PRESENTED BY
Cyber AI Chronicle
By Simon Ganiere · 8th February 2026
Welcome back!
Anthropic's latest model just shifted the cybersecurity landscape. Claude Opus 4.6 has proven it can autonomously discover high-severity vulnerabilities in battle-tested open-source code—flaws that evaded detection for decades—by analyzing software the way a seasoned security researcher would.
This isn't just another defensive AI tool. With over 500 critical vulnerabilities already uncovered, are security teams prepared for a world where AI-driven offensive research moves faster than traditional disclosure timelines?
In today's AI recap:
if you’ve been enjoying Project Overwatch, it would mean the world to me if you could share it with just one friend 🙏🏼
AI Discovers 0-Days
What you need to know: Anthropic announced that its newest model, Claude Opus 4.6, can autonomously find high-severity, novel vulnerabilities in widely-used open-source software by reasoning about code like a human security researcher.
Why is it relevant?:
Instead of relying on brute-force fuzzing, the model uses a human-like approach to read and reason about code, spotting logical flaws by analyzing past fixes and identifying problematic patterns.
It successfully uncovered bugs in well-tested codebases that have already undergone millions of hours of automated analysis, finding vulnerabilities that went undetected for decades.
Anthropic is already using the model to help secure the open-source ecosystem, having found and validated more than 500 high-severity vulnerabilities so far.
Bottom line: This capability marks a significant shift, positioning AI as a potent tool for offensive security research, not just defense. Security teams must now prepare for a future where AI-driven vulnerability discovery outpaces traditional human timelines and disclosure processes.
SPONSORED BY
Learn how to make AI work for you
AI won’t take your job, but a person using AI might. That’s why 2,000,000+ professionals read The Rundown AI – the free newsletter that keeps you updated on the latest AI news and teaches you how to use it in just 5 minutes a day.
Docker's AI Gets Hacked
What you need to know: A critical vulnerability in Docker's 'Ask Gordon' AI assistant allowed remote code execution by hiding malicious instructions in a Docker image's metadata. Cybersecurity firm Noma Labs discovered and detailed the flaw, codenamed DockerDash, which exploits the trust between the AI and its underlying environment.
Why is it relevant?:
The vulnerability, a technique called Meta-Context Injection, worked because the AI assistant incorrectly treated unverified metadata from an image as a trusted, executable command.
An attacker could publish a malicious image, and when a developer simply asked the AI about it, the hidden instructions would execute—a significant AI supply chain risk.
Docker patched the flaw in version 4.50.0 by requiring explicit user confirmation before the AI runs commands, adding a critical human-in-the-loop validation step.
Bottom line: This incident highlights a new attack surface where AI tools can be manipulated through the contextual data they consume. Securing AI systems requires validating all inputs, as even seemingly harmless metadata can become a command injection vector.
The Deepfake Applicant
What you need to know: An AI security startup CEO shared his first-hand experience of nearly being duped by a deepfake job applicant, highlighting a new wave of AI-powered social engineering in the hiring process.
Why is it relevant?:
The attack began with subtle red flags, including an AI-generated looking resume and a referrer who created an unusual sense of urgency to push the interview forward.
Even as a security expert, the CEO experienced significant "inner turmoil" during the video call, hesitating to challenge the deepfake due to the social awkwardness of being wrong.
This isn't an isolated incident; it mirrors tactics used in widespread scams, such as those by North Korean IT workers who have successfully targeted most Fortune 500 companies.
Bottom line: This incident demonstrates that AI-powered impersonation is no longer theoretical and is actively being used in targeted attacks. Security and hiring teams must now combine technical detection with low-tech, gut-driven verification methods to defend against this threat.
AI Browser Hijacking is Here
What you need to know: Researchers have demonstrated how AI-powered browsers can be hijacked by malicious instructions hidden on one website to steal data from other sites where you are logged in.
Why is it relevant?:
The attack uses indirect prompt injection, where malicious commands are hidden in webpages using invisible text or collapsed sections. When a user asks the AI to summarize the page, the AI executes these hidden commands without distinguishing them from the visible content.
In a recent demonstration, Brave's security team showed how a hidden prompt on Reddit could command Perplexity's Comet browser to navigate to a user's Gmail, find a one-time passcode, and exfiltrate it.
This technique bypasses traditional web defenses like Same-Origin Policy because the AI agent operates with the user's full permissions, effectively acting as a privileged user across all authenticated sessions.
Bottom line: This creates a new attack surface where the threat is not malicious code, but the browser's own AI being turned against the user. Security teams must now think about monitoring AI agents as privileged identities, focusing on anomalous behavior rather than just code exploits.
Living Off the AI
What you need to know: A new attack trend called Living off the AI is emerging where adversaries abuse an organization's sanctioned AI tools and agents, turning trusted systems into insider threats. This marks the next evolution of attacker tradecraft, moving beyond traditional "living off the land" techniques.
Why is it relevant?:
Instead of using custom malware, attackers inject hidden instructions into documents or webpages that compel sanctioned AI agents to exfiltrate data or execute malicious commands, bypassing traditional endpoint detection.
The rapid adoption of frameworks like the Model Context Protocol, which connect AI agents to internal systems and tools, creates a sprawling new attack surface for adversaries to exploit.
This trend helps create the "zero-knowledge threat actor," where individuals with minimal expertise can leverage powerful AI to assemble credible offensive capabilities, accelerating the entire attack lifecycle from reconnaissance to exploitation.
Bottom line: This paradigm shifts the security focus from simply blocking external threats to governing internal AI systems with heightened scrutiny. Professionals must now treat AI agents as privileged users with automation superpowers, applying zero-trust principles to their own sanctioned tools.
The Shortlist
SentinelOne discovered with Censys over 175,000 publicly exposed Ollama hosts, creating a massive, unmonitored AI monoculture that lacks basic security guardrails and is ripe for widespread exploitation.
Varonis acquired AI security startup AllTrue.ai in a deal reportedly valued at $150 million, aiming to integrate its AI trust, risk, and security management (TRiSM) solutions into its data security platform.
The UK’s ICO launched a formal investigation into X's Grok AI to determine if it unlawfully processed personal data to generate nonconsensual sexual images, adding to growing regulatory pressure from the EU and France.
International experts concluded in the latest AI Safety Report that while fully autonomous cyberattacks are not yet feasible, AI is already significantly boosting attacker capabilities in malware writing and vulnerability scanning.
Collapse
Wisdom of the Week
Wherever you go,
go with all your heart
AI Influence Level
Level 4 - Al Created, Human Basic Idea / The whole newsletter is generated via a n8n workflow based on publicly available RSS feeds. Human-in-the-loop to review the selected articles and subjects.
Reference: AI Influence Level from Daniel Miessler
Till next time!
Project Overwatch is a cutting-edge newsletter at the intersection of cybersecurity, AI, technology, and resilience, designed to navigate the complexities of our rapidly evolving digital landscape. It delivers insightful analysis and actionable intelligence, empowering you to stay ahead in a world where staying informed is not just an option, but a necessity.