Articles tagged ai-security on devtake.dev.https://devtake.dev/en-ushttps://devtake.dev/article/anthropic-fable-mythos-government-suspension/https://devtake.dev/article/anthropic-fable-mythos-government-suspension/A Commerce Department export directive forced Anthropic to disable Fable 5 and Mythos 5 for all users, days after opening Fable 5 to the public.Sat, 13 Jun 2026 14:30:00 GMTaiai-modelsanthropicclaudeclaude-mythosai-securitypolicydieter-morellihttps://devtake.dev/article/claude-mythos-5-cyberdefenders/https://devtake.dev/article/claude-mythos-5-cyberdefenders/Mythos 5 is the same model as Fable 5 with cyber safeguards lifted, going to Project Glasswing defenders and, Anthropic says, ~150 orgs across 15+ countries.Tue, 09 Jun 2026 18:40:00 GMTpolicyanthropicclaude-mythosproject-glasswingpolicynational-securityai-safetyai-securitycybersecurityclara-wexlerhttps://devtake.dev/article/openai-lockdown-mode-prompt-injection/https://devtake.dev/article/openai-lockdown-mode-prompt-injection/OpenAI shipped Lockdown Mode in ChatGPT to cut off the data-exfiltration step of prompt-injection attacks. Here's what it actually restricts and who should turn it on.Mon, 08 Jun 2026 10:15:00 GMTaiopenaiai-securityprompt-injectionllmai-agentsdieter-morellihttps://devtake.dev/article/trump-narrower-ai-executive-order/https://devtake.dev/article/trump-narrower-ai-executive-order/Trump's June 2 AI executive order asks for a voluntary 30-day model review, down from a mandatory 90-day one. Here's what got cut and who pushed.Wed, 03 Jun 2026 13:00:00 GMTpolicypolicyregulationai-securitynational-securityai-modelsclara-wexlerhttps://devtake.dev/article/anthropic-glasswing-deception-monitor/https://devtake.dev/article/anthropic-glasswing-deception-monitor/Anthropic says Project Glasswing's first month produced over 10,000 critical-and-high-severity vulns. Verification and patching is the limiting step.Sat, 23 May 2026 09:45:00 GMTaianthropicclaude-mythosproject-glasswingsecurityai-securitysupply-chainvulnerability-disclosuredieter-morellihttps://devtake.dev/article/khan-blocks-met-police-palantir-50m/https://devtake.dev/article/khan-blocks-met-police-palantir-50m/London's mayor cited a 'clear and serious breach' of procurement rules and stopped the Metropolitan Police from awarding Palantir a £50M AI intelligence contract on May 21.Fri, 22 May 2026 09:45:00 GMTpolicypolicypalantirukregulationai-securitysurveillanceprocurementlondonclara-wexlerhttps://devtake.dev/article/claude-code-rce-deeplink-cve/https://devtake.dev/article/claude-code-rce-deeplink-cve/Joernchen of 0day.click found a deeplink RCE in Claude Code. Anthropic shipped the fix in 2.1.118 the same week.Wed, 20 May 2026 09:15:00 GMTsecuritysecurityanthropicclaude-coderceai-securitysupply-chainai-agentsdev-toolsluca-reinhardthttps://devtake.dev/article/nginx-rift-18-year-rce/https://devtake.dev/article/nginx-rift-18-year-rce/F5 disclosed CVE-2026-42945 on May 13 after depthfirst's analyzer found a heap overflow in a 2008 commit. NGINX 1.31.0 ships the patch, every Plus tier needs an upgrade.Thu, 14 May 2026 10:30:00 GMTsecuritysecuritynginxf5cve-2026-42945rceheap-overflowdepthfirstai-securityluca-reinhardthttps://devtake.dev/article/ollama-bleeding-llama-cve-2026-7482/https://devtake.dev/article/ollama-bleeding-llama-cve-2026-7482/Cyera disclosed CVE-2026-7482 on May 1, a CVSS 9.1 unauthenticated heap read in Ollama. Three API calls dump prompts, env vars, and API keys from any open instance.Mon, 11 May 2026 10:00:00 GMTsecuritysecurityollamallmcve-2026-7482local-inferencememorycyeraai-securityluca-reinhardthttps://devtake.dev/article/chinese-grey-market-claude-api-stolen-credentials/https://devtake.dev/article/chinese-grey-market-claude-api-stolen-credentials/A ChinaTalk investigation reveals how 'transfer stations' resell