Welcome to this week’s AI Security Newsletter. We’re tracking a busy mix of security findings on AI tooling, new defensive layers for agentic systems, and a spotlight on attack innovation from threat groups. On the policy front, copyright and surveillance debates are sharpening, while regulators probe smart-glasses data handling. We also cover major model and tooling launches, plus fresh surveys and forecasts that frame how fast AI adoption and risks are evolving.
Risks & Security
Claude AI Identifies High-Severity Vulnerabilities in Firefox
Anthropic’s Claude AI found 22 vulnerabilities in Firefox, including 14 rated as high-severity, during recent testing. While the model was adept at spotting these flaws, it successfully exploited only 2 vulnerabilities, highlighting a gap between identification and exploitation. Anthropic emphasized that AI-assisted vulnerability discovery is significantly more cost-effective than developing exploits, underscoring both progress and ongoing security concerns.
APT36 Shifts to AI-Driven “Vibeware” for Scalable Attacks
Pakistan-based threat group APT36 is leveraging AI-assisted development—dubbed “vibeware”—to automate mass production of diverse, disposable malware using languages like Nim, Zig, and Crystal. This campaign targets Indian diplomatic and government entities and exploits cloud services (e.g., Slack, Discord, Google Sheets) for command and control. While technically unsophisticated and error-prone, these tactics focus on overwhelming defenses through volume and evasion, rather than technical innovation.
OpenClaw AI Assistant Shows Rapid Public Exposure Risk
Security researchers observed over 30,000 instances of the fast-growing OpenClaw AI agent exposed on the public internet over a short period. Deployment defaults and convenience lead users to expose the powerful tool, which integrates with personal and professional services, creating significant security risks through potential credential exfiltration and unauthorized system access.
Critical Vulnerabilities Found in Claude Code Configuration Handling
Check Point Research identified critical flaws in Claude Code allowing Remote Code Execution (RCE) and API token exfiltration via malicious project configuration files like .claude/settings.json. These vulnerabilities exploited Hooks and MCP configurations to run arbitrary commands without consent. A separate flaw exposed API keys upon project loading, granting access to shared workspace resources. Anthropic has issued patches for all reported issues.
New Algorithm Significantly Lowers Quantum Computing Barrier for RSA/ECC Decryption
The recently announced JVG algorithm suggests that breaking established RSA and ECC encryption methods may require significantly fewer quantum resources—less than 5,000 qubits—compared to prior projections based on Shor’s algorithm. By offloading more operations to classical computation, the algorithm reduces the quantum gate count by over 99% in tested instances. This development underscores an urgent need for migration to post-quantum cryptography through crypto-agility.
Technology & Tools
Alibaba Releases Qwen 3.5: Compact Multimodal AI Achieves New Benchmarks
Alibaba’s Qwen 3.5 series, released in March 2026, introduces compact multimodal models (0.8B–9B parameters) featuring hybrid Gated Delta Networks and sparse MoE, natively supporting text, image, and video. The Qwen3.5-9B outperforms larger open source rivals on key academic and visual benchmarks, runs locally on consumer hardware, and supports 201 languages, signaling significant progress for edge and local AI deployments.
Google DeepMind Releases Nano Banana 2 Image Model
Google DeepMind introduced Nano Banana 2 (Gemini 3.1 Flash Image), combining Pro-level reasoning with Flash speed for image generation. New capabilities include advanced world knowledge grounding via web search, precise text rendering, subject consistency for narrative building, and high-resolution output up to 4K. The model is rolling out across various Google products, offering a faster alternative to Nano Banana Pro.
Sage Launched: A Lightweight Agent Response Layer for AI Security
The Sage repository introduces a lightweight Agent Detection & Response (ADR) layer designed to guard AI agent commands, file access, and web requests. It utilizes URL reputation, local heuristics, and package supply-chain checks to secure interactions within environments like Claude Code, Cursor/VS Code, and OpenCode. The project is open-source under the Apache 2.0 license, establishing a layer for securing generative AI workflows.
