowing the US Department of Defense to use its AI models for 'any lawful government purpose,' despite employee concerns about potential harmful uses. This deal places Google alongside other AI companies like OpenAI and xAI that have made similar classified agreements with the government.

What Anthropic’s Mythos Means for the Future of Cybersecurity

infonews
securitysafety

Attack of the killer script kiddies

infonews
securityresearch

After Mythos: New Playbooks For a Zero-Window Era

infonews
securitysafety

Securing RAG pipelines in enterprise SaaS

infonews
securitysafety

What CISOs need to get right as identity enters the agentic era

infonews
securitypolicy

CrowdStrike Expands ChatGPT Enterprise Integration with Enhanced Audit Logging and Activity Monitoring

infonews
securitypolicy

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

highnews
security
Apr 28, 2026

Microsoft fixed a security flaw in Entra ID (Microsoft's identity management system) where the Agent ID Administrator role, meant for AI agents, could be abused to take over service principals (accounts that applications use to authenticate). An attacker with this role could become the owner of any service principal and add their own credentials, potentially gaining broad control over a tenant (organization's cloud environment) if the targeted service principal had elevated permissions.

Meta, Google, OpenAI among Big Tech firms seeing top staff leaving to launch AI startups

infonews
industry
Apr 28, 2026

Top researchers from major AI companies like Google DeepMind, Meta, and OpenAI are leaving to start their own AI startups, which are raising hundreds of millions of dollars in funding. These new companies can focus on research areas that large tech firms deprioritize, such as new AI architectures and interpretability (understanding how AI systems make decisions), giving them a competitive advantage in the rapidly growing AI market.

Jury selection in Musk v. Altman: ‘People don’t like him’

infonews
industry
Apr 27, 2026

This is not an AI/LLM-related item. The content describes jury selection in a legal case between Elon Musk and Sam Altman over OpenAI disputes, focusing on prospective jurors' negative personal opinions about Musk. It does not discuss any AI technology, security vulnerabilities, or technical issues related to large language models or AI systems.

Introducing talkie: a 13B vintage language model from 1930

infonews
research
Apr 27, 2026

Researchers have created talkie, a 13 billion-parameter language model (a neural network with 13 billion adjustable values) trained entirely on English text from before 1931 to study how AI performs on historical knowledge and invention tasks. The base model uses only out-of-copyright data, but the chat version required fine-tuning (additional training to adjust behavior) with help from modern AI systems like Claude, which introduced some knowledge from after 1931 that the researchers are working to eliminate.

Our commitment to community safety

infonews
safetypolicy

OpenAI models, Codex, and Managed Agents come to AWS

infonews
industry
Apr 27, 2026

OpenAI and AWS have expanded their partnership to make OpenAI's models, including GPT-5.5, available through Amazon Bedrock (AWS's managed service for using AI models). This integration lets enterprises use OpenAI's capabilities within their existing AWS security systems, workflows, and infrastructure, with three new offerings: OpenAI models on AWS, Codex (a coding assistant used by over 4 million people weekly) on AWS, and Amazon Bedrock Managed Agents for building AI agents that can execute multi-step workflows.

Elon Musk and Sam Altman are going to court over OpenAI’s future

infonews
policy
Apr 27, 2026

Elon Musk is suing OpenAI CEO Sam Altman and president Greg Brockman, alleging they deceived him into funding the company by promising to keep it as a nonprofit focused on beneficial AI, then secretly restructured it into a for-profit operation. The trial could determine whether OpenAI can operate as a for-profit company and may result in removing current leadership or forcing the company back to nonprofit status. The case highlights a fundamental conflict over OpenAI's mission: whether it should prioritize open-source AI for public benefit or operate for financial gain to fund more advanced development.

Canonical lays out a plan for AI in Ubuntu Linux

infonews
industry
Apr 27, 2026

Canonical, the company behind Ubuntu Linux (a popular operating system), plans to add AI features to its system over the next year. These features will work in two ways: some will improve existing system functions quietly in the background, while others will be designed specifically for users who want AI-powered tools and workflows. The features will include accessibility improvements like better speech-to-text conversion and other AI-powered capabilities.

