Posts tagged #ai-security
═══ #AI-SECURITY ═══
GitHub CodeQL 2.26.0 added system prompt injection detection, pulling AI prompt security into ordinary static analysis and treating prompts like application inputs.
GitHub's enterprise-managed OpenTelemetry export for Copilot in VS Code and Copilot CLI shows coding agents becoming observable production infrastructure, because the agent now has enough power to need a black box.
OpenAI's GPT-5.6 preview, Anthropic's Fable/Mythos shutdown, and GLM-5.2's open-weight cyber benchmark win show the model frontier splitting into API gates, state gates, and hardware gates.
Anthropic's accusation that Alibaba-linked operators used 25,000 fake accounts and 28.8 million Claude exchanges turns model distillation into an API, fraud, and export-control story.
Stanford's Real World AI Security conference put BrowseSafe on the program, and the paper shows why prompt injection in browser agents is a web-security problem with real actions attached.
OpenAI's Daybreak expansion and Patch the Planet initiative show the AI security race moving from vulnerability discovery into patch production, maintainer burden, and controlled access.
Hackers reportedly tricked Meta's AI support assistant into changing Instagram account emails and handing over reset flows. The failure lived in the permissions.
ChatGPhish turns ChatGPT page summaries into a phishing surface. The exploit is not glamorous. That is the problem.