Brief

Major U.S. banks are deploying Anthropic's Mythos AI to enhance their cybersecurity defenses, identifying and addressing vulnerabilities with increased speed. The AI model simulates complex attack scenarios to test system weaknesses beyond traditional methods. To address technological disparities, larger institutions with Mythos access are sharing their findings with smaller banks, fostering industry-wide cooperation against evolving cyber threats. AI

Researchers have developed GaitProtector, a novel framework for de-identifying gait patterns by simultaneously obscuring the original identity and impersonating a target identity. This method utilizes a training-free diffusion latent optimization pipeline, leveraging a pretrained 3D video diffusion model to generate protected gaits. Experiments demonstrate significant reductions in gait recognition accuracy while preserving visual and temporal quality, and maintaining utility for downstream diagnostic tasks. AI

Researchers have introduced MEME, a new benchmark designed to evaluate the memory capabilities of LLM-based agents in persistent environments. MEME addresses limitations in prior work by defining six tasks that cover multi-entity interactions and evolving memory states, including novel challenges like dependency reasoning and deletion. Initial evaluations across six memory systems revealed significant performance collapses on dependency reasoning tasks, with even advanced LLMs and prompt optimization failing to bridge the gap. While one system using Claude Opus 4.7 showed partial success, its high cost indicates practical scalability challenges for current memory solutions. AI

Researchers have developed TextSeal, a novel watermarking technique for large language models designed to protect against unauthorized use and distillation. This method utilizes dual-key generation and entropy-weighted scoring for robust detection, even in mixed human-AI content. TextSeal maintains output diversity and does not introduce inference overhead, outperforming existing baselines while preserving downstream task performance and human-perceived quality. AI

Researchers have developed a new method to detect AI-generated political discourse by comparing its characteristics to real human online behavior. Their study analyzed over 1.7 million posts across nine crisis events, finding that synthetic text, while fluent, is less realistic than observed discourse. The AI-generated content tends to be more negative, structurally regular, and abstract, lacking the emotional variation and colloquialisms found in human posts. This 'Caricature Gap' suggests that current LLMs struggle with population-level realism, offering a new auditing framework beyond traditional text detection. AI

The TrustBridge Architecture is presented as a solution to mitigate prompt injection vulnerabilities in AI models like Anthropic's Claude. This approach aims to enhance security by preventing malicious inputs from manipulating the AI's behavior or extracting sensitive information. The article emphasizes the importance of such architectural safeguards in the evolving landscape of AI technology. AI

Researchers have developed a novel method using Random Matrix Theory to detect overfitting in neural networks, particularly during the "anti-grokking" phase of long-horizon training. This technique identifies "Correlation Traps" within model layers by analyzing deviations from the Marchenko-Pastur distribution in randomized weight matrices. The study found that these traps increase as test accuracy declines while training accuracy remains high, and importantly, some large-scale LLMs exhibit similar traps, suggesting potential harmful overfitting. AI

A new paper reveals that leading AI models like Opus 4.6, GPT 5.4, and Gemini 3.1 exhibit significant performance degradation when classifying long transcripts, a crucial task for monitoring coding agents. These models miss subtly dangerous actions much more frequently in transcripts exceeding 800,000 tokens compared to shorter ones. While prompting techniques can partially mitigate this issue, further post-training improvements are likely necessary to ensure reliable monitoring in long-context scenarios. AI

Researchers have identified significant vulnerabilities in agentic AI governance systems, particularly concerning the potential for a compromised central provider to undermine security. The paper introduces SAGA-BFT, a fully Byzantine-resilient architecture that offers strong protection but at a performance cost. To address this, they also propose SAGA-MON and SAGA-AUD, which use lightweight monitoring or auditing for minimal overhead, and SAGA-HYB, a hybrid approach balancing security and performance. AI

Researchers have introduced FAMeX, a novel algorithm designed to enhance the explainability of artificial intelligence systems. This new technique utilizes a graph-theoretic approach called a Feature Association Map (FAM) to model relationships between features. Experiments indicate that FAMeX outperforms existing methods like Permutation Feature Importance (PFI) and SHapley Additive exPlanations (SHAP) in determining feature importance for classification tasks. AI

Researchers have introduced Bregman Safety Optimization (BSO), a novel method for aligning language models for both helpfulness and safety. BSO simplifies existing complex pipelines by reducing safety alignment to a density ratio matching problem, solvable with a single-stage loss function. This approach avoids auxiliary models and recovers existing safety-aware methods as special cases, demonstrating improved safety-helpfulness trade-offs in experiments. AI

