27,000-Download Codex UI Tool Secretly Stole OpenAI Refresh Tokens
A malicious Codex UI npm package with 27,000 weekly downloads was caught exfiltrating OpenAI refresh tokens, exposing developers to account takeover risks.
OpenAI
Frontier AI models collapse under multi-turn AI attacks, Cisco finds
Attackers who probe large language models rarely give up after one refusal. They reframe, build context across turns, adopt personas, and escalate gradually. New research from Cisco’s AI threat intelligence team finds that the safety benchmarks u…
How big tech got its way on Trump’s AI executive order
The US president’s reversal on calling for a safety review of new AI models is a green light for tech’s unchecked powerOnly hours before Donald Trump was set to sign a long-awaited executive order on Thursday that would have called for a government saf…
OpenAI makes breakthrough on 80-year-old maths problem
Company says work on Paul Erdős planar unit distance problem shows advance in AI reasoningOpenAI has claimed a further advance in AI reasoning after its technology successfully tackled an 80-year-old maths problem.The company behind ChatGPT said it had…
AI will help make a Nobel prize-winning discovery within a year, says Anthropic co-founder
Jack Clark describes ‘vertiginous sense of progress’ and ‘profound changes’ to society alongside risks of technologyAn AI system will work with humans to make a Nobel prize-winning discovery within 12 months and tradespeople will be helped by bipedal r…
1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials
1Password says AI coding agents should never hold persistent secrets, introducing a just-in-time credential model for OpenAI Codex designed to keep credentials out of prompts, code repositories, and model context.
The post 1Password Teams With OpenAI t…
Product showcase: McAfee + ChatGPT integration turns doubt into a scam check
McAfee + ChatGPT integration brings real-time scam detection in conversations and gives users an easier way to verify suspicious content before clicking or responding. It is available to anyone, without requiring a McAfee or ChatGPT subscription. It co…
OpenAI hit by supply chain attack linked to malicious TanStack packages
OpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories. OpenAI confirmed that the recent TanStack supply chain attack compromised two employee devices and exposed credential material stored in internal source code repositories. The incident began after the TeamPCP hacking group abused weaknesses in the package publishing process […]
OpenAI Hit by TanStack Supply Chain Attack
Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories.
The post OpenAI Hit by TanStack Supply Chain Attack appeared first on SecurityWeek.
High-stakes courtroom drama of Musk v OpenAI hears closing arguments
Nine-person jury to consider whether AI firm bilked world’s richest person and unjustly enriched themselvesClosing arguments began on Thursday in Elon Musk’s lawsuit against Sam Altman and OpenAI, bringing the weeks-long courtroom battle between the tw…