Tracking the history of the now-deceased OpenAI Microsoft AGI clause

infonews
policy
Apr 27, 2026

Microsoft and OpenAI had a contract clause stating that if AGI (artificial general intelligence, meaning AI systems that outperform humans at most economically valuable work) was achieved, Microsoft would lose its commercial rights to OpenAI's technology. On April 27, 2026, this clause effectively ended when Microsoft's license became non-exclusive and Microsoft stopped paying revenue shares to OpenAI, with payments continuing regardless of technological progress.

Google employees ask Sundar Pichai to say no to classified military AI use

infonews
policysafety

OpenAI shakes up partnership with Microsoft, capping revenue share payments

infonews
industry
Apr 27, 2026

OpenAI and Microsoft announced a revised partnership agreement that allows OpenAI to cap its revenue share payments to Microsoft and serve customers through any cloud provider, not just Microsoft Azure. Previously, OpenAI was restricted to primarily using Microsoft's cloud services, but the new deal lets OpenAI work with competitors like Amazon and Google while maintaining Microsoft as its primary provider through 2030.

This bank CEO let his AI clone handle an earnings call — now he's signing an OpenAI deal

infonews
industry
Apr 27, 2026

Customers Bank CEO Sam Sidhu revealed that an AI clone (a digital voice generated to sound like him) delivered his prepared remarks during an earnings call, then announced a partnership with OpenAI to automate banking processes like loan approvals and account openings. The bank plans to deploy AI agents (software that can make decisions and take actions with minimal human input) across lending, deposits, and payments over the next 6-12 months, with goals including reducing loan processing time from 30-45 days to 7 days and account opening time to under 20 minutes.

Previous58 / 145Next
The Verge (AI)
Apr 28, 2026

Anthropic announced Claude Mythos Preview, an AI model that can autonomously find and weaponize software vulnerabilities (weaknesses in code that attackers can exploit) without human expert help, though the company is limiting its release to avoid security risks. The announcement highlights how AI capabilities have advanced rapidly over recent years, raising concerns about how cybersecurity defenses can adapt to AI-powered vulnerability discovery.

Fix: The source recommends protecting systems in different ways based on their characteristics: unpatchable or hard-to-verify systems (like IoT appliances and industrial equipment) should be protected by wrapping them in restrictive, tightly controlled firewall layers rather than allowing them to freely connect to the internet. Distributed systems that are interconnected should be traceable and should follow the principle of least privilege, where each component has only the access it needs.

Schneier on Security
Apr 28, 2026

At DARPA's Artificial Intelligence Cyber Challenge, AI-powered bug-finding systems (automated tools that scan code to detect flaws) successfully identified most artificially inserted vulnerabilities in 54 million lines of code, and notably discovered over a dozen real bugs that weren't part of the test. This demonstrates that AI security tools are becoming increasingly capable at finding both known and unknown vulnerabilities in software.

The Verge (AI)
Apr 28, 2026

AI models like Claude Mythos can now discover software vulnerabilities in minutes instead of weeks, shrinking the time organizations have to patch (the exploit window) to nearly zero. Because traditional patching is no longer fast enough, security teams need to adopt an "assume-breach" model that focuses on detecting and containing attacks in real time using Network Detection and Response (NDR, automated tools that monitor network traffic for suspicious behavior) rather than relying on patching alone.

Fix: The source recommends implementing an assume-breach operational model with three requirements: (1) detect post-breach behavior before threats spread, (2) reconstruct the complete attack chain quickly, and (3) contain threats rapidly. Specifically, organizations should prioritize reducing mean-time-to-contain (MTTC, the time from detecting a breach to stopping it) by establishing real-time, comprehensive network visibility. The source states that "Network Detection and Response (NDR) platforms play a crucial role in identifying these subtle indicators of compromise" by continuously monitoring network traffic for unusual behavior such as unexpected admin shares, authentication protocol mismatches, and lateral movement attempts.

The Hacker News
Apr 28, 2026

RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions) pipelines in enterprise software allow AI agents to access company data like internal wikis and CRM records, but this creates serious security risks including data leaks, unauthorized access to personal information, and prompt injection attacks (tricking an AI by hiding instructions in its input). Recent real-world attacks have exploited RAG systems through unclicked emails, exposed database access keys, hidden malicious text in code repositories, and poisoned knowledge bases to steal data or spread false information.

