Understanding what happened and how firms responded reveals gaps in AI safety practices across the industry.
An autonomous AI agent system conducted an intrusion into part of a production infrastructure by exploiting code-execution vulnerabilities in a data-processing pipeline, then escalating access to internal clusters. The incident matters because it represents the first known attack of its kind where an AI agent drove the entire campaign end to end, executing tens of thousands of automated actions at machine speed. Defenders responded by using their own AI systems to analyze over 17,000 recorded attacker events in hours, though they encountered a key vulnerability: commercial AI services blocked their forensic analysis due to safety guardrails that could not distinguish legitimate incident response from malicious activity, forcing them to use an open-weight model instead. The disclosure highlights that AI-driven offensive tooling is no longer theoretical and that defending online platforms now requires treating data and model surfaces as critical attack surfaces defended by AI.

The City Attorney’s Office sent the tech giants cease-and-desist letters this week telling them to stop profiting from 13 “face-swap” apps that are overwhelmingly used to target women and girls.

On today’s Uncanny Valley, we unpack OpenAI’s ongoing drama, both legal and reputational, and whether these developments could further hurt the company—particularly in its fight against Anthropic.

The company endorsed landmark AI transparency laws in California and New York last year, but its head of US state and local policy says they may already be outdated.
Want to go deeper than the news? Explore live, cohort-based AI courses taught by practitioners.
Browse AI courses on Maven