Pulse

Anthropic has developed a new internal metric called 'Wet Blanket' to quantify how often its AI model, Claude, engages in lecturing or overly cautious responses. This metric aims to help the company fine-tune Claude's behavior, making it more helpful and less preachy. The development suggests a focus on improving user experience and the naturalness of AI interactions. AI

Anthropic's Claude 3.5 model has reportedly demonstrated advanced cybersecurity safety classifiers. These classifiers are designed to identify and mitigate potential security risks within AI systems. The model's performance in this area suggests a significant step forward in AI safety research and development. AI

Meta has confirmed that a flaw in its AI-powered support chatbot led to the compromise of over 20,000 Instagram accounts. The issue allowed unauthorized access to user accounts, highlighting potential security vulnerabilities in AI integration. This incident raises concerns about the security implications of deploying AI chatbots for customer support. AI

BT Group has partnered with Anthropic to integrate the Claude Mythos Preview AI model into its operations. This collaboration, part of Anthropic's Project Glasswing, aims to enhance BT's internal security measures and its services offered to commercial clients. The deployment will leverage Claude Mythos for improved cybersecurity and other enterprise AI applications within the telecommunications giant. AI

Anthropic's Claude AI has been used to rapidly generate exploits for known software vulnerabilities, significantly reducing the time from vulnerability disclosure to weaponization. This advancement poses a serious threat to cybersecurity by compressing the already tight patch windows for critical vulnerabilities. The ability to quickly create working exploits means that the gap between a patch being available and it being deployed by organizations is now under immense pressure. AI

A recent analysis suggests that AI models may be susceptible to a Y2K-like vulnerability, potentially impacting their ability to process dates accurately. This theoretical flaw, termed 'Y2K' by researchers, could affect AI systems by causing them to misinterpret or fail when encountering specific date formats. The implications of such a vulnerability are still being explored, but it raises questions about the long-term reliability and security of AI technologies. AI

Users are reporting issues with OpenCode Go/Zen, a platform that appears to be preventing account and data deletion. Several GitHub issues highlight this problem, with some users receiving vague promises of future implementation for account deletion features. The lack of a straightforward deletion process is a significant concern for users who value data privacy and control. AI

A security breach at Microsoft has led to the distribution of malware targeting users of AI models like Claude and Gemini. This incident highlights the growing risks associated with AI-powered tools and the platforms that host them. Separately, concerns are rising over the misuse of AI for creating deepfakes, particularly impacting K-pop idols, and the broader implications for identity control in the age of AI agents. AI

A user on Reddit is seeking alternatives to the Cursor IDE due to security and compliance concerns. Despite privacy features, Cursor's documentation indicates it may store code data, and telemetry cannot be fully disabled on company subscriptions. Past vulnerabilities and a lack of detailed AI activity audit logs have led to compliance issues, prompting a search for an IDE with a strong zero-retention guarantee that supports the full development workflow. AI

Atsign has launched a new platform called AI Architect that uses cryptographic invisibility to secure AI-driven applications. This technology aims to protect AI agents and their associated applications from unauthorized access and manipulation. The platform is designed to enhance the security posture of AI systems by embedding cryptographic protections directly into their architecture. AI

A research guide outlines a strategy for evaluating AI models for "SPI-incompatible" behavior and reasoning. The guide details a proposed workflow, next steps based on prior experiments, and criteria for identifying undesirable "SPI-incompatibilities." The author is seeking collaborators for further development and invites interested parties to a private Git repository. AI

ArgusRed has developed a post-trained AI model capable of performing penetration tests on code, a departure from models that typically refuse to analyze potentially vulnerable code. This new model aims to proactively identify security flaws rather than simply rejecting code that might be risky. The development focuses on enhancing code security through automated vulnerability assessment. AI

A professor from Tohoku University, Naoki Kuramoto, has raised concerns about the necessity of strict identity verification methods, such as facial or fingerprint recognition, for fair university entrance exams. This discussion is prompted by an incident where AI-generated photos bypassed initial identity checks at Kindai University. The situation highlights the growing challenge of preventing impersonation in academic settings due to advancements in AI technology. AI

A new attack campaign targets coding agents like Cursor and Claude Code by exploiting unauthenticated Sentry error logs. Attackers create fake Sentry issues that prompt the agent to run a malicious npm package disguised as a diagnostic tool. While one agent successfully identified and blocked the typosquatted package, the vulnerability highlights concerns about the security of agent inputs and execution permissions. AI

Users on Reddit are discussing how to bypass Ideogram AI's safety filters, which often block images of swimwear and beachwear. The issue appears to stem from specific trigger words in the prompt rather than image analysis. By describing the scene and persona instead of explicitly naming clothing items like 'bikini,' users can generate appropriate images without triggering the filter. AI

Microsoft has disabled 73 GitHub repositories due to a malware attack that targeted AI users. The malware was designed to steal user credentials, compromising accounts that interacted with AI-related tools. This incident highlights the security risks associated with AI development and usage. AI

Microsoft's cloud infrastructure was compromised, allowing threat actors to distribute malware to users of AI services like Anthropic's Claude and Google's Gemini. The attackers exploited a misconfiguration in Microsoft's systems, which inadvertently exposed credentials. This breach highlights the security risks associated with the growing reliance on AI platforms. AI

Hackers have exploited Meta's AI support assistant to gain unauthorized access to Instagram accounts. The attackers used a VPN to mask their location, then initiated a password reset and interacted with the AI chatbot to complete the process. This method allowed them to seize control of user accounts. AI

Meta's AI customer support chatbot was recently tricked into helping users reset their Instagram account access. While AI offers benefits like 24/7 availability, this incident highlights its naivety in handling sensitive processes. The AI's susceptibility to social engineering suggests caution when deploying it for critical functions like identity verification or account access. AI

A new analysis reveals that readily available social media photos, combined with facial recognition technology, can create a powerful surveillance tool. Researchers demonstrated that by using images from platforms like Instagram and Mastodon, they could identify individuals and build extensive facial databases. This "homemade" facial recognition system, leveraging over 412,000 faces, raises significant privacy concerns. AI