aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Industry News

New tools, products, platforms, funding rounds, and company developments in AI security.

to
Export CSV
2901 items

Vance, Bessent questioned tech giants on AI security before Anthropic's Mythos release

infonews
policysecurity
Apr 10, 2026

U.S. government officials, including Vice President JD Vance and Treasury Secretary Scott Bessent, met with tech CEOs from companies like Anthropic, OpenAI, Google, and Microsoft to discuss the security of large language models (AI systems trained on large amounts of text data) and how to protect against cyber attacks before Anthropic released its new Mythos model. Anthropic briefed government officials on the model's capabilities, including potential offensive and defensive cybersecurity applications, and emphasized that bringing the government into the conversation early about risks and safety measures was a priority.

CNBC Technology

OpenAI boss Sam Altman's home targeted with Molotov cocktail

infonews
security
Apr 10, 2026

A 20-year-old man was arrested in San Francisco after throwing a Molotov cocktail (a homemade incendiary weapon) at the home of OpenAI CEO Sam Altman, damaging a perimeter gate. The same person later appeared at OpenAI's San Francisco office and threatened to burn down the building before being arrested by police.

20-year-old man arrested for allegedly throwing a Molotov cocktail at Sam Altman’s house

infonews
security
Apr 10, 2026

This article reports on a criminal incident, not a technical AI or cybersecurity issue. A 20-year-old was arrested for allegedly throwing a Molotov cocktail (an improvised incendiary weapon) at OpenAI CEO Sam Altman's home in San Francisco and making threats at OpenAI's office.

Old Docker authorization bypass pops up despite previous patch

highnews
security
Apr 10, 2026

A new vulnerability (CVE-2026-34040, rated 8.8 on the CVSS score, a 0-10 severity rating) allows attackers to bypass authorization plug-ins (add-on security tools that control who can run Docker commands) in Docker Engine and gain root-level access to host systems. The flaw exploits the same underlying problem discovered in 2016, where oversized API requests (over 1MB) are silently dropped before the authorization plug-in can inspect them, causing the plug-in to approve requests it cannot see, which Docker then executes in full.

Anthropic’s Mythos Will Force a Cybersecurity Reckoning—Just Not the One You Think

infonews
securitysafety

Anthropic’s new AI tool has implications for us all – whether we can use it or not | Shakeel Hashim

infonews
safetysecurity

The Iranian Lego AI video creators credit their virality to ‘heart’

infonews
industry
Apr 10, 2026

An Iranian content creation group called Explosive Media has produced viral AI-generated Lego videos that mock recent US military operations, including the rescue of a downed airman. The videos use AI to create animated scenes where Lego jets explode and money spills out, criticizing the cost and outcome of the military missions.

Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks

infonews
securitypolicy

ChatGPT voice mode is a weaker model

infonews
research
Apr 10, 2026

ChatGPT's voice mode runs on an older, weaker model (GPT-4o era with a knowledge cutoff of April 2024) compared to other OpenAI products, even though talking to an AI might seem like it should use the smartest version. The article explains that OpenAI's highest-tier models perform much better on tasks like coding because those domains have clear, measurable success criteria (like whether unit tests pass) that make them easier to improve through reinforcement learning (training that rewards correct behaviors), and because business customers value these capabilities more.

Claude Mythos: Preparing for a World Where AI Finds and Exploits Vulnerabilities Faster Than Ever

highnews
securityresearch

CoreWeave stock pops 11% on deal to power Anthropic's Claude

infonews
industry
Apr 10, 2026

CoreWeave, a cloud infrastructure company that operates data centers with thousands of Nvidia graphics processing units (GPUs, specialized chips that speed up AI computations), announced a multi-year deal to provide computing power for Anthropic's Claude AI models. This deal means nine of the top ten AI model providers now use CoreWeave's platform, reflecting growing demand for the specialized infrastructure needed to run large AI systems at scale.

