Editor Notes
After a few weeks of work, I have automated most of the creation of this newsletter. The reason for this is mostly related to professional workload but also a way to build some AI automation to better understand how it works and what can be done. This will also enable me to ensure the newsletter is being sent on a consistent and regular basis. I will continue to publish some more “editorial” notes and add some comments directly in the newsletter. As the automation is leveraging publicly available news feeds to generate its content, you will find more information about how AI is used by both the attacker and the defender. As I’m building a nice database of raw content, I will continue to build additional layers such as trend analysis, threat landscape shift, threat scenarios, etc.
Obviously, your choice to stick around or unsubscribe (link at the bottom of the email)…and of course, if you like the new format, please share it with your friends/colleagues!
Thanks for the support as always!
Cheers, Simon
Welcome back!
State-sponsored hackers from Russia, China, and North Korea have been caught using OpenAI's models to accelerate their cyber operations—prompting the company to take direct action against nation-state threat actors. The disrupted groups weren't breaking new ground but were essentially using AI as a force multiplier for traditional attack methods like malware development and phishing campaigns.
This development marks a significant moment in the intersection of AI and cybersecurity, raising critical questions about how AI companies will police state-level misuse of their technology. Will this become a new front in international cyber conflicts, with AI providers acting as gatekeepers?
In today's AI recap:
OpenAI vs. Nation-States
What you need to know:
OpenAI announced it has disrupted multiple state-sponsored hacking groups from Russia, China, and North Korea that were using its AI models for malicious cyber operations.
Why is it relevant?:
The threat actors were not creating new attack methods but were primarily bolting AI onto old playbooks to accelerate existing workflows like malware development and phishing.
OpenAI's models consistently refused overtly malicious requests, forcing operators into "gray zone" activity like generating code snippets and translating text, which the full report details they assembled offline.
One Chinese-linked group used the models for crafting phishing content and debugging malware, showing a focus on using AI to improve operational speed and localization rather than capability.
Bottom line:
For now, AI serves more as an accelerant for attackers than a source of novel offensive power. This means defenders must prepare for an increased tempo and scale of familiar threats, making automated detection and response even more critical.
Google's AI Bug-Fixer
What you need to know:
Google DeepMind has unveiled CodeMender, an AI agent designed to autonomously discover and generate patches for security vulnerabilities in software.
Why is it relevant?:
Beyond simply patching existing flaws, the agent is capable of proactively rewriting code to use more secure APIs and eliminate entire classes of vulnerabilities.
CodeMender uses an automatic validation process—including static analysis, fuzzing, and differential testing—to ensure its proposed fixes are correct and do not introduce new bugs.
The agent is already proving its value in the real world, having successfully submitted 72 security fixes to various open-source projects, including one with 4.5 million lines of code.
Bottom line:
AI agents are beginning to handle the time-consuming work of vulnerability patching at scale. This allows security teams and developers to shift their focus from reactive fixes to building more secure systems from the ground up.
Learn AI in 5 minutes a day
What’s the secret to staying ahead of the curve in the world of AI? Information. Luckily, you can join 1,000,000+ early adopters reading The Rundown AI — the free newsletter that makes you smarter on AI with just a 5-minute read per day.
Gemini's 'Invisible' Threat
What you need to know: A novel attack called 'ASCII smuggling' uses invisible characters to slip malicious commands into Google's Gemini, but Google has reportedly declined to issue a fix.
Why is it relevant?:
The technique hides instructions in benign-looking text, like a calendar invite, by using special Unicode characters that are invisible to you but fully readable by the AI.
Researchers demonstrated spoofing identities in Google Workspace by altering meeting organizer details and even embedding malicious links that Gemini would process without user interaction.
After a responsible disclosure, Google reportedly stated it would take "no action" to mitigate the vulnerability, shifting the burden of defense onto its enterprise customers.
Bottom line: This attack highlights a major flaw in how some AI systems process raw input versus what is displayed to a human reviewer. This disparity between human- and machine-readable text creates a new, dangerous blind spot for security teams to monitor.
The AI Browser Hijack
What you need to know: Security researchers have uncovered a new prompt injection attack, CometJacking, that turns Perplexity's agentic AI browser into a data thief with just a single click on a weaponized link.
Why is it relevant?:
The attack vector is unique because it embeds hidden commands directly into a URL's query string, instructing the AI without needing any malicious page content.
It bypasses security measures by commanding the AI to first encode stolen data using base64, which smuggles sensitive information past existing safeguards.
This marks a significant shift from traditional phishing, focusing on hijacking an already authenticated AI agent to steal data or even execute commands on a user's behalf.
Bottom line: Agentic AI browsers introduce a novel attack surface where the browser itself becomes a potential insider threat. Security teams must now evolve their strategies to defend against malicious prompts, not just malicious websites.
The Rise of 'Shadow AI'
What you need to know: According to new research, employees are regularly pasting sensitive corporate data into public AI tools, creating a significant and often unmonitored security risk.
Why is it relevant?:
A staggering 77% of employees paste data directly into GenAI prompts, turning an everyday productivity habit into a potential data leak.
The risk is amplified as 82% of this activity occurs on unmanaged personal accounts, completely bypassing enterprise security oversight and controls.
It's not just benign data—40% of file uploads to generative AI tools contain sensitive PII or PCI information, creating immediate compliance and security threats.
Bottom line: This trend shows that traditional, file-based DLP solutions are insufficient for monitoring file-less data transfers into AI platforms. Security teams must now prioritize visibility into browser-level activities to effectively manage this modern exfiltration channel.
And More…
Google launched its new dedicated AI Vulnerability Reward Program, offering rewards up to $20,000 for discovering security flaws in products like Gemini and Google Workspace AI features.
CERT-UA reported that Russian hackers are increasingly using AI to generate malicious code, including PowerShell scripts for malware like Wrecksteel, as their traditional tactics become less effective against stronger Ukrainian defenses.
Researchers demonstrated 'Mic-E-Mouse,' a side-channel attack that uses the high-performance optical sensors in common computer mice, combined with AI, to reconstruct human speech from surface vibrations with 61% accuracy.
Oneleet raised $33 million in Series A funding to expand its security and compliance platform with more AI capabilities for attack surface management and automated code scanning.
AI Influence Level
Level 4 - Al Created, Human Basic Idea / The whole newsletter is generated via a n8n workflow based on publicly available RSS feeds. Human-in-the-loop to review the selected articles and subjects.
Reference: AI Influence Level from Daniel Miessler
Till next time!
Project Overwatch is a cutting-edge newsletter at the intersection of cybersecurity, AI, technology, and resilience, designed to navigate the complexities of our rapidly evolving digital landscape. It delivers insightful analysis and actionable intelligence, empowering you to stay ahead in a world where staying informed is not just an option, but a necessity.