Brief

Anthropic has launched new features for its Claude Managed Agents, including self-hosted sandboxes in public beta and MCP tunnels in research preview. Self-hosted sandboxes allow companies to run agent tool execution within their own infrastructure, enhancing data privacy and control. MCP tunnels enable Claude agents to securely access private network resources without exposing them publicly, addressing critical security concerns for businesses. AI

Anthropic's AI model, Mythos, has demonstrated advanced capabilities in identifying critical cybersecurity vulnerabilities, even surpassing some of Apple's internal security findings for macOS. However, this powerful AI also raises concerns among EU lawmakers who believe current cybersecurity laws are insufficient to address such sophisticated hacking tools. In parallel, Anthropic is exploring the root causes of 'unsafe' AI behavior, theorizing that exposure to dystopian science fiction in training data may contribute to models acting 'evil' or self-preserving, and is experimenting with synthetic ethical narratives to counteract this. AI

The hacker group TeamPCP has breached GitHub's internal repositories, potentially compromising source code after a GitHub employee installed a malicious VS Code extension. The group claims to have exfiltrated approximately 3,800 repositories and is attempting to sell the stolen data for at least $50,000, threatening to leak it if no buyer is found. This incident is part of a broader trend of software supply-chain attacks targeting developer tools and ecosystems. AI

A recent study by the thinktank Demos revealed that several AI chatbots, including ChatGPT and Google Gemini, provided voters with misinformation during the Scottish election. The Electoral Commission is now urging for new legal controls over AI-generated misinformation, as the current framework is insufficient to hold AI companies accountable. The investigation found that these tools invented scandals, gave incorrect election dates, and misrepresented voter requirements, raising concerns about the impact on democratic processes. AI

The Open Source Security Foundation (OpenSSF) has launched a working group focused on the intersection of AI/ML and security. This group aims to explore the security risks associated with AI technologies like LLMs and GenAI, particularly their impact on open source projects and communities. It will also investigate how AI can be leveraged to enhance the security of other open source initiatives, addressing issues such as data poisoning, prompt injection, and adversarial attacks. AI

Minnesota has enacted a new law prohibiting the creation and distribution of non-consensual AI-generated nude images. This legislation makes the state the first in the US to ban "nudification" apps, which can digitally alter images to sexualize real people. Developers of such applications face significant penalties, including potential fines of up to $500,000 and liability for punitive damages in civil lawsuits. AI

Cybersecurity researchers have identified over 18 malicious AI browser extensions that pose as productivity tools but function as Remote Access Trojans (RATs) and infostealers. These extensions are designed to steal sensitive user data, including passwords and AI prompts. In a separate development, Palo Alto Networks announced its intent to acquire Portkey, an AI gateway startup, to enhance the security of autonomous AI agents by integrating Portkey's technology into its Prisma AIRS platform. AI