New tools, products, platforms, funding rounds, and company developments in AI security.
Economists warn that current tools for predicting AI's impact on jobs are inadequate because they only measure "exposure" (whether AI could theoretically do a job's tasks), which doesn't account for whether employers will actually replace workers or increase productivity instead. Economist Alex Imas calls for collecting new data on how AI actually changes specific jobs and industries, since knowing a job is 28% exposed to AI tells us little about whether that job will disappear, be transformed, or become more productive.
Iran's Islamic Revolutionary Guard Corps (IRGC, a military organization) published a video threatening to destroy OpenAI's Stargate data center in Abu Dhabi if the US attacks Iran's power plants. The threat was posted to social media on April 3rd and specifically showed images of OpenAI's $30 billion facility under construction in the United Arab Emirates.
This piece is an interview with Cisco's CEO about the company's role in building networking infrastructure for AI data centers. The conversation touches on challenges like public opposition to data centers due to noise, appearance, and high electricity use, and explores whether data centers should be built in space to avoid these problems.
This is a business news roundup covering multiple topics, including geopolitical tensions, Federal Reserve leadership, Apple's 50th anniversary, and OpenAI's acquisition of a technology podcast. The content discusses market reactions to potential U.S.-Iran negotiations, an upcoming Senate hearing for a Federal Reserve nominee, Apple's challenges in AI competition and supply chains, and OpenAI's purchase of the TBPN podcast.
Attackers are increasingly exploiting legitimate AI systems and services instead of using traditional malware, a trend called "living off the AI land." Examples include poisoning MCP servers (tools that connect AI assistants to external services) in supply chains, abusing AI platforms like Claude and Copilot as command-and-control channels (hidden pathways for sending malicious instructions), and hijacking AI agents (automated systems that perform tasks) to extract sensitive data or perform destructive actions. The shift represents a fundamental change in AI security threats, moving beyond simple prompt injection (tricking an AI by hiding instructions in its input) to more sophisticated agent hijacking (taking control of automated AI systems).
This item is a brief announcement about 'Cleanup Claude Code Paste,' posted by Simon Willison on April 6, 2026. The provided content does not include substantive details about what the tool does, what problem it addresses, or its significance.
OpenClaw, an open-source AI assistant built by an Austrian developer, sparked a major trend in China in March 2024 because it can be customized to work with Chinese AI models, unlike Western tools like ChatGPT that are inaccessible there. Users enthusiastically adapted OpenClaw's code to create personalized versions they called "lobsters," using them for tasks like e-commerce product listings, stock analysis, and productivity, with some claiming dramatic efficiency gains. The phenomenon reflects China's broader push to develop and embrace AI technology, driven by government support and the success of homegrown platforms like DeepSeek.
Google has integrated Gemini (an AI assistant that's built into Google services) into Google Maps, allowing it to help plan daily itineraries by suggesting nearby locations. The author tested this feature by having Gemini plan a full day around their city and found it effective, discovering both obvious and unexpected recommendations for places to visit.
A developer is redesigning the abstraction layer (a simplified interface that handles communication with many different AI services) of their LLM Python library to support new vendor features like server-side tool execution (where the AI provider runs code on their servers rather than the user's computer). They used Claude Code to analyze Python client libraries from major AI vendors and generate test commands to understand how these services handle both streaming (real-time data flow) and non-streaming data across different scenarios.
Anthropic's source code for Claude Code (an AI coding tool) was accidentally made public, and hackers have been reposting it on GitHub with infostealer malware (software that steals personal information) embedded in the code. Anthropic has been trying to remove the leaked copies by issuing copyright takedown notices, initially targeting over 8,000 repositories before narrowing efforts to 96 copies.
Anthropic is changing its policy so Claude users can no longer use their subscription to access OpenClaw (a third-party tool that integrates with Claude), forcing them to pay separately instead. The change takes effect April 4th, and may be motivated by Anthropic wanting to promote its own competing tools like Claude Cowork.
Fidji Simo, OpenAI's product and business chief, announced she is taking medical leave to manage a worsening neuroimmune condition called POTS (Postural Orthostatic Tachycardia Syndrome, a disorder that makes it hard to keep blood pressure steady). She also announced several leadership changes, including that OpenAI President Greg Brockman will oversee product during her absence, and that marketing chief Kate Rouch is stepping down to focus on cancer recovery.
Researchers at Google DeepMind have identified a vulnerability called 'AI Agent Traps' that allows attackers to manipulate and exploit AI agents (autonomous programs that can browse the web and take actions) by hosting malicious web content designed to deceive them. This research maps out how these attacks work against AI systems that visit websites.
Healthcare workers are increasingly using AI tools on their own to handle heavy workloads, and organizations cannot stop this trend. The source emphasizes that healthcare organizations should strengthen their security practices to reduce the damage if these unsanctioned AI tools are compromised or misused.
OWASP (Open Web Application Security Project, a standards group for security best practices) has updated its generative AI security guidance to address 21 identified risks in AI systems. The update recommends that companies use separate but coordinated defense strategies tailored specifically for generative AI (AI that creates text, images, or code) and agentic AI (AI that can take actions independently).
OpenAI is launching a Safety Fellowship program (September 2026 to February 2027) for external researchers to conduct independent studies on safety and alignment (making sure AI systems behave as intended and don't cause harm) of advanced AI systems. Fellows will work on topics like safety evaluation, ethics, robustness, privacy protection, and oversight of AI agents, receiving mentorship, compute resources, and a monthly stipend while producing research outputs like papers or datasets.
Commercial off-the-shelf software (COTS, meaning ready-made software products sold online or in stores) initially seems attractive because it deploys quickly and costs less than custom development, but organizations often get trapped when they want to switch platforms, as their systems become deeply entangled with the vendor's technology. AI-powered security tools are creating a new type of lock-in by relying on proprietary training data, vendor-specific threat intelligence feeds (collections of indicators showing cyber attacks), and specialized hardware, making it expensive and difficult to migrate away.
As generative AI (machine learning systems that create text, images, and other content) becomes better at mimicking human work, people increasingly doubt whether online content is human-made, yet platforms often don't label AI-generated material. The author suggests creating a universal labeling system (similar to Fair Trade certification) that marks human-created content instead, since AI systems have no incentive to identify their own work but human creators do to protect themselves from being replaced.
Fix: Anthropic has been issuing copyright takedown notices to remove copies of the leaked code from GitHub.
Wired (Security)This research examines how attackers could exploit Amazon Bedrock's multi-agent systems (groups of specialized AI agents working together) through prompt injection (tricking an AI by hiding malicious instructions in user input), potentially discovering agent instructions and executing unauthorized tool actions. The study found no vulnerabilities in Bedrock itself, but highlighted a broader LLM challenge: these systems cannot reliably distinguish between legitimate developer instructions and adversarial user input. The research was conducted ethically on owned systems in collaboration with Amazon's security team.
Fix: Enabling Bedrock's built-in prompt attack Guardrail stopped the demonstrated attacks. Additionally, Amazon confirmed that Bedrock's pre-processing stages and Guardrails effectively block these attacks when properly configured.
Palo Alto Unit 42Meta and other AI labs paused work with Mercor, a company that hires contractors to generate training data for AI models, after a security breach exposed proprietary datasets that could reveal competitive secrets to rivals. The breach occurred through a compromised version of LiteLLM (an API tool, which is software that allows different programs to communicate), likely by a hacking group called TeamPCP, affecting thousands of organizations and potentially exposing hundreds of gigabytes of Mercor's confidential data.