ClawShield Released: Defense-in-Depth Security Proxy for AI Agents
ClawShield is now publicly available as a defense-in-depth security proxy for AI agent traffic. It runs as a single Docker container, incorporating a Go proxy, eBPF kernel monitor, and an iptables firewall. The system features five specialized AI agents, a YAML policy engine that supports hot-reloading, and detailed forensic audit logging with decision explainability.
Business & Products
Mastercard Introduces Trust Layer for Agentic Commerce
Mastercard has launched a new open, standards-based layer intended to address trust issues within the emerging field of agentic commerce. The initiative has secured partnerships with established firms to build this foundational structure. This development focuses on establishing standardized protocols for transactions facilitated by autonomous agents in commercial environments.
OpenAI COO Notes Lagging Enterprise AI Adoption Post-Frontier Launch
OpenAI’s COO, Brad Lightcap, admitted that enterprise adoption of AI solutions has not yet reached significant levels, despite the recent release of the Frontier platform designed for agency development. This statement highlights a persistent gap between current AI capabilities and actual deployment strategies within businesses as the sector focuses on resolving integration challenges.
Coinbase Unveils Agentic Wallets for Autonomous AI Operations
Coinbase introduced Agentic Wallets, infrastructure designed specifically for AI agents to autonomously spend, earn, and trade using crypto rails. These wallets utilize plug-and-play skills, the gasless x402 protocol on Base, and programmable security guardrails like session caps and enclave isolation. This foundation paves the way for independent applications in areas like autonomous DeFi and the machine economy.
Regulation & Policy
Supreme Court Upholds Human Authorship in AI-Generated Art
The U.S. Supreme Court has declined to recognize AI systems as legal authors under copyright law, reaffirming that copyright protections apply only to works created by humans. This decision follows previous rulings against granting AI-generated inventions patents, solidifying a key legal barrier for proponents of AI-generated art seeking copyright status.
Call for Congressional Action on AI Surveillance Amid Anthropic-Pentagon Dispute
A Guardian opinion highlights concerns over government use of AI for surveillance, citing the Anthropic-Pentagon conflict as symptomatic of broader privacy risks. The article urges Congress to pass legislation preventing warrantless acquisition and AI-powered analysis of Americans’ private data, warning that unchecked AI could enable comprehensive government dossiers and threaten civil liberties and freedoms of association, speech, and privacy.
UK Regulator Probes Meta Over Outsourced Review of Smart Glasses Footage
The UK’s Information Commissioner’s Office (ICO) is investigating Meta following reports that outsourced workers viewed sensitive material captured by Ray-Ban Meta smart glasses. Meta confirmed contractors review filtered content, shared with Meta AI, to improve the system, though filtering mechanisms reportedly failed at times. The ICO stated it is seeking clarification on how Meta is meeting UK data protection obligations regarding transparency and user control.
Opinions & Analysis
Mathematicians Challenge AI with Unsolved Problems, Demand Transparency
A group of leading mathematicians has issued a challenge to artificial intelligence systems by presenting them with unsolved lemmas from current research—problems not found in any training data. AI models have one week to submit solutions, which will be checked against encrypted proofs. The initiative aims to address concerns over AI-generated math proofs and seeks to make AI more transparent and useful for mathematical research.
Cybersecurity Forecast Predicts AI Escalation in 2026
The Cybersecurity Forecast 2026 report anticipates an arms race where threat actors escalate attacks using AI capabilities, countered by defenders deploying AI agents for security operations. Key areas of concern include “Shadow Agent” risks, evolving identity management needs, and continued focus on virtualization infrastructure vulnerabilities alongside persistent geopolitical threats.
Claude Code Dominates 2026 Tooling Survey, AI Usage Nears Ubiquity
A recent survey of over 900 software engineers indicates that 95% use AI tools weekly, with 56% performing 70% or more of their work via AI. Anthropic’s Claude Code has rapidly become the most-used coding tool, heavily favored in smaller businesses. Staff+ engineers lead AI agent adoption, and Anthropic’s Opus/Sonnet models are the preferred models for coding tasks.
Leave a comment