aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Industry News

New tools, products, platforms, funding rounds, and company developments in AI security.

to
Export CSV
2889 items

Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos

highnews
securityprivacy
Apr 25, 2026

A group of Discord users gained unauthorized access to Anthropic's Mythos Preview (a restricted AI model designed to find security vulnerabilities) by examining data from a breach of Mercor (an AI training startup) and making an educated guess about the model's online location based on Anthropic's known URL patterns. They exploited this access to build simple websites rather than conduct more harmful activities, potentially avoiding detection by Anthropic.

Wired (Security)

GPT-5.5 prompting guide

infonews
industry
Apr 25, 2026

OpenAI has released a prompting guide for GPT-5.5 (a new version of their language model), which includes tips for improving user experience and migrating existing code. One key recommendation is to send brief status updates to users before starting multi-step tasks, so long-running operations don't appear frozen. The guide also advises treating GPT-5.5 as a new model family rather than a drop-in replacement, suggesting developers start fresh with minimal prompts (instructions given to the AI) and gradually tune them for the new model instead of reusing old ones.

llm 0.31

infonews
industry
Apr 24, 2026

LLM version 0.31 adds support for the new GPT-5.5 model and introduces two new command-line options: one to control text verbosity (how much detail the AI outputs) for GPT-5+ models, and another to set image detail levels for images sent to OpenAI models. The release also registers models from a configuration file (extra-openai-models.yaml) as asynchronous (able to run multiple requests without waiting for each to finish).

OpenAI boss 'deeply sorry' for not telling police of mass shooting suspect's account

infonews
safetypolicy

Three reasons why DeepSeek’s new model matters

infonews
industry
Apr 24, 2026

DeepSeek released V4, an open-source AI model (software available for anyone to download and modify) that can process much longer text inputs than previous versions and offers performance comparable to top commercial models at significantly lower costs. The model comes in two versions: V4-Pro for complex coding tasks and V4-Flash for faster, cheaper operation, with both offering reasoning modes (where the model shows its step-by-step thinking). This release matters because it demonstrates that open-source models can compete with expensive commercial alternatives, potentially allowing developers to access advanced AI capabilities without high costs.

New US House privacy bills raise hard questions about enterprise data collection

infonews
policy
Apr 24, 2026

US House Republicans introduced two privacy bills (SECURE Data Act and GUARD Financial Data Act) that would create national privacy standards but weaken enforcement by eliminating private lawsuits and overriding stronger state privacy laws like California's. Privacy advocates criticize the bills as inadequate because their data minimization rules (the principle that companies should collect only necessary data and retain it only as long as needed) tie collection limits to what companies voluntarily disclose rather than imposing stricter necessity requirements.

Scattered Spider co-conspirator pleads guilty

infonews
security
Apr 24, 2026

Scattered Spider is a criminal gang that hacks into company computer systems to steal virtual currency, using social engineering attacks (tricks that manipulate people into revealing information) like SMS phishing (fake text messages with malicious links) and impersonating employees to deceive help desks. Despite several arrests in 2024, some members remain active and continue attacking businesses, so security leaders are being warned to stay alert.

CISA last in line for access to Anthropic Mythos

infonews
securitypolicy

Google to invest up to $40 billion in Anthropic as search giant spreads its AI bets

infonews
industry
Apr 24, 2026

Google is investing up to $40 billion in Anthropic, an AI company that competes with OpenAI, with an initial $10 billion upfront and the remaining $30 billion dependent on performance milestones. This investment is part of a broader partnership that includes providing Anthropic with computing resources and cloud infrastructure access. The funding addresses Anthropic's need to expand its infrastructure to handle growing demand for its Claude AI assistant.

Glasswing Secured the Code. The Rest of Your Stack Is Still on You

infonews
security
Apr 24, 2026

Organizations often have forgotten software integrations, unauthorized IT systems (shadow IT), and now hidden AI tools and agents scattered across their networks that they don't fully track or manage. Attackers can exploit these overlooked systems without needing advanced AI models, making security harder when companies don't know what's running in their own infrastructure.

Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents

infonews
securitypolicy

The Download: supercharged scams and studying AI healthcare

infonews
securityindustry

Elon Musk and Sam Altman’s court showdown will dish the dirt

infonews
policy
Apr 24, 2026

Elon Musk, who cofounded OpenAI but left after not becoming CEO, is suing the company and Sam Altman in a trial starting April 27th in Oakland, California. The lawsuit centers on claims that OpenAI committed fraud, though it also involves broader allegations of breach of contract and unfair business practices. This legal case is primarily about the conflict between Musk and Altman over control of the AI company.

Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine

infonews
securitysafety

Microsoft now lets admins uninstall Copilot on enterprise devices

infonews
securitypolicy

Trump Administration Vows Crackdown on Chinese Companies ‘Exploiting’ AI Models Made in US

infonews
securitypolicy

China’s DeepSeek previews new AI model a year after jolting US rivals 

infonews
industry
Apr 24, 2026

Chinese AI company DeepSeek released a preview of its new V4 model, which is open-source (publicly available code that anyone can use and modify) and claims to match the performance of closed-source (proprietary, not publicly available) AI systems from US companies like OpenAI and Google. The V4 model shows major improvements in coding tasks, which are important for AI agents (AI systems that can take actions independently), and works well with Chinese chip technology from Huawei.

Prestigious photo contest answers ‘what is a photo?’

infonews
industry
Apr 24, 2026

The World Press Photo competition, a prestigious photojournalism award, has established rules about the use of generative AI (software that creates images from text descriptions) to determine eligibility for entries. The 2026 winning photograph, "Separated by ICE" by Carol Guzy, had to comply with these AI-related rules, reflecting the competition's effort to define what qualifies as authentic photography in an era where AI-generated images are becoming common.

Cohere to acquire German AI company Aleph Alpha as it looks to expand in Europe

infonews
industry
Apr 24, 2026

Cohere, a Canadian AI company, announced plans to acquire German AI company Aleph Alpha to expand in Europe, with Aleph Alpha's backer Schwarz Group investing $600 million in Cohere's upcoming funding round. The acquisition aims to combine both companies' strengths to offer sovereign AI (customized AI systems that keep data and control within a specific country or region) to regulated sectors like government, finance, and defense, while giving European organizations alternatives to relying on single AI providers. The deal is expected to close in 2026, pending regulatory approval.

Copperhelm Raises $7 Million for Agentic Cloud Security Platform

infonews
industry
Apr 24, 2026

Copperhelm, an Israel-based startup, raised $7 million to develop an agentic cloud security platform, which uses AI agents (autonomous software programs that can make decisions and take actions independently) to monitor cloud environments, investigate threats, and automatically fix security problems in real time. The platform uses a proprietary component called Context Lake to help AI agents understand cloud data and make accurate security decisions, while keeping human security teams in control of the process. This approach is positioned as an alternative to manual cloud security work that typically requires large engineering teams.

Previous60 / 145Next

Fix: OpenAI recommends running the command "$openai-docs migrate this project to gpt-5.5" in Codex to upgrade existing code. For manual migration, OpenAI advises: begin with a fresh baseline instead of carrying over every instruction from older prompts, start with the smallest prompt that preserves the product contract, then tune reasoning effort, verbosity, tool descriptions, and output format against representative examples.

Simon Willison's Weblog
Simon Willison's Weblog
Apr 24, 2026

OpenAI's leader Sam Altman apologized for not reporting a ChatGPT account to police before a mass shooting in Canada killed eight people in January, even though the company had identified and banned the account for problematic usage. OpenAI stated it did not alert law enforcement because the account activity did not meet the company's threshold for showing a credible or imminent plan for serious physical harm. The company now faces lawsuits and a criminal investigation related to this incident and another shooting.

Fix: OpenAI has said it will strengthen its safety measures and will continue to focus on working with all levels of government to help ensure similar incidents do not happen again.

