Tag
Meta accidentally exposed sensitive keystroke and screen data from its employee-tracking program internally, prompting a security investigation and a pause of the initiative.
Anthropic is investigating claims that unauthorized users accessed its restricted Claude Mythos cybersecurity model via a third-party vendor, raising concerns about securing frontier AI systems.
A June 2024 intrusion disclosed in April 2026 saw attackers abuse a compromised third-party OAuth app to access Vercel’s internals and expose customer environment variables, spotlighting OAuth supply-chain risks and platform secret-handling flaws.
A short social post claims Vercel was hacked soon after the author began using it, blaming a rogue developer and likening it to past Claude incidents.
Vercel disclosed a security incident involving unauthorized access to internal systems originating from a compromise of Context.ai, a third-party AI tool used by a Vercel employee. Limited customer credentials were compromised, though environment variables marked as sensitive were not accessed; the company is actively investigating with external cybersecurity firms and law enforcement.
OpenAI disclosed a security incident where the Axios developer tool was compromised as part of a broader supply chain attack, potentially exposing their macOS code signing certificate. OpenAI found no evidence of data compromise but is proactively revoking and rotating its certificate, requiring users to update their macOS applications.
OpenAI disclosed a security incident at Mixpanel, a third-party analytics provider, which exposed limited user data including names, emails, and account metadata for API and ChatGPT users. No sensitive information such as API keys, passwords, or payment details were compromised, and OpenAI has terminated its use of Mixpanel and is conducting expanded security reviews across its vendor ecosystem.
OpenAI took ChatGPT offline on March 20 due to a bug in an open-source library that exposed chat history titles and payment information to some users. The incident affected 1.2% of ChatGPT Plus subscribers, revealing partial credit card details and personal information during a nine-hour window, though full credit card numbers were never exposed.