How scared of AI should we be? A new documentary film from an Oscar winner seeks answer

infonews
industry
Apr 10, 2026

Filmmaker Daniel Roher created a documentary called "The AI Doc: Or How I Became an Apocaloptimist" to explore whether AI will improve or harm humanity, after questioning whether it was wise to have a child in an AI-driven world. The film features interviews with 40 people including major AI company leaders, and examines how people tend to view AI in extreme terms, either as a cure-all solution or as an existential threat. The filmmakers learned that even top AI scientists struggle to explain what AI actually is in simple terms, and they focused on making content that would remain relevant over time rather than chasing headline-driven narratives.

Can Anthropic Keep Its Exploit-Writing AI Out of the Wrong Hands?

infonews
securitysafety

Fear and loathing at OpenAI

infonews
policy
Apr 10, 2026

Sam Altman, CEO of OpenAI, experienced a brief firing and reinstatement that led to significant organizational changes, raising questions about his leadership of a major AI company. The New Yorker published an investigation examining Altman's tenure and whether he is the appropriate person to lead such a transformative technology.

The Download: an exclusive Jeff VanderMeer story and AI models too scary to release

infonews
securitysafety

Claude uncovers a 13‑year‑old ActiveMQ RCE bug within minutes

infonews
securityresearch

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

mediumnews
securitypolicy

Sen. Sanders Talks to Claude About AI and Privacy

infonews
policysafety

Microsoft starts removing Copilot buttons from Windows 11 apps

infonews
industry
Apr 10, 2026

Microsoft is removing Copilot buttons (shortcuts to access its AI assistant) from several Windows 11 apps, including Notepad and Snipping Tool, replacing them with alternative menus like "writing tools." The underlying AI features remain available, but the company is reducing the number of ways users can directly access Copilot across its applications.

CMMC compliance in the age of AI

infonews
policy
Apr 10, 2026

CMMC 2.0 (Cybersecurity Maturity Model Certification 2.0) requires federal contractors to prove they protect controlled unclassified information (CUI, sensitive government data) through documented safeguards that work consistently under assessment, shifting from simple self-attestation to verified accountability. A major challenge is that organizations struggle to identify all systems and data subject to CMMC requirements, and manual processes for administrative controls (like access reviews and training records) create inconsistencies and scattered evidence across email and spreadsheets. The source argues that automation through workflow engines can standardize and consistently execute compliance controls while generating verifiable evidence automatically.

Previous73 / 146Next
BBC Technology
The Verge (AI)

Fix: Update to Docker Engine 29.3.1 or Docker Desktop 4.66.1. If immediate updates cannot be deployed, route API requests through a reverse proxy that blocks all requests over 512KB as a temporary mitigation. Additionally, administrators can search daemon logs using 'journalctl -u docker | grep "Request body is larger than"' to detect potential exploitation attempts.

CSO Online
Apr 10, 2026

Anthropic released Claude Mythos Preview, an AI model that can automatically discover vulnerabilities (weaknesses in software) and create working exploits (code that takes advantage of those weaknesses) across operating systems and software products. The company is currently limiting access to a few dozen organizations through Project Glasswing to give defenders time to find and fix weaknesses in their own systems before attackers gain widespread access to the model.

Fix: The source mentions that Project Glasswing participants are being given early access to Mythos Preview so they can 'find weaknesses in their own systems using the model and start to grapple more broadly with how software development, update cycles, and patch adoption needs to change.' However, no specific technical mitigation, patch, update, or fix is described in the text.

Wired (Security)
Apr 10, 2026

A cyber-attack on a London pathology company in June 2024 caused widespread hospital disruptions and contributed to a patient's death, highlighting real dangers from digital attacks. The article warns that a new AI release could enable more frequent and severe cyber-attacks by giving attackers powerful hacking capabilities, potentially creating widespread chaos in critical digital systems we depend on.