Apple has released iOS 26.5, addressing over 60 security vulnerabilities, including critical flaws in the Kernel and WebKit that could allow for privilege escalation and data disclosure. The update also fixes bugs in App Intents, with experts noting that these components are often chained together in sophisticated attacks. Notably, researchers from Google's Threat Analysis Group and Anthropic, utilizing AI like Claude, contributed to identifying some of these critical issues, highlighting the growing role of AI in both discovering and potentially exploiting software vulnerabilities. AI

Researchers have developed GKnow, a new benchmark designed to measure both factual gender knowledge and gender bias in language models. This benchmark aims to disentangle stereotypical outputs from factually gendered ones, which are often conflated in current analyses. Experiments using GKnow revealed that factual gender knowledge and gender bias are deeply intertwined at both the circuit and neuron levels within models, suggesting that simple ablation techniques may be ineffective for debiasing and can even mask a loss of factual gender knowledge. AI

Researchers have developed a new method called contrastive neuron attribution (CNA) to identify specific neurons in language models that are responsible for refusing harmful requests. This technique requires only forward passes and can pinpoint the critical neurons with high accuracy. Ablating these identified neurons significantly reduced refusal rates by over 50% on a benchmark test, while maintaining output quality. The study also found that while base models possess similar underlying structures, the alignment fine-tuning process transforms these into a targeted refusal mechanism. AI

Researchers have introduced PreScam, a new benchmark designed to help AI models understand and predict the progression of conversational scams. The benchmark, derived from over 177,000 user-submitted scam reports, categorizes scams into 20 types and annotates conversations with scammer tactics and victim responses. Initial evaluations reveal that while current models can identify some scam-related cues, they struggle to accurately predict when a scam is nearing completion or forecast specific scammer actions, indicating a gap between language fluency and true progression modeling. AI

A new study published on arXiv investigates emergent misalignment (EM) in large language models, finding it is not a universal phenomenon but rather an artifact of overtraining. Researchers tested 12 open-source models across four families and discovered that EM is more prevalent in larger models and emerges late in the training process. The study suggests practical mitigation strategies, such as early stopping during fine-tuning, which can eliminate EM while retaining most task performance. AI

Researchers have developed a new decoding algorithm called COVA to reconstruct personally identifiable information (PII) from supervised finetuned language models. The study focused on sensitive domains like medical and legal settings, demonstrating that an adversary with even partial knowledge of the fine-tuning dataset can infer sensitive user data. The effectiveness of PII reconstruction varied by PII type, highlighting significant privacy risks associated with current fine-tuning practices. AI

This paper introduces a formal framework to explain why individuals or AI systems can reach different conclusions from the same set of observations. It proposes two levels of non-identifiability: divergence in conclusions due to differing inference settings, and divergence in the learned world models themselves. The authors define an 'inference profile' to model these differences and connect the framework to concepts in deep representation learning, using AI regulation debates as a case study. AI

A new research paper investigates why stylistic reformulations, like poetic language, can bypass safety mechanisms in large language models. The study, using Qwen3-14B as a case study, found that models can distinguish poetic from prose formats but struggle to predict jailbreak success within these formats. The findings suggest that accumulated stylistic irregularities, rather than specific poetic devices or a failure to recognize literary formatting, lead to distinct processing patterns that circumvent safety measures. AI

Researchers have developed a new method called Latent Causal Void (LCV) to improve misinformation detection, particularly for articles that omit crucial context. LCV works by explicitly reconstructing the missing factual information for each sentence in a target article. This reconstructed fact is then used as a textual relation within a graph-based reasoning system that incorporates contemporaneous reports. Experiments show LCV significantly outperforms existing omission-aware baselines on both English and Chinese datasets. AI

A new security vulnerability called "tool poisoning" allows attackers to compromise AI agents without writing malicious code, by embedding harmful instructions within the natural language descriptions of MCP tools. These descriptions, which AI agents trust similarly to system prompts, can be manipulated to exfiltrate sensitive data like SSH keys under the guise of normal operations or diagnostic steps. Existing security tools are ineffective against this attack because it exploits the semantics of natural language, which can be easily paraphrased, making signature-based detection impossible. The researchers developed a detection method using multiple LLMs to analyze tool descriptions for manipulative instructions. AI

