#security

OpenAI banned two clusters of ChatGPT accounts originating from China that ran covert influence operations promoting narratives about data center costs and US tariffs.

Developer releases mitmwall, a mitmproxy-based firewall for intercepting unauthorized data flows from AI agents and supply-chain attacks in local environments.

Attackers are exploiting AI chatbot aggregation platforms through malvertising, redirecting users to malware-hosting domains.

As LLMs automate security research, bug bounty programs face supply shocks and compressed disclosure timelines that threaten decades-old vulnerability management standards.

President Trump postponed signing an executive order on AI model pre-release security review, citing competitive advantage over China and scheduling conflicts.

NanoClaw creators turn down a buyout offer and secure seed funding from Valley Capital Partners, Hugging Face's Clem Delangue, and others, betting on community-driven growth over quick exit.

Maintainers describe the influx of automated vulnerability submissions as 'almost unmanageable,' prompting debate over AI tooling governance.

OpenAI says two employee devices were compromised in the Mini Shai-Hulud supply chain attack, with limited credential data exfiltrated from internal repositories.

OpenAI engineered a bespoke Windows sandbox for its Codex coding agent after existing OS-level isolation tools proved unfit for open-ended developer workflows.

A new arXiv preprint examines whether known large language model biases can be deliberately exploited to distort AI-generated search summaries.

Wiz Research used AI to uncover a critical RCE flaw in GitHub's git infrastructure; engineers patched it in under six hours with no confirmed exploitation.