The Guardian Technology
The Verge (AI)
Apr 10, 2026

Federal Reserve Chairman Jerome Powell and Treasury Secretary Scott Bessent met with major U.S. bank CEOs to discuss cyber risks from Anthropic's Mythos model, a new AI system with advanced capabilities for both offensive and defensive hacking. Anthropic released the model in limited capacity through Project Glasswing, a cybersecurity initiative involving major tech companies, and briefed government agencies on its cyber applications because of concerns that hackers could exploit its capabilities.

CNBC Technology
Simon Willison's Weblog
Apr 10, 2026

Claude Mythos is a new AI model developed by Anthropic that can autonomously discover zero-day vulnerabilities (previously unknown security flaws) and create working exploits (tools that take advantage of those flaws) in major software like operating systems and web browsers. Although currently restricted to responsible organizations like Microsoft and Google, the source warns that similar capabilities will likely become publicly available within 12-18 months, leading to a surge in discovered vulnerabilities and requiring security teams to adopt new AI-focused strategies to defend against attacks.

Fix: The source explicitly recommends that security teams and vendors adopt the following strategies across three phases: (1) Short term: vendors should "invest in making sure that patching their products is as seamless and painless as possible, to support end-users dealing with the onslaught of new CVEs"; (2) Medium-to-long term: "plan to invest efforts into an AI-focused AppSec program (application security program), which will ensure you find the AI vulnerabilities before threat actors have a chance to exploit them."

Wiz Research Blog
CNBC Technology
CNBC Technology
Apr 10, 2026

Anthropic has released a preview version of an AI model called Mythos that can apparently identify and exploit zero-days (previously unknown security vulnerabilities that hackers don't yet know about). The company says it has built in certain controls to try to prevent misuse of this powerful tool.

Dark Reading
The Verge (AI)
Apr 10, 2026

OpenAI has restricted the release of its new cybersecurity tool to select partners only due to security concerns, joining Anthropic in limiting AI model access over safety fears. The article also reports that Florida is investigating OpenAI's potential involvement in helping plan a mass shooting through ChatGPT, raising questions about AI's role in real-world harms.

MIT Technology Review
Apr 10, 2026

Claude, an AI assistant, discovered a critical remote code execution (RCE, where an attacker can run commands on a system they don't own) vulnerability in Apache ActiveMQ that had gone undetected for 13 years. The bug allows attackers to trick ActiveMQ's management API into loading a malicious file from the internet and executing arbitrary commands, especially if default login credentials are still in use. Claude identified the complete exploit chain in about 10 minutes, a task that would have taken a human researcher roughly a week.

Fix: CVE-2026-34197 has been addressed in newer ActiveMQ Classic releases (version 6.2.3 and 5.19.4). Users must upgrade to these patched versions to be protected.

CSO Online
Apr 10, 2026

AI browser extensions are a major security blind spot in enterprises because they operate inside browsers with direct access to user data, passwords, and cookies while bypassing traditional security monitoring tools like DLP (data loss prevention, which blocks sensitive information from leaving a network) and SaaS logs. The report shows AI extensions are significantly riskier than regular extensions: they are 60% more likely to have CVEs (known software vulnerabilities), 3 times more likely to access cookies, and 6 times more likely to increase their permissions over time, yet 99% of enterprise users have at least one extension installed with little organizational visibility into which ones exist or what they can access.

The Hacker News
Apr 10, 2026

N/A -- The provided content does not contain substantive information about a specific AI or LLM security issue. It appears to be metadata and navigation elements from Bruce Schneier's security blog, listing essay titles and tags rather than discussing an actual technical problem or vulnerability.

Schneier on Security
The Verge (AI)

Fix: Use automated workflows and workflow engines to execute CMMC-related controls. Specifically, "Workflow engines can schedule tasks, route them to responsible owners, enforce approvals and capture outcomes in standardized formats" so that "evidence collection becomes a byproduct of normal operations instead of a separate, reactive effort." Automation enables recurring access reviews to run on a schedule rather than manual reminders, and standardizes control application across teams and regions so deviations are visible in logs.

CSO Online