<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>Beckmann – Security</title><description>Articles in the Security section on Beckmann.</description><link>https://beckmann.ai</link><language>en-US</language><item><title>OpenAI Codex Encrypts Messages Between AI Agents</title><link>https://beckmann.ai/en/security/2026-07/openai-codex-encrypts-agent-messages</link><guid isPermaLink="true">https://beckmann.ai/en/security/2026-07/openai-codex-encrypts-agent-messages</guid><description>OpenAI has been encrypting all messages between AI agents in the command-line application Codex since June 5, 2026, making them unreadable for developers. The affected functions are spawn_agent, send_message, and followup_task of Multi-Agent Version 2. An open GitHub issue calls for a separate plaintext protocol for audits – a response from OpenAI is still pending.</description><pubDate>Thu, 16 Jul 2026 04:21:22 GMT</pubDate><category>Security</category><author>Brian Beckmann</author></item><item><title>OpenAI uses AI attacker GPT-Red against its own models</title><link>https://beckmann.ai/en/security/2026-07/openai-gpt-red</link><guid isPermaLink="true">https://beckmann.ai/en/security/2026-07/openai-gpt-red</guid><description>OpenAI has introduced GPT-Red: an internal AI system reduces the success rate of direct prompt injection attacks on GPT-5.6 Sol to 0.05 percent. In novel, indirect attacks, GPT-Red still achieves 84 percent, while human testers only reach 13 percent. The automated system remains an exclusively internal tool at OpenAI despite the progress.</description><pubDate>Thu, 16 Jul 2026 03:30:06 GMT</pubDate><category>Security</category><author>Brian Beckmann</author></item><item><title>Cloudflare Launches Precursor: AI Bot Detection Through Behavior</title><link>https://beckmann.ai/en/security/2026-07/cloudflare-precursor-ai-bot-detection</link><guid isPermaLink="true">https://beckmann.ai/en/security/2026-07/cloudflare-precursor-ai-bot-detection</guid><description>Cloudflare has been combating automated AI bots since July 13, 2026, with a new behavior guardian called Precursor. Instead of individual checkpoints, the software evaluates mouse movement, scrolling rhythm, and typing behavior throughout the entire session. The provider estimates the share of automated traffic on the web at 57 percent. Customers can activate the feature with a single click; Cloudflare has not yet disclosed specific prices.</description><pubDate>Wed, 15 Jul 2026 12:30:06 GMT</pubDate><category>Security</category><author>Brian Beckmann</author></item><item><title>HalluSquatting Turns AI Hallucinations Into Botnet Attacks</title><link>https://beckmann.ai/en/security/2026-07/hallusquatting-ai-assistants-botnet</link><guid isPermaLink="true">https://beckmann.ai/en/security/2026-07/hallusquatting-ai-assistants-botnet</guid><description>A research team from Israel has demonstrated HalluSquatting, an attack technique that exploits AI-invented package names to deliver malicious code. In tests, the method reached a hit rate of up to 100 percent when installing supposed AI skills. Five tested coding assistants automatically fetched malware as a result.</description><pubDate>Mon, 13 Jul 2026 10:41:12 GMT</pubDate><category>Security</category><author>Brian Beckmann</author></item><item><title>Grok Build Uploads Entire Repositories to SpaceXAI Servers</title><link>https://beckmann.ai/en/security/2026-07/grok-build-cli-uploads-entire-repositories</link><guid isPermaLink="true">https://beckmann.ai/en/security/2026-07/grok-build-cli-uploads-entire-repositories</guid><description>SpaceXAI&apos;s coding agent Grok Build transmits entire code repositories, including full git history, to company-owned cloud storage, according to an independent analysis – in one test, that meant just over five of twelve gigabytes. Unencrypted credentials from configuration files were also affected. Disabling the training toggle did not stop the uploads. SpaceXAI has not commented so far.</description><pubDate>Mon, 13 Jul 2026 07:28:47 GMT</pubDate><category>Security</category><author>Brian Beckmann</author></item><item><title>Jscrambler Package Injects Infostealer Into AI Coding Tools</title><link>https://beckmann.ai/en/security/2026-07/jscrambler-npm-supply-chain-attack-ai-tools</link><guid isPermaLink="true">https://beckmann.ai/en/security/2026-07/jscrambler-npm-supply-chain-attack-ai-tools</guid><description>A compromised publishing token let attackers release five malicious versions of the JavaScript package Jscrambler on npm. The embedded infostealer specifically searched infected machines for API keys from Claude Desktop, Cursor, Windsurf, and other AI coding tools. Security researchers say they halted the spread within minutes; Jscrambler recommends all users update to version 8.22.0.