devtake.dev
AI Security Hardware Open Source Policy Apple

#ai-security

RSS
Related: #security · 9 #anthropic · 7 #supply-chain · 7 #claude-mythos · 6 #policy · 6 #ai-agents · 5 #llm · 4 #project-glasswing · 4 #regulation · 4 #ai-models · 3
Anthropic's announcement artwork for the Fable 5 and Mythos 5 access suspension, a soft gradient panel with the Claude wordmark.
AI·

Days after opening Fable 5 to the public, a US government order forced Anthropic to pull it

A Commerce Department export directive forced Anthropic to disable Fable 5 and Mythos 5 for all users, days after opening Fable 5 to the public.

A hand holds a smartphone showing the Claude Mythos app logo against a dark backdrop with Anthropic's orange burst symbol.
Policy·

Anthropic is sending Mythos 5, the model it called too dangerous, to cyberdefenders and the US government

Mythos 5 is the same model as Fable 5 with cyber safeguards lifted, going to Project Glasswing defenders and, Anthropic says, ~150 orgs across 15+ countries.

Abstract cybersecurity illustration of a glowing padlock over a circuit board, representing data protection
AI·

OpenAI added a Lockdown Mode to ChatGPT to blunt prompt-injection attacks

OpenAI shipped Lockdown Mode in ChatGPT to cut off the data-exfiltration step of prompt-injection attacks. Here's what it actually restricts and who should turn it on.

The White House in Washington, D.C., where the executive order was signed
Policy·

Trump dropped the mandatory AI model review after Silicon Valley pushed back

Trump's June 2 AI executive order asks for a voluntary 30-day model review, down from a mandatory 90-day one. Here's what got cut and who pushed.

Anthropic Project Glasswing announcement card with glasswing butterfly motif.
AI·

Anthropic's Glasswing logged 10,000 vulnerabilities in a month. Most are still waiting on a patch.

Anthropic says Project Glasswing's first month produced over 10,000 critical-and-high-severity vulns. Verification and patching is the limiting step.

London City Hall and a Metropolitan Police officer, illustrating the Mayor's intervention in the Met procurement process.
Policy·

Sadiq Khan blocked a £50M Met Police deal with Palantir. Scotland Yard had only talked to one supplier.

London's mayor cited a 'clear and serious breach' of procurement rules and stopped the Metropolitan Police from awarding Palantir a £50M AI intelligence contract on May 21.

An illustration of the Claude Code deeplink vulnerability, showing a malicious URL handler triggering a shell prompt.
Security·

A bad command-line parser turned every claude-cli:// link into a remote shell

Joernchen of 0day.click found a deeplink RCE in Claude Code. Anthropic shipped the fix in 2.1.118 the same week.

Stylized illustration of remote code execution attack flow
Security·

F5 patched an 18-year-old NGINX bug. Attackers can RCE a third of the web with one crafted request.

F5 disclosed CVE-2026-42945 on May 13 after depthfirst's analyzer found a heap overflow in a 2008 commit. NGINX 1.31.0 ships the patch, every Plus tier needs an upgrade.

Cyera Research disclosure illustration for the Bleeding Llama vulnerability in Ollama's model execution pipeline
Security·

A crafted Ollama model file leaks the whole server's memory. 300,000 instances are exposed.

Cyera disclosed CVE-2026-7482 on May 1, a CVSS 9.1 unauthenticated heap read in Ollama. Three API calls dump prompts, env vars, and API keys from any open instance.

Illustration accompanying ChinaTalk's investigation into grey-market Claude API proxy networks
AI·

Chinese proxy networks sell Claude API access at 90% off. They harvest every prompt that passes through.

A ChinaTalk investigation reveals how 'transfer stations' resell Anthropic API access using stolen credentials, model substitution, and prompt harvesting.

Illustration representing DOGE and government technology
Policy·

A judge killed DOGE's grant purge. The 'review process' was asking ChatGPT 'Is this DEI?'

A federal judge restored $100M+ in grants after two DOGE staffers used ChatGPT to flag 97% of NEH grants as DEI, including an HVAC repair and Holocaust research.

Abstract visualization of data exposure through code
Security·

380,000 vibe-coded apps are sitting on the open web. 5,000 of them are leaking real data.

RedAccess found that AI coding tools like Lovable, Base44, and Replit default to public hosting, leaving medical records, bank internals, and corporate secrets indexed by Google.

DHS senior official Kristie Canegallo presenting awards at the CISA Annual Award Ceremony in Arlington, Virginia.
Security·

Five Eyes intel agencies publish first joint agentic AI security guide. Their advice: slow down.

CISA, NSA, GCHQ, ASD, CSE and NCSC-NZ jointly tell organizations agentic AI isn't ready for fast rollout. The 23-page guide names five risk categories.

A malicious GGUF file owns your SGLang server: CVE-2026-5760 is an unpatched 9.8
Security·

A malicious GGUF file owns your SGLang server: CVE-2026-5760 is an unpatched 9.8

SGLang's reranker renders chat templates without a sandbox. Load a hostile GGUF, hit /v1/rerank, and the attacker has Python on your inference box. No patch yet.

Anthropic Project Glasswing branding from Anthropic's news page.
AI·

A Discord group guessed Anthropic's URL pattern and walked into Claude Mythos

Bloomberg reports a small group accessed Anthropic's locked-down Mythos model the same day it launched, using credentials from a third-party contractor and educated URL guessing.

Aikido Security illustration of the GPT-Proxy backdoor.
Security·

Malicious npm and PyPI packages turn dev servers into Chinese LLM proxies

Aikido found a stage-2 Go binary inside two health-check-themed packages that runs an OpenAI-compatible router routing Claude, GPT, and Gemini traffic through Chinese aggregators.

Illustration accompanying Tom's Hardware coverage of the Linux kernel driver removal.
Open Source·

Linux 7.1 is yanking ham radio, ISDN, and ATM. The reason: AI bug-report spam.

Jakub Kicinski's networking pull request removes 138,161 lines of decades-old code. Kernel maintainers say LLM-generated bug reports made the old subsystems un-maintainable.

Mozilla Firefox 150 security announcement cover graphic
Open Source·

Mozilla fixed 271 Firefox bugs that Claude Mythos found. Its own tests caught 22.

Firefox 150 shipped Monday with 271 security fixes from Anthropic's Project Glasswing. Mozilla CTO Bobby Holley says Mythos matches elite human researchers.