aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Industry News

New tools, products, platforms, funding rounds, and company developments in AI security.

to
Export CSV
2907 items

OpenAI’s AGI boss is taking a leave of absence

infonews
industry
Apr 3, 2026

OpenAI's CEO of AGI deployment (artificial general intelligence, an AI system that can handle any intellectual task), Fidji Simo, is taking medical leave for several weeks due to a neuroimmune condition. During her absence, other company leaders including President Greg Brockman will take over her responsibilities for product development and business operations.

The Verge (AI)

v0.14.20

lownews
security
Apr 3, 2026

LlamaIndex version 0.14.20 includes multiple updates across its callback and core modules, with a primary focus on fixing a vulnerability in NLTK (a natural language processing library that helps AI systems understand and work with human language). The release also updates various dependencies and fixes minor bugs in code formatting and syntax.

Security lapse lets researchers view React2Shell hackers’ dashboard

highnews
securityprivacy

Claude Code is still vulnerable to an attack Anthropic has already fixed

highnews
security
Apr 3, 2026

Claude Code has a vulnerability where commands with more than 50 subcommands (smaller operations within a larger command) cause the tool to skip its security checks for subcommands after the 50th, asking users to approve them without proper safety analysis. Attackers could exploit this by hiding malicious commands in legitimate-looking code repositories, potentially stealing user credentials and compromising entire software projects.

Claude Source Code Leak Highlights Big Supply Chain Missteps

highnews
security
Apr 3, 2026

Claude's source code was leaked, revealing problems in how the software supply chain (the process of developing, distributing, and maintaining software) is protected. The incident shows that companies need stronger security controls at every step of software development, similar to how critical infrastructure like power grids are protected.

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

infonews
securityprivacy

'Chasing vibes' — OpenAI's M&A strategy gets more confusing with TBPN purchase

infonews
industry
Apr 3, 2026

OpenAI announced its purchase of TBPN (Technology Business Programming Network), a media company that streams a daily three-hour tech talk show, marking another acquisition alongside its $6.4 billion purchase of hardware startup io. The acquisition strategy appears unclear to investors and analysts, as the company faces intensifying competition from rivals like Google and Anthropic while dealing with significant losses from infrastructure spending ahead of a planned IPO.

Mobile Attack Surface Expands as Enterprises Lose Control

infonews
securitysafety

12 cyber industry trends revealed at RSAC 2026

infonews
industrypolicy

Cloudflare’s new CMS is not a WordPress killer, it’s a WordPress alternative

infonews
industry
Apr 2, 2026

Cloudflare launched EmDash, a new content management system (CMS, software for building and managing websites) that it positions as a more secure alternative to WordPress, avoiding the cybersecurity problems caused by WordPress plugins. EmDash is fully open source under the MIT license (a permissive license allowing broad reuse and modification) and is designed for modern web development, including compatibility with AI agents, rather than the aging WordPress architecture.

Microsoft executive touts Copilot sales traction as AI anxiety weighs on stock

infonews
industry
Apr 2, 2026

Microsoft's Copilot, an AI add-on for business productivity software, has faced slow adoption despite the company's heavy investment in AI infrastructure, though executives claim recent sales improvements. The company had 15 million users of its $30-per-month Microsoft 365 Copilot as of January, representing only 3% of available seats, and analysts expected higher numbers. Microsoft adjusted its sales strategy after receiving feedback, focusing on getting more users onto the free Copilot Chat feature alongside paid Copilot seats.

Cisco fixes critical IMC auth bypass present in many products

infonews
security
Apr 2, 2026

Cisco released patches for a critical vulnerability (CVE-2026-20093) in its Integrated Management Controller (IMC, a dedicated controller embedded in server motherboards that manages servers remotely even when the main operating system is off). The flaw allows unauthenticated attackers to bypass authentication and gain admin access by sending specially crafted HTTP requests to exposed IMC interfaces. The vulnerability affects many Cisco servers and appliances, particularly those with IMC interfaces exposed to local networks or the internet.

PSA: Anyone with a link can view your Granola notes by default

mediumnews
securityprivacy

Four security principles for agentic AI systems

infonews
securitypolicy

Highlights from my conversation about agentic engineering on Lenny's Podcast

infonews
industryresearch

Claude Code leak used to push infostealer malware on GitHub

highnews
security
Apr 2, 2026

Threat actors exploited a March 31 accidental leak of Claude Code's source code (a terminal-based AI agent from Anthropic) by creating fake GitHub repositories that deliver Vidar infostealer malware to users searching for the leaked code. The repositories use search engine optimization to appear in Google results and trick users into downloading a malicious executable that deploys information-stealing and network-proxying tools.

OpenAI acquires popular tech podcast TBPN

infonews
industry
Apr 2, 2026

OpenAI has acquired TBPN, a daily technology news podcast that covers AI and interviews major tech leaders. The acquisition is part of OpenAI's effort to create a platform for discussion about how AI is changing society, though the company says TBPN will maintain editorial independence and continue choosing its own guests.

llm-gemini 0.30

infonews
industry
Apr 2, 2026

This is a monthly briefing post by Simon Willison from April 2, 2026, covering developments in LLM (large language model) tools and services, including updates to the llm command-line tool, Google's Gemini AI, and Google's Gemma model. The post appears to be an announcement of a sponsored monthly email digest tracking important LLM developments, though specific technical details about changes or issues are not provided in the content.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

highnews
security
Apr 2, 2026

Anthropic's Claude Code source code was leaked, and shortly after, security researchers at Adversa AI discovered a critical vulnerability in the tool. The incident highlights how exposing source code can quickly lead to the discovery of serious security flaws.

