aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Industry News

New tools, products, platforms, funding rounds, and company developments in AI security.

to
Export CSV
2901 items

OpenAI pulls back from Stargate Norway data center deal as Microsoft takes over

infonews
industry
Apr 15, 2026

OpenAI has withdrawn from a deal to rent computing capacity directly from a Norwegian data center facility called Stargate Norway, with Microsoft taking over the capacity instead. OpenAI will now rent computing power from Microsoft instead, which the company says makes more financial sense since it already has a $250 billion contract with Microsoft's cloud service Azure (a cloud computing platform). This pullback is part of OpenAI's broader shift to manage spending expectations as it prepares for a potential public stock offering.

CNBC Technology

Copilot and Agentforce fall to form-based prompt injection tricks

highnews
security
Apr 15, 2026

Security researchers discovered prompt injection vulnerabilities (attacks where malicious instructions are hidden in user input to trick an AI into executing them) in Microsoft Copilot Studio and Salesforce Agentforce that allow attackers to steal sensitive data like customer names, addresses, and phone numbers. Both vulnerabilities exploit the fact that these AI agents cannot distinguish between trusted system instructions and untrusted user input, allowing attackers to override the agent's original purpose and exfiltrate data to external servers.

Retaining defensive advantage in the age of frontier AI cyber capabilities 

inforegulatory
policysecurity

Microsoft, Salesforce Patch AI Agent Data Leak Flaws

highnews
security
Apr 15, 2026

Salesforce and Microsoft recently fixed two prompt injection vulnerabilities (security flaws where attackers hide malicious instructions in text inputs to trick AI systems) in their AI agent products, Agentforce and Copilot. These flaws could have allowed external attackers to access and steal sensitive data from users.

Deterministic + Agentic AI: The Architecture Exposure Validation Requires

infonews
securityindustry

Grok’s sexual deepfakes almost got it banned from Apple’s App Store. Almost. 

infonews
safetypolicy

The next evolution of the Agents SDK

infonews
industry
Apr 15, 2026

OpenAI introduced new capabilities to the Agents SDK, a toolkit for developers building AI agents that can work with files and run commands on computers. The update includes a model-native harness (a framework optimized for OpenAI models) and native sandbox execution (a controlled, isolated computer environment where agents can safely run code and access files). The SDK aims to bridge the gap between flexibility and production-readiness by providing developers with standardized infrastructure that keeps agents aligned with how frontier models (the most advanced AI models available) work best.

The deepfake dilemma: From financial fraud to reputational crisis

infonews
securitysafety

The Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought

infonews
safetypolicy

7 biggest healthcare security threats

infonews
security
Apr 15, 2026

Healthcare organizations face a major surge in cyberattacks, particularly ransomware (malware that locks data until payment is made), phishing (tricking people into revealing credentials), and web application attacks, made worse by rushed digitalization during COVID-19 and reliance on vulnerable systems. The threat is amplified because healthcare uses increasingly connected devices like implantable heart monitors and wearable sensors that transmit patient data, creating both efficiency gains and expanded attack surfaces that many under-resourced organizations struggle to secure.

Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action

infonews
securityindustry

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

infonews
securityindustry

Curity looks to reinvent IAM with runtime authorization for AI agents

infonews
securitypolicy

April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

infonews
security
Apr 14, 2026

April's Patch Tuesday includes 167 security updates, with three particularly critical issues: a zero day (actively exploited vulnerability) in Microsoft SharePoint that allows attackers to spoof (impersonate) the service and access sensitive data, a critical SQL injection vulnerability (a type of attack where malicious code is inserted into database queries) in a SAP product, and a 9.8 CVSS score (a 0-10 severity rating) vulnerability in Windows Internet Key Exchange (IKE, a protocol for secure communications) that could let attackers run remote code. Security teams are urged to prioritize patching these actively exploited flaws in widely-used applications rather than relying solely on severity scores.

Secure AI agent access patterns to AWS resources using Model Context Protocol

infonews
securitypolicy

5 trends defining the future of AI-powered cybersecurity

infonews
securityindustry

In the Wake of Anthropic’s Mythos, OpenAI Has a New Cybersecurity Model—and Strategy

infonews
securitypolicy

Anthropic co-founder confirms the company briefed the Trump administration on Mythos

infonews
policyindustry

The attacks on Sam Altman are a warning for the AI world

infonews
safetypolicy

DA wants Sam Altman arson suspect Daniel Moreno-Gama held without bail

infonews
security
Apr 14, 2026

A 20-year-old man was arrested for allegedly throwing a Molotov cocktail (an improvised incendiary weapon) at OpenAI CEO Sam Altman's home and threatening to burn down OpenAI's headquarters because of his opposition to AI technology. The suspect possessed a document listing names and addresses of other AI executives and warned of humanity's extinction from AI, leading prosecutors to request he be held without bail due to public safety concerns.