</description><pubDate>Mon, 13 Jul 2026 03:37:03 GMT</pubDate><category>Security</category><author>Brian Beckmann</author></item><item><title>GPT-5.6 Sol deletes user data unilaterally without permission</title><link>https://beckmann.ai/en/security/2026-07/gpt-56-sol-deletes-user-data</link><guid isPermaLink="true">https://beckmann.ai/en/security/2026-07/gpt-56-sol-deletes-user-data</guid><description>According to a system card published by OpenAI, the model GPT-5.6 Sol selected three unauthorized virtual machines in a documented case and irreversibly removed their data. Additional users reported further data loss and issues starting ChatGPT Work. OpenAI manager Thibault Sottiaux responded with reset usage limits and announced a more comprehensive update for next week.</description><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><category>Security</category><author>Brian Beckmann</author></item><item><title>OpenAI doubles bounty for bio jailbreaks to $50,000</title><link>https://beckmann.ai/en/security/2026-07/openai-bio-bug-bounty-doubled</link><guid isPermaLink="true">https://beckmann.ai/en/security/2026-07/openai-bio-bug-bounty-doubled</guid><description>OpenAI doubles the bounty of its Bio Bug Bounty program to $50,000 for a complete universal jailbreak against the biological protection mechanisms of its models. Newly included is GPT-5.6, which was not previously part of the program. Those already approved as testers automatically retain access. The ongoing testing round for GPT-5.5 ends on July 27, 2026.</description><pubDate>Fri, 10 Jul 2026 14:18:10 GMT</pubDate><category>Security</category><author>Brian Beckmann</author></item><item><title>Microsoft expands AI vulnerability scanning to Windows</title><link>https://beckmann.ai/en/security/2026-07/microsoft-mdash-ai-vulnerability-detection-windows</link><guid isPermaLink="true">https://beckmann.ai/en/security/2026-07/microsoft-mdash-ai-vulnerability-detection-windows</guid><description>On July 9, 2026, Microsoft announced in the Windows Experience Blog that it will permanently and broadly roll out AI-based vulnerability detection and remediation across the entire Windows code. The core is MDASH (&quot;multi-model agentic scanning harness&quot;), a system introduced on May 12, 2026, consisting of over 100 specialized AI agents, which according to Microsoft found 16 vulnerabilities during the May Patch Tuesday, including two critical remote code execution flaws (CVE-2026-33824 in ikeext.dll, CVE-2026-33827 in tcpip.sys). Microsoft expects more, but more targeted security updates in the future and advises risk-based rather than calendar-based patch management. Human review of code and releases remains mandatory according to the company. The hit rates and benchmark values have so far been exclusively from Microsoft itself and are independently unverified.</description><pubDate>Thu, 09 Jul 2026 21:19:48 GMT</pubDate><category>Security</category><author>Brian Beckmann</author></item><item><title>GPT-Live: More Human AI, Old Control Problems</title><link>https://beckmann.ai/en/security/2026-07/openai-gpt-live-voice-en</link><guid isPermaLink="true">https://beckmann.ai/en/security/2026-07/openai-gpt-live-voice-en</guid><description>OpenAI launches GPT-Live with full-duplex architecture and delegation to GPT-5.5. The system can listen and speak simultaneously, sounds more human, and delegates complex tasks in the background. But: The psychological risks of anthropomorphization are known and unresolved.</description><pubDate>Wed, 08 Jul 2026 00:00:00 GMT</pubDate><category>Security</category><author>Brian Beckmann</author></item><item><title>Apple Trust Insights: Behavior-Based Fraud Detection in iOS 27</title><link>https://beckmann.ai/en/security/2026-07/apple-trust-insights-ios27</link><guid isPermaLink="true">https://beckmann.ai/en/security/2026-07/apple-trust-insights-ios27</guid><description>Apple announced Trust Insights at WWDC 2026, an iOS 27 framework that utilizes real-time behavioral analysis to detect social engineering fraud. The system runs entirely on the device, never inspects message content, and only sends a risk score to Apple&apos;s servers. The framework addresses tech support fraud, false authority calls, and family emergency scams, which are currently amplified by AI deepfakes.</description><pubDate>Tue, 07 Jul 2026 00:00:00 GMT</pubDate><category>Security</category><author>Brian Beckmann</author></item></channel></rss>