OpenAI just bought TBPN

infonews
industry
Apr 2, 2026

OpenAI has acquired TBPN, a popular online talk show that broadcasts live weekday episodes and features interviews with AI executives and tech leaders, positioning itself as competition to traditional financial news channels like Bloomberg and CNBC. The show's host stated it will continue operating as before under OpenAI's ownership, marking a reunion between the host and OpenAI CEO Sam Altman, who had previously funded the host's company.

Previous80 / 146Next

Fix: Update to version 0.14.20, which includes the fix for the NLTK vulnerability across all affected modules (llama-index-agent-agentmesh, llama-index-callbacks-agentops, llama-index-callbacks-aim, and others).

LlamaIndex Security Releases
Apr 3, 2026

A threat group called UAT-10608 is exploiting React2Shell (CVE-2025-55182, a pre-authentication remote code execution vulnerability in Next.js applications), a flaw that was patched four months ago, to steal credentials and tokens from unpatched servers at scale. Researchers discovered the attackers' exposed web dashboard, which revealed they had successfully compromised 766 hosts in 24 hours and stolen credentials from major services like AWS, Azure, OpenAI, GitHub, and others. The vulnerability allows attackers to send malicious code payloads to server endpoints without authentication, triggering arbitrary code execution that deploys credential-harvesting tools.

Fix: A fix was issued four months ago. Additionally, the source states that 'victims and service providers with exposed and at-risk credentials, including AWS and GitHub, are being notified,' and IT professionals should 'act quickly' to patch React servers in their environment before credentials are stolen.

CSO Online

Fix: Anthropic has already developed a fix called the tree-sitter parser (a tool that analyzes code structure more carefully), which is included in the source code but has not been enabled in the public builds that customers currently use.

CSO Online
Dark Reading
Apr 3, 2026

This news roundup covers several security incidents: a data leak from ChatGPT, a rootkit (malware that hides itself deep in a system to maintain control) discovered on Android devices, and a ransomware attack (malware that encrypts files and demands payment) on a water treatment facility. The article also mentions a Symantec vulnerability, a new anti-ClickFix defense added to macOS (a mechanism to block a social engineering attack that tricks users into visiting malicious websites), and an FBI hack classified as a major incident.

SecurityWeek
CNBC Technology
Apr 3, 2026

Enterprises are facing growing security risks on mobile devices because unauthorized AI (shadow AI, meaning AI tools deployed without official approval) is being hidden in everyday apps, combined with outdated mobile devices and zero-click exploits (attacks that work without any user interaction like clicking a link). These factors together create mobile security threats that are hard for organizations to detect and manage.

SecurityWeek
Apr 3, 2026

At the 2026 RSA cybersecurity conference, industry leaders identified a clear divide among CISOs (chief information security officers, top security leaders at companies) in their approach to AI: about 20% are proactive and strategic, 40% are confused about AI risks in their organizations, and 40% are unaware of AI projects happening around them. The article predicts that confused CISOs will face a difficult transition to becoming proactive, requiring them to assess business goals, create governance frameworks (policies and rules for managing AI), and implement guardrails (safety controls) while their organizations continue developing AI. Legacy security vendors currently have an advantage in selling AI tools, but simply adding AI to existing security tools will not work long-term, and companies instead need to build strong AI foundations (data systems, control systems, and safety measures) before adding AI agents on top.

CSO Online
CSO Online
CNBC Technology
CSO Online
Apr 2, 2026

Granola, an AI-powered note-taking app that records meetings and generates summaries, makes your notes viewable to anyone who has the link by default, despite claiming notes are "private by default." Additionally, Granola uses your notes for internal AI training unless you actively opt out of this practice.

The Verge (AI)
Apr 2, 2026

Agentic AI systems (AI that autonomously connects to software tools and uses large language models as reasoning engines to plan and execute actions) present unique security challenges because they operate at machine speed with real-world consequences, unlike traditional software or human-reviewed generative AI. The main risks are that agents can carry out unintended actions before humans can intervene, and they may not recognize ambiguities or understand unstated policy boundaries like humans do. Security responses don't require entirely new frameworks but should extend existing ones (like NIST's Cybersecurity Framework) with four foundational principles addressing both traditional software components and AI-specific elements.

AWS Security Blog
Apr 2, 2026

This podcast episode discusses how AI coding models reached an inflection point in November 2025 when GPT 5.1 and Claude Opus 4.5 became reliable enough that generated code mostly works without extensive manual fixes, fundamentally changing how software engineers work. The speaker highlights that code quality is easier to verify than other knowledge work (like legal documents), making software engineers early adopters facing questions about career changes as AI agents (programs that can take actions autonomously) handle tasks that previously consumed most development time. The episode also touches on practical uses of AI for coding on mobile devices and the importance of testing before deploying AI-generated code to users.

Simon Willison's Weblog
BleepingComputer
CNBC Technology
Simon Willison's Weblog
SecurityWeek
The Verge (AI)