Anthropic API access using stolen credentials, model substitution, and prompt harvesting.Sun, 10 May 2026 09:30:00 GMTaianthropicclaudeai-securitycredential-theftchinasupply-chainai-modelsdieter-morellihttps://devtake.dev/article/doge-chatgpt-grants-ruling-illegal/https://devtake.dev/article/doge-chatgpt-grants-ruling-illegal/A federal judge restored $100M+ in grants after two DOGE staffers used ChatGPT to flag 97% of NEH grants as DEI, including an HVAC repair and Holocaust research.Sat, 09 May 2026 08:30:00 GMTpolicypolicyai-securityopenairegulationai-agentsnational-securityclara-wexlerhttps://devtake.dev/article/vibe-coded-apps-expose-corporate-data/https://devtake.dev/article/vibe-coded-apps-expose-corporate-data/RedAccess found that AI coding tools like Lovable, Base44, and Replit default to public hosting, leaving medical records, bank internals, and corporate secrets indexed by Google.Sat, 09 May 2026 08:00:00 GMTsecuritysecurityai-securityai-agentsdev-toolssupply-chainprivacycredential-theftluca-reinhardthttps://devtake.dev/article/five-eyes-agentic-ai-warning/https://devtake.dev/article/five-eyes-agentic-ai-warning/CISA, NSA, GCHQ, ASD, CSE and NCSC-NZ jointly tell organizations agentic AI isn't ready for fast rollout. The 23-page guide names five risk categories.Mon, 04 May 2026 09:50:00 GMTsecuritysecurityai-securityai-agentsagentscisansapolicyregulationluca-reinhardthttps://devtake.dev/article/sglang-cve-2026-5760-gguf-rce/https://devtake.dev/article/sglang-cve-2026-5760-gguf-rce/SGLang's reranker renders chat templates without a sandbox. Load a hostile GGUF, hit /v1/rerank, and the attacker has Python on your inference box. No patch yet.Mon, 27 Apr 2026 11:30:00 GMTsecuritysglangcve-2026-5760supply-chainai-securityllmrcejinja2ggufluca-reinhardthttps://devtake.dev/article/anthropic-mythos-breach-discord/https://devtake.dev/article/anthropic-mythos-breach-discord/Bloomberg reports a small group accessed Anthropic's locked-down Mythos model the same day it launched, using credentials from a third-party contractor and educated URL guessing.Sat, 25 Apr 2026 11:00:00 GMTaianthropicclaude-mythosai-securitysupply-chainproject-glasswingmercorsecuritydieter-morellihttps://devtake.dev/article/gpt-proxy-npm-supply-chain/https://devtake.dev/article/gpt-proxy-npm-supply-chain/Aikido found a stage-2 Go binary inside two health-check-themed packages that runs an OpenAI-compatible router routing Claude, GPT, and Gemini traffic through Chinese aggregators.Sat, 25 Apr 2026 07:30:00 GMTsecuritysupply-chainnpmpypiai-securitymalwarellmchinacredential-theftluca-reinhardthttps://devtake.dev/article/linux-7-1-ham-radio-isdn-removal/https://devtake.dev/article/linux-7-1-ham-radio-isdn-removal/Jakub Kicinski's networking pull request removes 138,161 lines of decades-old code. Kernel maintainers say LLM-generated bug reports made the old subsystems un-maintainable.Fri, 24 Apr 2026 21:00:00 GMTopen-sourcelinuxlinux-kernellinux-7-1kernelai-securitynetworkingopen-sourcesecuritysoren-vanekhttps://devtake.dev/article/mozilla-firefox-mythos-bug-hunt/https://devtake.dev/article/mozilla-firefox-mythos-bug-hunt/Firefox 150 shipped Monday with 271 security fixes from Anthropic's Project Glasswing. Mozilla CTO Bobby Holley says Mythos matches elite human researchers.Wed, 22 Apr 2026 13:00:00 GMTopen-sourcemozillafirefoxanthropicclaude-mythosproject-glasswingsecurityai-securitysoren-vanekhttps://devtake.dev/article/openai-gpt54-cyber-security-model/https://devtake.dev/article/openai-gpt54-cyber-security-model/OpenAI's new cybersecurity-tuned model can reverse-engineer binaries and analyze malware. It's restricted to verified defenders through the Trusted Access program.Thu, 16 Apr 2026 08:00:00 GMTaiopenaicybersecuritygpt-5-4claude-mythosdefensive-securityai-securitydieter-morelli