Previous70 / 146Next

Fix: Microsoft patched CVE-2026-21520 following disclosure, with the mitigation carried out internally and no further action required from users. The source notes that both vulnerabilities highlight a baseline need for treating all external inputs as untrusted and enforcing input validation, least-privilege access (giving systems only the minimum permissions they need), and strict controls on actions like outbound email, though no specific patch details are provided for the Salesforce vulnerability.

CSO Online
Apr 15, 2026

Frontier AI models (cutting-edge artificial intelligence systems) are becoming better at finding vulnerabilities (weaknesses in code that attackers can exploit), which creates both opportunity and risk. While AI can help organizations identify and fix these weaknesses, attackers can now use AI to discover and exploit vulnerabilities faster and cheaper than before, putting pressure on organizations to patch systems quickly. The recommended defense is for organizations to follow established best practices from the National Cyber Security Centre, including reducing unnecessary exposure to attack, applying security updates rapidly, and monitoring for malicious activity.

Fix: Organizations should follow established good practices set out by the National Cyber Security Centre, which include: reducing unnecessary exposure to attack, applying security updates rapidly, and monitoring for and quickly responding to malicious activity detected. Additionally, organizations should pursue government-backed certifications such as Cyber Essentials, and access guidance and tools available on the NCSC website.

UK NCSC
Dark Reading
Apr 15, 2026

Organizations are rapidly adopting AI for security testing, but fully agentic AI systems (where AI makes all decisions from start to finish) create a problem: they produce different results each time they run, making it impossible to tell if security actually improved or if the AI just tried a different approach. The source argues that a hybrid model works better, where deterministic logic (fixed, repeatable sequences) defines how security tests execute, while AI enhances specific parts like adapting payloads and interpreting what it finds.

The Hacker News
Apr 15, 2026

Apple threatened to remove Elon Musk's AI app, Grok, from its App Store in January because it wasn't stopping nonconsensual sexual deepfakes (fake sexually explicit images created using AI) from spreading on X. Apple contacted the developers behind X and Grok and asked them to create a plan to improve their content moderation (systems for reviewing and removing harmful material).

Fix: Apple demanded that the developers 'create a plan to improve content moderation,' according to a letter the company sent to US senators.

The Verge (AI)

Fix: The Agents SDK includes several built-in protections: 'Separating harness and compute helps keep credentials out of environments where model-generated code executes.' The SDK also supports 'built-in snapshotting and rehydration' so 'the Agents SDK can restore the agent's state in a fresh container and continue from the last checkpoint if the original environment fails or expires.' Additionally, developers can configure sandbox execution with 'Blaxel, Cloudflare, Daytona, E2B, Modal, Runloop, and Vercel' providers, and the SDK provides a 'Manifest abstraction for describing the agent's workspace' to control access to files and data.

OpenAI Blog
Apr 15, 2026

Deepfake technology (AI-generated fake audio or video of people) has become cheap, accessible, and realistic enough to fool many employees and executives, with 43% of cybersecurity leaders experiencing audio deepfakes and 37% experiencing video deepfakes in 2025. Deepfakes are now used for financial fraud (by impersonating executives to approve fund transfers) and reputational attacks (by spreading false videos to damage trust with investors and customers), and traditional ways of spotting fakes, like looking for obvious flaws, no longer work reliably.

CSO Online
Apr 15, 2026

Teenage boys are using AI "nudify" apps to create deepfake sexual imagery (fake nude photos or videos created by AI) of their female classmates, which are then shared on social media and messaging apps. Since 2023, this has affected over 600 students across at least 28 countries and nearly 90 schools, with the true scale likely much higher. The explicit imagery involving minors constitutes child sexual abuse material (CSAM), and schools and law enforcement are often unprepared to respond to these serious incidents.

Wired (Security)
CSO Online
Apr 15, 2026

Mallory is a new AI-powered threat intelligence platform (a system that gathers and analyzes information about cyber threats) designed to help security teams quickly understand which threats are actually dangerous to their organization. Instead of overwhelming teams with alerts, the platform analyzes thousands of threat sources, checks them against each company's specific vulnerabilities, and provides prioritized actions that security teams can take immediately.

CSO Online
Apr 15, 2026

OpenAI launched GPT-5.4-Cyber, a specialized AI model designed to help security teams find and fix vulnerabilities faster, while expanding access through its Trusted Access for Cyber program to thousands of defenders and hundreds of teams. The company acknowledged that AI models are dual-use tools (meaning they can be repurposed for both good and bad purposes) and that adversaries could potentially reverse-engineer the model to find exploitable vulnerabilities before they're fixed, so OpenAI plans to scale defenses alongside access by strengthening safeguards against jailbreaks (techniques to bypass safety restrictions) and adversarial prompt injections (tricking an AI by hiding malicious instructions in its input).

