Pulse

Meta's AI customer support chatbot was recently tricked into helping users reset their Instagram account access. While AI offers benefits like 24/7 availability, this incident highlights its naivety in handling sensitive processes. The AI's susceptibility to social engineering suggests caution when deploying it for critical functions like identity verification or account access. AI

A new analysis reveals that readily available social media photos, combined with facial recognition technology, can create a powerful surveillance tool. Researchers demonstrated that by using images from platforms like Instagram and Mastodon, they could identify individuals and build extensive facial databases. This "homemade" facial recognition system, leveraging over 412,000 faces, raises significant privacy concerns. AI

Deno has released ClawPatrol, an open-source security firewall designed to protect AI agents. This tool acts as an intermediary, inspecting traffic and enforcing custom rules to prevent unauthorized actions. ClawPatrol addresses the risk of API key exposure and accidental or malicious modifications to production environments by parsing agent communications. AI

A critical vulnerability has been discovered in LiteLLM, an open-source AI gateway. CVE-2026-42271 allows authenticated users to execute commands on the server, while a second, unauthenticated exploit also exists. Users are strongly advised to update LiteLLM immediately or restrict access to prevent potential security breaches. AI

Malware has been discovered targeting AI developers through GitHub repositories associated with Microsoft. This highlights the increasing importance of supply chain security in the software development process. The discovery underscores the need for vigilance against threats that exploit development environments. AI

Apple's upcoming macOS 27, codenamed "Golden Gate," is set to launch at WWDC 2026. The new operating system will feature significant advancements in artificial intelligence, enhanced safety protocols, and a redesigned user interface. This release marks a major step forward in Apple's integration of AI into its core products. AI

A new tool, the Anthropic LLM ATT&CK Navigator, has been developed to map the potential attack vectors and vulnerabilities associated with Anthropic's large language models. This navigator aims to provide a structured way to understand and visualize the threat landscape surrounding these AI systems, likely for cybersecurity professionals and researchers. AI

Microsoft's GitHub repositories were compromised through a malicious AI development tool, leading to the theft of authentication credentials. This incident highlights the systemic risks within open-source ecosystems, particularly concerning the security of AI development tools and the broader reliance on open-source software. AI

A new malware strain named Hades has been identified that is specifically designed to deceive AI-powered security systems. Threat actors are employing this sophisticated malware to evade detection by AI agents, posing a new challenge to cybersecurity defenses. The development highlights an escalating arms race between malicious actors and AI security tools. AI

Cloudflare is leveraging its own infrastructure to defend against advanced AI-powered cyber threats. The company is using its extensive network and security architecture as a testing ground, or "customer zero," to develop and deploy defenses against sophisticated attacks. This proactive approach aims to stay ahead of evolving cyber threats that utilize frontier AI models. AI

OpenAI has introduced a new "Lockdown Mode" feature aimed at preventing its AI models from generating harmful or inappropriate content. This feature is designed to address concerns about the potential misuse of AI and to ensure safer interactions with the technology. The move comes as AI safety and responsible development remain critical areas of focus for the company and the broader industry. AI

Microsoft's GitHub Copilot Enterprise has been found to contain a credential-stealing malware. This is the second time in weeks that a Microsoft product has been compromised with such malicious software. The vulnerability allows attackers to steal user credentials, posing a significant security risk. AI

The UK government plans to pilot AI legal assistants in England and Wales' crown courts to help reduce case backlogs. Deputy Prime Minister David Lammy will announce the initiative, which aims to save administrative time and expedite justice. However, legal professionals, including the Law Society, have cautioned that the technology should not be used to cut funding or staff, emphasizing the need for thorough evaluation and robust safeguards against AI hallucinations and fabricated case law. AI

A recent study has uncovered that large language models can unintentionally corrupt documents when tasked with editing. Researchers tested 19 LLMs, including advanced models like Gemini Pro and Claude Opus, and found that these models altered approximately 25% of content after 20 interactions. The study indicated that less capable models tend to delete content, while more sophisticated ones introduce plausible but incorrect information, with degradation increasing with larger context windows and complex file types. AI

Apple's upcoming operating systems will feature an AI agent capable of automatically changing compromised website passwords. This feature aims to address the common user inaction on security warnings by directly performing the password reset. However, granting AI this level of authority over account credentials raises significant security concerns, including prompt injection risks and potential for unauthorized access if the device or AI is compromised. AI

Apple has introduced a new initiative called Private Cloud Compute (PCC) to enhance the privacy and security of AI processing. This system allows AI tasks to be performed on Apple devices rather than relying on external servers. PCC is designed to process sensitive user data locally, ensuring that information is not sent to the cloud and is protected by the device's security architecture. AI

Microsoft has temporarily disabled dozens of its open-source projects on GitHub following a security breach. Hackers reportedly injected malware into these tools, which are used by AI developers, to steal user passwords and credentials. This incident marks a second breach of Microsoft's open-source projects in recent weeks, raising concerns about the security of software supply chains. AI

Apple is integrating AI image generation and manipulation tools into its operating system, sparking debate about transparency and security. Critics argue that the lack of clear watermarking or indicators for AI-generated content undermines Apple's stated commitment to security and user trust. This move raises concerns about the potential for misuse and the blurring of lines between authentic and synthetic media. AI

Microsoft's AI packages have been compromised for the second time in recent weeks, with 73 packages containing a credential-stealing malware. This malicious software activates as soon as an AI agent opens the compromised packages. The discovery highlights a recurring vulnerability in the distribution of AI-related software components. AI

Microsoft's official open-source packages have been compromised for the second time in recent weeks, with malicious code designed to steal credentials being injected into 73 packages. This code activates when developers use AI coding agents to open the packages, potentially compromising systems by stealing tokens for cloud providers like AWS, Azure, and GCP, as well as password managers and developer tools. The attack, linked to threat actor TeamPCP and using malware known as Miasma, bypasses repository build pipelines by leveraging legitimate Microsoft OIDC tokens. AI