aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Industry News

New tools, products, platforms, funding rounds, and company developments in AI security.

to
Export CSV
2907 items

Gemma 4: Byte for byte, the most capable open models

infonews
industry
Apr 2, 2026

Google DeepMind has released Gemma 4, a family of open-source AI models available in four sizes (2B to 31B parameters, where parameters are the trainable weights in a neural network) designed for complex reasoning and agentic workflows (AI systems that can autonomously plan and use tools to complete tasks). The models are optimized to run efficiently on various hardware from mobile phones to workstations and support advanced features like multimodal processing (handling text, images, video, and audio), function-calling for tool integration, and context windows up to 256K tokens (units of text the model can process in one response).

DeepMind Safety Research

Google Workspace’s continuous approach to mitigating indirect prompt injections

infonews
securitysafety

Threat actor abuse of AI accelerates from tool to cyberattack surface

infonews
securityindustry

It’s not easy to get depression-detecting AI through the FDA

infonews
industrypolicy

Cybersecurity M&A Roundup: 38 Deals Announced in March 2026

infonews
industry
Apr 2, 2026

This article reports on 38 cybersecurity mergers and acquisitions (M&A, or business deals where one company buys another) announced in March 2026 by major companies including Airbus, Cellebrite, Databricks, Quantum eMotion, Rapid7, and OpenAI. The source provides only a high-level announcement of these deals without detailed technical or security content.

I have always seen myself as ‘progressive’ – but with AI it’s time to hit the brakes | Peter Lewis

infonews
policyindustry

vSphere and BRICKSTORM Malware: A Defender's Guide

infonews
security
Apr 2, 2026

BRICKSTORM is a malware campaign targeting VMware vSphere environments, specifically the vCenter Server Appliance (VCSA) and ESXi hypervisors (the software that runs virtual machines), by exploiting weak security architecture rather than software vulnerabilities. Attackers establish persistence at the virtualization layer (the foundational control software beneath guest operating systems), where traditional security tools like EDR (endpoint detection and response, software that monitors computers for threats) cannot see them, allowing them to gain administrative control over entire virtual infrastructure. The VCSA is particularly attractive to attackers because compromising it grants full control over all virtual machines and their data.

Microsoft’s new ‘superintelligence’ game plan is all about business

infonews
industry
Apr 2, 2026

Microsoft has reorganized its AI leadership, with Mustafa Suleyman taking on a new role as the company's first CEO of AI focused specifically on pursuing superintelligence (AI systems that would surpass human intelligence across all tasks). The company's renegotiated contract with OpenAI has enabled this strategic shift, which Suleyman says he had been planning for nearly a year.

Google Home’s latest update makes Gemini better at understanding your commands

infonews
industry
Apr 2, 2026

Google has released an update to its Home app that improves Gemini (Google's AI assistant) at understanding natural language commands for controlling smart home devices. The update allows users to describe desired settings in more natural ways, such as requesting "the color of the ocean" for lighting or specifying exact temperatures and humidity levels, and improves Gemini's ability to identify which devices are being controlled.

OpenAI acquires TBPN

infonews
industry
Apr 2, 2026

OpenAI has acquired TBPN, a media platform that covers AI news and hosts conversations with influential figures in tech and business. The acquisition aims to help OpenAI communicate more effectively about AI's impact on society while keeping TBPN's editorial independence intact.

Codex now offers more flexible pricing for teams

infonews
industry
Apr 2, 2026

OpenAI has introduced more flexible pricing for Codex, a code-generation AI tool that helps developers write software faster. Teams can now add Codex-only seats with pay-as-you-go pricing (meaning you only pay for what you use based on tokens, the small units of text the AI processes) instead of paying a fixed fee per person, and ChatGPT Business pricing has been lowered from $25 to $20 per seat annually. The company is also offering $100 in credits per new Codex-only user (up to $500 per team) to help teams try out the tool.

Cybersecurity in the age of instant software

infonews
securitysafety

Variance Raises $21.5M for Compliance Investigation Platform Powered by AI Agents

infonews
industry
Apr 2, 2026

Variance, a company building a compliance investigation platform that uses AI agents (autonomous AI systems that can perform tasks independently), has raised $21.5 million in new funding, bringing its total funding to $26 million. The funding will be used to grow the platform's capabilities.

Tools, um MCP-Server abzusichern

infonews
security
Apr 2, 2026

Model Context Protocol (MCP, a system that connects AI agents to data sources) has become popular in businesses but faces security risks like prompt injection (tricking an AI by hiding instructions in its input), token theft, and data leaks. While progress has been made with features like OAuth support and an official MCP Registry, companies need tools to implement proper access controls, authorization checks, and detailed logging to protect sensitive data.

datasette-llm 0.1a6

infonews
industry
Apr 1, 2026

datasette-llm 0.1a6 is a plugin (add-on software) that helps integrate LLMs into the datasette data tool. This release simplifies configuration by automatically adding a default model to the allowed models list, so developers don't have to list the same model ID twice.

datasette-enrichments-llm 0.2a1

infonews
industry
Apr 1, 2026

This is an announcement about datasette-enrichments-llm version 0.2a1, a tool that combines datasette (a database publishing platform), llm (a language model interface), and enrichments (adding extra data to existing information). The post is from Simon Willison dated April 1st, 2026, and appears to be part of a monthly briefing about LLM developments.