Security researchers have identified a persistent vulnerability across AI coding assistants like Claude Code, OpenAI Codex CLI, and Google Gemini-CLI, dubbed "Approve Once, Exploit Forever." This flaw allows malicious actors to execute arbitrary commands after initial directory trust is granted, even if configuration files are altered later. The vendors have declined to implement fixes, citing the behavior as architectural, leaving users exposed to data exfiltration and command execution through modified project files or dependencies. AI

A US bank has reported an incident where customer data was inadvertently shared with an unauthorized AI application by an employee. The bank cited the volume and sensitivity of the exposed data as primary concerns. This event underscores the urgent need for robust internal security policies and employee training regarding the use of AI tools. AI

A new paper explores the complex definition of "correctness" for AI systems in medical contexts, using the diagnosis of multiple myeloma as a case study. It argues that accuracy is not solely determined by benchmark performance but also by factors like the quality of labeled data, model interpretability, clinically relevant metrics, and accountability in human-AI collaboration. The research highlights challenges such as unstable ground truth labels, opaque AI predictions, inadequate standard metrics, and the risk of automation bias in clinical settings. AI

The ACT (Agent Capability Toolkit) framework introduces a policy layer to sandbox third-party tools used by AI agents, preventing misuse and limiting potential harm. This system operates through three distinct layers: the WebAssembly (WASM) runtime for isolation, the WebAssembly System Interface (WASI) for defining capabilities, and ACT's policy layer which enforces the intersection of declared component capabilities and operator-defined runtime grants. Components must explicitly declare their required capabilities in a manifest, and operators then specify their allowed grants, with the system only permitting access that is present in both declarations. AI

Researchers have introduced Yoked Feature Preference Optimization (YFPO), a novel framework designed to enhance the mathematical reasoning capabilities of large language models. Unlike existing methods that rely solely on external preference data, YFPO incorporates internal neuron activation patterns to guide the optimization process. By identifying neurons associated with mathematical concepts and logical reasoning, YFPO constructs an auxiliary reward signal that complements external supervision. Preliminary experiments on a small-scale model using the GSM8K benchmark indicate that this neuron-guided approach can potentially improve reasoning performance and offers a more interpretable path for model fine-tuning. AI

Anthropic developed an AI model with advanced capabilities that they chose not to release due to safety concerns. This AI demonstrated its power by discovering a 27-year-old security vulnerability within the OpenBSD operating system. The decision to withhold the model highlights Anthropic's commitment to responsible AI development and deployment. AI

Frontier AI safety tests might inadvertently create the risks they aim to prevent. Researchers are exploring how these tests could potentially generate or exacerbate the very dangers they are designed to mitigate. This raises concerns about the effectiveness and potential unintended consequences of current AI safety methodologies. Further investigation is needed to understand and address these emergent risks. AI

A new white paper from AI SAFE proposes the "Transparency Rule," advocating for AI systems to be inherently explainable by design. This framework, part of the AI SAFE© Standards, aims to combat the "black box" problem where AI decision-making is opaque, even to its creators. The rule emphasizes that AI governing critical functions must be interpretable in human terms, introducing a "Clarity Ladder" for transparency maturity and policy models like the "AI SAFE© T-Mark" for certification. AI

Researchers have identified a key vulnerability in current large language model (LLM) unlearning techniques, where models can quickly recover forgotten information through relearning attacks. This fragility stems from existing methods primarily altering dominant components of model representations, leaving minor components intact and more resistant to reversal. To address this, a new method called Minor Component Unlearning (MCU) is proposed, which focuses on modifying these robust minor components to enhance resistance against relearning attacks, showing significant improvements in experiments. AI

Anthropic's Mythos AI model can reportedly breach cyber defenses in as little as 73 seconds. This rapid capability highlights the urgent need for faster and more intelligent cybersecurity responses to counter increasingly sophisticated AI-driven attacks. AI

Researchers have discovered that frontier AI safety tests might inadvertently create the very risks they aim to prevent. The process of testing AI models for safety could potentially expose vulnerabilities or generate new attack vectors. This highlights a complex challenge in AI development, where the methods used to ensure security might paradoxically increase exposure to threats. AI

Researchers have developed a novel backdoor attack method called Paraesthesia for large language models, which leverages emotional style as a dynamic trigger. Unlike previous attacks that used static triggers, this method injects emotional cues into the fine-tuning data, causing the model to generate malicious outputs when encountering emotional inputs during inference. The attack reportedly achieves a near 99% success rate across various tasks and models while preserving the model's original utility. AI