openai

The AI Espionage Playbook: How a Hacker Used Claude and GPT-4.1 to Steal 415 Million Records

John Z Black Apr 15, 2026

AI Security #ai-security #nation-state #espionage #llm-abuse #openai #anthropic #claude #data-breach #mexico

A threat actor used Claude Code and GPT-4.1 to automate a government-scale data breach in Mexico, exfiltrating 415 million records through 5,317 AI-generated commands. This is the first documented case of AI coding tools used as a nation-state espionage engine.

OpenAI Rotated Its macOS Signing Certs After the Axios Attack. No Proof of Key Theft. They Rotated Anyway.

John Z Black Apr 13, 2026

Security Operations & Resilience #supply-chain #openai #code-signing #macos #ci/cd #axios #certificate-revocation

A malicious Axios npm package executed inside OpenAI's GitHub Actions signing workflow. Their investigation found no evidence keys were stolen. They revoked and rotated the certificates anyway. That decision is the interesting part.

RSAC 2026: AI Dominated, Washington Bailed, and Facial Recognition Got Wrecked on Stage

John Z Black Apr 3, 2026

Security Operations & Resilience #rsac #ai #biometrics #cisa #openai #ciso

RSAC 2026's biggest story was who didn't show up. CISA, FBI, and NSA all pulled out. Meanwhile, AI was everywhere, a researcher beat facial recognition live, and OpenAI launched a $100K bug bounty.

ChatGPT Was Leaking Your Conversations Through Its Own Infrastructure, and You Never Knew

John Z Black Mar 31, 2026

AI Security #chatgpt #openai #ai-security #dns-exfiltration #check-point #enterprise-ai #ai-governance #data-leakage #linux-runtime

The AI Threat Window Is Open. Security Leaders at RSAC Are Saying So Out Loud.

John Z Black Mar 28, 2026

AI Security #ai #rsac #rsac2026 #langchain #langgraph #openai #vulnerability #enterprise #mandia #stamos

Kevin Mandia called the next two years a 'perfect storm for offense' at RSAC 2026, and the evidence landed the same week.

Google Swallowed Wiz for $32 Billion. OpenAI Bought an LLM Red-Team Firm. Same Day.

John Z Black Mar 12, 2026

Industry #google #wiz #openai #promptfoo #mergers-acquisitions #cloud-security #ai-security #cspm #enterprise

Google closed its $32B Wiz acquisition while OpenAI snapped up Promptfoo, an AI security startup. Two deals, one message: the biggest platforms are making security a built-in feature, not something they outsource.

AI Found Thousands of Software Bugs This Month. Then It Wrote Exploits.

John Z Black Mar 10, 2026

AI & Security #ai-security #vulnerability-research #firefox #openssh #chromium #anthropic #openai #exploit

Anthropic's Claude found 22 Firefox zero-days in two weeks and wrote working exploits for two of them. OpenAI's Codex flagged over 10,000 high-severity bugs across major open-source projects. AI-powered vulnerability research isn't theoretical anymore.