Claude Mythos Wake-Up Call: What AI Vulnerability Discovery Means for Cyber Defense

infonews
securitysafety

Claude’s code: Anthropic leaks source code for AI software engineering tool

highnews
securityprivacy

Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

highnews
securityresearch

Why is gaming becoming so expensive? The answer is found in AI

infonews
industry
Apr 1, 2026

PlayStation console prices have risen significantly over five years, breaking the historical trend of consoles becoming cheaper over time. The article argues that AI data centres demanding massive amounts of computing power for RAM and storage have increased hardware costs, contributing to these price hikes alongside other factors like global conflicts and inflation.

Previous81 / 146Next
Apr 2, 2026

Indirect prompt injection (IPI) is a security threat where attackers hide malicious instructions in data or tools that an AI system uses, potentially influencing how it behaves without direct user input. Google treats IPI as an ongoing challenge rather than a one-time problem to solve, using multiple continuous strategies including human red-teaming (adversarial simulations), automated red-teaming (machine-learning-driven attack testing), a vulnerability rewards program for external researchers, and monitoring of publicly disclosed attacks to stay ahead of evolving threats.

Google Online Security Blog
Apr 2, 2026

Threat actors are now embedding AI into their cyberattacks to make them more effective and precise, rather than just faster. AI is helping attackers craft better phishing emails (resulting in 54% click-through rates versus 12% traditionally), develop malware, and steal data more efficiently, while humans still oversee the operations. Organizations face a major security challenge because AI-enabled phishing is now far more targeted and harder to defend against at scale, especially when combined with systems designed to bypass multifactor authentication (MFA, a security method that requires multiple forms of verification).

Microsoft Security Blog
Apr 2, 2026

Kintsugi, a California startup, spent seven years developing AI to detect depression and anxiety by analyzing how someone speaks rather than what they say. The company is shutting down after failing to get FDA (Food and Drug Administration, the U.S. agency that approves medical products) clearance, though it is releasing its technology as open-source software so others can use and build on it.

The Verge (AI)
SecurityWeek
Apr 2, 2026

This article discusses concerns about the rapid advancement of AI technology and argues that progressive voices are not adequately addressing the risks of automation and economic disruption. The author expresses skepticism about AI industry leaders, using Anthropic's CEO as an example, questioning whether their stated commitment to safe AI development should be trusted despite their public statements about safety concerns.

The Guardian Technology

Fix: Mandiant released a vCenter Hardening Script that enforces security configurations at the Photon Linux layer (the underlying operating system of vCenter). Organizations should implement the hardening recommendations provided in the guide to transform the virtualization layer into a hardened environment capable of detecting and blocking persistent threats, including establishing custom security configurations at both the vSphere and Photon Linux layers.

Google Threat Intelligence
The Verge (AI)
The Verge (AI)
OpenAI Blog
OpenAI Blog
Apr 2, 2026

AI is making software development faster and easier, creating a future where custom applications can be written and deleted on demand, but this also means AI tools are getting better at finding and exploiting vulnerabilities in code. Both attackers and defenders are using AI for cybersecurity, creating an 'arms race' where attackers can automatically discover and exploit flaws while defenders can use similar AI tools to find and patch vulnerabilities before attackers exploit them.

CSO Online
SecurityWeek
CSO Online
Simon Willison's Weblog
Simon Willison's Weblog
Apr 1, 2026

Anthropic was developing Claude Mythos, an advanced AI model with improved abilities in vulnerability discovery (finding weaknesses in software) and exploit development (creating tools to attack those weaknesses). This capability means AI can now help attackers find and exploit security flaws more quickly and at larger scale than before, making cyber defense significantly more challenging.

Check Point Research
Apr 1, 2026

Anthropic accidentally leaked nearly 2,000 internal files and 500,000 lines of code for its Claude Code AI tool due to human error, when an internal file was mistakenly included in a software update and pointed to an archive that was quickly copied to GitHub. The leaked source code spread widely on social media and became GitHub's fastest-ever downloaded repository before Anthropic issued copyright takedown requests to limit its distribution.

Fix: Anthropic issued copyright takedown requests to try to contain the code's spread.

The Guardian Technology
Apr 1, 2026

Researcher Hung Nguyen used Anthropic's Claude Code (an AI tool for analyzing code) to quickly discover zero-day exploits (previously unknown security flaws) in Vim and GNU Emacs, two widely-used text editors. Claude Code found vulnerabilities that would allow attackers to execute arbitrary code (run commands they don't control) simply by tricking users into opening malicious files, and even generated proof-of-concept exploits (working examples of attacks) within minutes.

Fix: For Vim: The vulnerability (CVE-2026-34714, CVSS score 9.2) was fixed by the maintainers in version 9.2.0272. For GNU Emacs: The source text states that GNU Emacs maintainers declined to address the issue and believes it to be a problem with Git instead; Nguyen suggests manual mitigations but the source does not explicitly describe what those mitigations are.

CSO Online
The Guardian Technology