New tools, products, platforms, funding rounds, and company developments in AI security.
OpenAI's CEO of AGI deployment (artificial general intelligence, an AI system that can handle any intellectual task), Fidji Simo, is taking medical leave for several weeks due to a neuroimmune condition. During her absence, other company leaders including President Greg Brockman will take over her responsibilities for product development and business operations.
LlamaIndex version 0.14.20 includes multiple updates across its callback and core modules, with a primary focus on fixing a vulnerability in NLTK (a natural language processing library that helps AI systems understand and work with human language). The release also updates various dependencies and fixes minor bugs in code formatting and syntax.
Claude Code has a vulnerability where commands with more than 50 subcommands (smaller operations within a larger command) cause the tool to skip its security checks for subcommands after the 50th, asking users to approve them without proper safety analysis. Attackers could exploit this by hiding malicious commands in legitimate-looking code repositories, potentially stealing user credentials and compromising entire software projects.
Claude's source code was leaked, revealing problems in how the software supply chain (the process of developing, distributing, and maintaining software) is protected. The incident shows that companies need stronger security controls at every step of software development, similar to how critical infrastructure like power grids are protected.
OpenAI announced its purchase of TBPN (Technology Business Programming Network), a media company that streams a daily three-hour tech talk show, marking another acquisition alongside its $6.4 billion purchase of hardware startup io. The acquisition strategy appears unclear to investors and analysts, as the company faces intensifying competition from rivals like Google and Anthropic while dealing with significant losses from infrastructure spending ahead of a planned IPO.
Cloudflare launched EmDash, a new content management system (CMS, software for building and managing websites) that it positions as a more secure alternative to WordPress, avoiding the cybersecurity problems caused by WordPress plugins. EmDash is fully open source under the MIT license (a permissive license allowing broad reuse and modification) and is designed for modern web development, including compatibility with AI agents, rather than the aging WordPress architecture.
Microsoft's Copilot, an AI add-on for business productivity software, has faced slow adoption despite the company's heavy investment in AI infrastructure, though executives claim recent sales improvements. The company had 15 million users of its $30-per-month Microsoft 365 Copilot as of January, representing only 3% of available seats, and analysts expected higher numbers. Microsoft adjusted its sales strategy after receiving feedback, focusing on getting more users onto the free Copilot Chat feature alongside paid Copilot seats.
Cisco released patches for a critical vulnerability (CVE-2026-20093) in its Integrated Management Controller (IMC, a dedicated controller embedded in server motherboards that manages servers remotely even when the main operating system is off). The flaw allows unauthenticated attackers to bypass authentication and gain admin access by sending specially crafted HTTP requests to exposed IMC interfaces. The vulnerability affects many Cisco servers and appliances, particularly those with IMC interfaces exposed to local networks or the internet.
Threat actors exploited a March 31 accidental leak of Claude Code's source code (a terminal-based AI agent from Anthropic) by creating fake GitHub repositories that deliver Vidar infostealer malware to users searching for the leaked code. The repositories use search engine optimization to appear in Google results and trick users into downloading a malicious executable that deploys information-stealing and network-proxying tools.
OpenAI has acquired TBPN, a daily technology news podcast that covers AI and interviews major tech leaders. The acquisition is part of OpenAI's effort to create a platform for discussion about how AI is changing society, though the company says TBPN will maintain editorial independence and continue choosing its own guests.
This is a monthly briefing post by Simon Willison from April 2, 2026, covering developments in LLM (large language model) tools and services, including updates to the llm command-line tool, Google's Gemini AI, and Google's Gemma model. The post appears to be an announcement of a sponsored monthly email digest tracking important LLM developments, though specific technical details about changes or issues are not provided in the content.
Anthropic's Claude Code source code was leaked, and shortly after, security researchers at Adversa AI discovered a critical vulnerability in the tool. The incident highlights how exposing source code can quickly lead to the discovery of serious security flaws.
OpenAI has acquired TBPN, a popular online talk show that broadcasts live weekday episodes and features interviews with AI executives and tech leaders, positioning itself as competition to traditional financial news channels like Bloomberg and CNBC. The show's host stated it will continue operating as before under OpenAI's ownership, marking a reunion between the host and OpenAI CEO Sam Altman, who had previously funded the host's company.