CSO Online
Apr 28, 2026

As AI agents become more common, security leaders (CISOs, Chief Information Security Officers) face new challenges because these non-human identities are harder to track and verify than human users, and traditional security signals no longer work. The source recommends treating identity as the foundation of security architecture, with advice including maintaining clean directories, creating complete inventories of non-human identities (AI agents and service accounts), enforcing least privilege access (giving users only the permissions they need), using phishing-resistant authentication methods beyond SMS, and assuming that credentials may be compromised.

Fix: The source recommends several specific steps: (1) 'Build a strong foundation before layering on complexity' by getting 'clean directories, enforced least privilege, and reliable offboarding processes' in place; (2) 'Design for the new class of identities' by starting 'from least privilege rather than from legacy'; (3) 'Get your non-human identity inventory in order' by building 'a full inventory of non-human identities and include who is responsible for each identity, and what each one is authorized to do'; (4) 'Treat MFA as a starting point, not a destination' by including 'phishing-resistant alternatives to SMS or push-based MFA' along with 'least privilege, micro-segmentation, and continuous monitoring'; and (5) 'Assume credentials may be compromised and architect accordingly.'

CSO Online
Apr 28, 2026

CrowdStrike has expanded its ChatGPT Enterprise integration to provide deeper monitoring of how organizations use AI, including tracking user authentication, administrative changes, tool usage, and conversations. As AI becomes embedded in business operations across departments, security teams need visibility into not just who has access to ChatGPT Enterprise, but how the platform is actually being used and what data might be accessed. The expanded integration uses OpenAI's logging capabilities to detect suspicious activity like unusual login patterns and behavioral anomalies, shifting from just knowing the configuration of AI systems to actively monitoring their real-time usage.

Fix: Organizations can use CrowdStrike Falcon Shield's expanded ChatGPT Enterprise integration, which ingests and analyzes events from OpenAI's Compliance Logs Platform to provide continuous monitoring and detection. According to the source, this enables detection of suspicious authentication activity (malicious IP access, anonymized connections, unusual VPN sign-ins), behavioral anomalies (simultaneous logins from untrusted networks, unexpected browser or OS changes), and monitoring of administrative updates and GPT configuration changes. The integration correlates ChatGPT Enterprise activity with identity, device, and SaaS telemetry across the CrowdStrike Falcon platform to detect and respond to suspicious AI activity.

CrowdStrike Blog

Fix: Microsoft rolled out a patch on April 9, 2026 across all cloud environments. Following the fix, any attempt to assign ownership over non-agent service principals using the Agent ID Administrator role is now blocked and displays a "Forbidden" error message. Organizations are also advised to monitor sensitive role usage related to service principal ownership or credential changes, track service principal ownership changes, secure privileged service principals, and audit credential creation on service principals.

The Hacker News
CNBC Technology
The Verge (AI)

Fix: The talkie team states they 'aspire to eventually move beyond this limitation' by using 'vintage base models themselves as judges to enable a fully bootstrapped era-appropriate post-training pipeline,' meaning they plan to use talkie's own historical knowledge rather than modern AI systems for future training adjustments. However, this is described as a future goal, not a solution currently implemented.

Simon Willison's Weblog
Apr 27, 2026

OpenAI describes its safety approach for ChatGPT to prevent misuse for violence, threats, or harm. The system is trained to distinguish between harmful requests and legitimate questions about violence for educational or historical reasons, while using detection systems and expert guidance to identify concerning patterns across conversations and take action like revoking access when needed.

OpenAI Blog
OpenAI Blog
MIT Technology Review
The Verge (AI)
Simon Willison's Weblog
Apr 27, 2026

Over 600 Google employees, including many from DeepMind (Google's AI research lab), signed a letter asking CEO Sundar Pichai to prevent the Pentagon from using Google's AI models for classified purposes (secret military projects). The employees argue that the only way to ensure Google isn't associated with potential harms from such uses is to reject these classified projects entirely, since otherwise they could happen without employee knowledge or oversight.

The Verge (AI)
CNBC Technology
CNBC Technology