BBC Technology
MIT Technology Review
CSO Online
CSO Online
Apr 24, 2026

Anthropic's Claude Mythos, an AI model designed to find bugs in software, has been distributed to select government agencies and industry groups through a program called Project Glasswing, but the US cybersecurity agency CISA does not have access yet. Unauthorized users from a private Discord community have also gained access to Mythos and have been using it regularly, raising concerns since the model could potentially be used to discover and exploit software vulnerabilities.

CSO Online
CNBC Technology
Dark Reading
Apr 24, 2026

Agentic AI (artificial intelligence systems that can make decisions and take actions without human intervention) is becoming a major cybersecurity concern because the same capabilities that help defenders also empower attackers to launch autonomous, adaptive, and large-scale attacks. The industry is responding by treating AI systems as identities (entities with credentials and access permissions) rather than separate tools, and using identity threat detection to monitor their behavior for suspicious activity.

Fix: The source recommends treating agentic AI as an identity and using identity threat detection and risk mitigation solutions as the main defense. This approach combines adaptive verification, behavioral analytics, device intelligence, and risk scoring in a unified platform to enable behavioral visibility, risk-based controls, unified policy enforcement across human and machine identities, and lifecycle management to prevent orphaned or unmanaged agents.

SecurityWeek
Apr 24, 2026

Cybercriminals are increasingly using LLMs (large language models, AI systems trained on massive amounts of text) to launch faster and cheaper attacks, including phishing emails (deceptive messages designed to steal information), deepfakes (AI-generated fake videos or images), and automated vulnerability scans (tools that search for security weaknesses). Meanwhile, AI tools are being deployed in healthcare for tasks like note-taking, reviewing patient records, and interpreting medical images, but researchers still don't know whether using these tools actually leads to better health outcomes for patients.

MIT Technology Review
The Verge (AI)
Apr 24, 2026

AI agents create a security challenge called the 'Authority Gap' because they inherit permissions from the humans and systems that activate them, rather than having their own independent authority. The article argues that enterprises cannot safely govern AI agents unless they first reduce 'identity dark matter' (hidden credentials and unmanaged permissions scattered across systems) in their traditional users and software, and then use continuous observability (real-time monitoring of who is doing what) to dynamically control what authority agents receive based on who is delegating to them and the context of their actions.

The Hacker News
Apr 24, 2026

Microsoft has released a new policy setting called RemoveMicrosoftCopilotApp that allows IT administrators to uninstall Copilot (an AI-powered digital assistant) from enterprise Windows devices, available after the April 2026 Patch Tuesday security update. The policy can be deployed through Group Policy or Policy CSP (configuration service provider, a system for managing Windows settings remotely) on devices managed by Microsoft Intune or SCCM (System Center Configuration Manager, enterprise management tools), and applies only to Windows 11 version 25H2 where users haven't launched Copilot in the last 28 days. Users can still reinstall Copilot if they choose to after it is uninstalled by the policy.

Fix: To enable the RemoveMicrosoftCopilotApp policy, open the Group Policy Editor and navigate to either '/User/Vendor/MSFT/Policy/Config/WindowsAI/RemoveMicrosoftCopilotApp' or '/Device/Vendor/MSFT/Policy/Config/WindowsAI/RemoveMicrosoftCopilotApp'. When enabled, this policy will uninstall the Microsoft Copilot app from devices in the organization in a non-disruptive way. This setting applies to Enterprise, Professional, and Education client SKUs only.

BleepingComputer
Apr 24, 2026

The Trump administration is announcing plans to prevent foreign companies, especially those in China, from using 'model extraction attacks' (techniques that steal capabilities from U.S.-made AI systems by training weaker AI models on the outputs of stronger ones) to copy American AI innovations. The administration says it will work with U.S. AI companies to identify these extraction activities, build defenses, and punish offenders, while Congress is also proposing legislation to identify and sanction foreign actors who extract features from closed-source U.S. AI models.

SecurityWeek
The Verge (AI)
The Verge (AI)
CNBC Technology
SecurityWeek