Fix: Update to version 0.14.20, which includes the fix for the NLTK vulnerability across all affected modules (llama-index-agent-agentmesh, llama-index-callbacks-agentops, llama-index-callbacks-aim, and others).
LlamaIndex Security ReleasesA threat group called UAT-10608 is exploiting React2Shell (CVE-2025-55182, a pre-authentication remote code execution vulnerability in Next.js applications), a flaw that was patched four months ago, to steal credentials and tokens from unpatched servers at scale. Researchers discovered the attackers' exposed web dashboard, which revealed they had successfully compromised 766 hosts in 24 hours and stolen credentials from major services like AWS, Azure, OpenAI, GitHub, and others. The vulnerability allows attackers to send malicious code payloads to server endpoints without authentication, triggering arbitrary code execution that deploys credential-harvesting tools.
Fix: A fix was issued four months ago. Additionally, the source states that 'victims and service providers with exposed and at-risk credentials, including AWS and GitHub, are being notified,' and IT professionals should 'act quickly' to patch React servers in their environment before credentials are stolen.
CSO OnlineFix: Anthropic has already developed a fix called the tree-sitter parser (a tool that analyzes code structure more carefully), which is included in the source code but has not been enabled in the public builds that customers currently use.
CSO OnlineThis news roundup covers several security incidents: a data leak from ChatGPT, a rootkit (malware that hides itself deep in a system to maintain control) discovered on Android devices, and a ransomware attack (malware that encrypts files and demands payment) on a water treatment facility. The article also mentions a Symantec vulnerability, a new anti-ClickFix defense added to macOS (a mechanism to block a social engineering attack that tricks users into visiting malicious websites), and an FBI hack classified as a major incident.
Enterprises are facing growing security risks on mobile devices because unauthorized AI (shadow AI, meaning AI tools deployed without official approval) is being hidden in everyday apps, combined with outdated mobile devices and zero-click exploits (attacks that work without any user interaction like clicking a link). These factors together create mobile security threats that are hard for organizations to detect and manage.
At the 2026 RSA cybersecurity conference, industry leaders identified a clear divide among CISOs (chief information security officers, top security leaders at companies) in their approach to AI: about 20% are proactive and strategic, 40% are confused about AI risks in their organizations, and 40% are unaware of AI projects happening around them. The article predicts that confused CISOs will face a difficult transition to becoming proactive, requiring them to assess business goals, create governance frameworks (policies and rules for managing AI), and implement guardrails (safety controls) while their organizations continue developing AI. Legacy security vendors currently have an advantage in selling AI tools, but simply adding AI to existing security tools will not work long-term, and companies instead need to build strong AI foundations (data systems, control systems, and safety measures) before adding AI agents on top.
Granola, an AI-powered note-taking app that records meetings and generates summaries, makes your notes viewable to anyone who has the link by default, despite claiming notes are "private by default." Additionally, Granola uses your notes for internal AI training unless you actively opt out of this practice.
Agentic AI systems (AI that autonomously connects to software tools and uses large language models as reasoning engines to plan and execute actions) present unique security challenges because they operate at machine speed with real-world consequences, unlike traditional software or human-reviewed generative AI. The main risks are that agents can carry out unintended actions before humans can intervene, and they may not recognize ambiguities or understand unstated policy boundaries like humans do. Security responses don't require entirely new frameworks but should extend existing ones (like NIST's Cybersecurity Framework) with four foundational principles addressing both traditional software components and AI-specific elements.
This podcast episode discusses how AI coding models reached an inflection point in November 2025 when GPT 5.1 and Claude Opus 4.5 became reliable enough that generated code mostly works without extensive manual fixes, fundamentally changing how software engineers work. The speaker highlights that code quality is easier to verify than other knowledge work (like legal documents), making software engineers early adopters facing questions about career changes as AI agents (programs that can take actions autonomously) handle tasks that previously consumed most development time. The episode also touches on practical uses of AI for coding on mobile devices and the importance of testing before deploying AI-generated code to users.