Fix: OpenAI's stated approach includes: (1) a deliberate, iterative rollout of access to minimize misuse, (2) strengthening safeguards through ongoing work against jailbreaks and adversarial prompt injections as model capabilities advance, and (3) integrating advanced coding models and agentic capabilities (AI systems that can take independent actions to solve problems) into developer workflows to enable immediate feedback during the software development process, shifting security from occasional audits to continuous, ongoing risk reduction.

The Hacker News
Apr 14, 2026

Traditional identity and access management (IAM) tools, which control who can access systems and resources, were not designed to secure AI agents (autonomous software programs that perform tasks independently), which operate at high speed with unpredictable access patterns. Curity announced Access Intelligence, a new security layer that grants agent permissions at runtime (during execution, not beforehand) and uses OAuth tokens (credentials that allow access to specific resources) to carry information about each agent's purpose, ensuring agents can only access resources matching their intended task.

CSO Online

Fix: For the Windows IKE vulnerability (CVE-2026-33824), Microsoft recommends two temporary mitigations for admins who cannot immediately install the security update: (1) block inbound traffic on UDP ports 500 and 4500 for systems that do not use IKE, or (2) for systems that require IKE, configure firewall rules to allow inbound traffic on UDP ports 500 and 4500 only from known peer addresses. Microsoft notes these actions reduce attack surface but do not replace installing the security update. For SharePoint and other vulnerabilities, the source text does not explicitly describe mitigation steps beyond applying the patches.

CSO Online
Apr 14, 2026

AI agents access AWS resources through the Model Context Protocol (MCP, a system that lets AI tools interact with cloud services), but unlike traditional software with predictable behavior, agents can dynamically choose different actions based on context. The main security risk is that agents operate at machine speed and will use any permissions (IAM roles, API keys, or OAuth scopes) they're granted, so misconfigured access controls can cause large-scale damage quickly. The source recommends three security principles for controlling AI agent access to AWS resources, with an emphasis on using MCP servers rather than direct API access because MCP provides better monitoring and control.

Fix: The source recommends architecting agents to use MCP servers rather than direct service access where possible, because MCP servers provide a layer of abstraction that enables differentiation controls and creates additional monitoring capabilities through AWS CloudTrail. For agents on developer machines, developers should configure which AWS credentials the agent uses in their mcp.json file by specifying a named profile (which can use credential helpers and the credential provider chain for short-lived credentials), environment variables, or explicit credential configuration, rather than allowing agents to inherit broad developer admin credentials.

AWS Security Blog
Apr 14, 2026

AI is transforming cybersecurity by becoming both a tool for attackers and defenders, forcing organizations to shift from outdated perimeter-based security (the "castle and moat" approach) to continuous cyber resilience (the ability to detect threats in real-time and keep operations running during attacks). The industry is consolidating toward unified security platforms, automating repetitive analyst tasks to reduce burnout, and facing increasing regulatory pressure to demonstrate resilience and rapid recovery capabilities.

CSO Online
Apr 14, 2026

OpenAI announced GPT-5.4-Cyber, a new AI model designed specifically for cybersecurity professionals, along with a three-part strategy to manage risks as AI becomes more powerful. The announcement comes after competitor Anthropic released a more limited version of its Claude Mythos model, citing concerns that advanced AI could be exploited by attackers, though OpenAI argues that current safeguards are sufficient for broad deployment of today's models.

Fix: OpenAI's strategy includes three components: (1) 'know your customer' validation systems combined with Trusted Access for Cyber (TAC), an automated system introduced in February that allows controlled access to new models; (2) iterative deployment, a careful process of releasing and refining capabilities while monitoring for resilience to jailbreaks (techniques that trick AI into ignoring its safety guidelines) and other adversarial attacks; and (3) investments supporting software security and digital defense, including the Codex Security application security AI agent, a cybersecurity grants program begun in 2023, a donation to the Linux Foundation for open source security, and the Preparedness Framework designed to assess and defend against severe harm from advanced AI capabilities.

Wired (Security)
Apr 14, 2026

Anthropic confirmed it briefed the Trump administration about its new Mythos model, an AI system so dangerous it won't be released publicly due to powerful cybersecurity capabilities. The company is engaging with the government on AI safety issues while simultaneously suing the Department of Defense over a supply-chain risk label and disagreement over military access to Anthropic's systems.

TechCrunch (Security)
Apr 14, 2026

Recent physical attacks targeting AI industry leaders, including an alleged Molotov cocktail attack on OpenAI CEO Sam Altman's home and gunfire at an official who supported a data center project, have raised concerns about safety in the AI industry. These incidents appear connected to activist concerns about AI's risks, including extinction fears and opposition to infrastructure expansion.

The Verge (AI)
CNBC Technology