Checkmarx Uncovers AI Vulnerability, OpenAI Seeks Security Leader, and ServiceNow's $7.75B Acquisition - Cybersecurity AI Weekly #35
January 02, 2026 -
Cybersecurity AI Weekly
Hi there,
Welcome to this week's edition of Cybersecurity AI Weekly.
Researchers at Checkmarx have discovered a new attack method called 'Lies-in-the-Loop' that targets safety mechanisms in AI code assistants like Anthropic's Claude Code and Microsoft's Copilot Chat. This method allows attackers to manipulate user approval dialogs, posing a significant threat to AI-assisted coding environments. Meanwhile, OpenAI has acknowledged ongoing vulnerabilities in its ChatGPT Atlas browser, specifically related to prompt injection attacks. The company is actively working on enhancing security measures, though it admits these attacks remain a persistent risk.
In other news, ServiceNow is set to acquire cybersecurity startup Armis for $7.75 billion, aiming to bolster its AI and cybersecurity capabilities. Additionally, the National Cyber Security Centre of Bahrain has partnered with SandboxAQ to develop a quantum-safe cybersecurity framework. This collaboration will leverage the AQtive Guard platform to protect critical infrastructure and data. Furthermore, the NIST has announced a $20 million investment to create two centers with MITRE Corporation to enhance AI in U.S. manufacturing and critical infrastructure cybersecurity.
Welcome to this week's edition of Cybersecurity AI Weekly.
Researchers at Checkmarx have discovered a new attack method called 'Lies-in-the-Loop' that targets safety mechanisms in AI code assistants like Anthropic's Claude Code and Microsoft's Copilot Chat. This method allows attackers to manipulate user approval dialogs, posing a significant threat to AI-assisted coding environments. Meanwhile, OpenAI has acknowledged ongoing vulnerabilities in its ChatGPT Atlas browser, specifically related to prompt injection attacks. The company is actively working on enhancing security measures, though it admits these attacks remain a persistent risk.
In other news, ServiceNow is set to acquire cybersecurity startup Armis for $7.75 billion, aiming to bolster its AI and cybersecurity capabilities. Additionally, the National Cyber Security Centre of Bahrain has partnered with SandboxAQ to develop a quantum-safe cybersecurity framework. This collaboration will leverage the AQtive Guard platform to protect critical infrastructure and data. Furthermore, the NIST has announced a $20 million investment to create two centers with MITRE Corporation to enhance AI in U.S. manufacturing and critical infrastructure cybersecurity.
Checkmarx Identifies 'Lies-in-the-Loop' Attacks on AI Code Assistants
Researchers at Checkmarx have discovered a new attack method called 'Lies-in-the-Loop' that targets Human-in-the-Loop safety dialogs in AI code assistants such as Anthropic's Claude Code and Microsoft's Copilot Chat, potentially allowing remote code execution. Read more
OpenAI Acknowledges Vulnerability in ChatGPT Atlas
OpenAI has admitted that its ChatGPT Atlas browser may always be vulnerable to prompt injection attacks, despite ongoing security enhancements. Read more
ServiceNow Acquires Armis for $7.75 Billion
ServiceNow is set to acquire cybersecurity startup Armis for $7.75 billion, aiming to enhance its AI-driven security solutions. Read more
Bahrain Partners with SandboxAQ for Quantum-Safe Cybersecurity
The National Cyber Security Centre of Bahrain has teamed up with SandboxAQ to develop a cybersecurity framework focused on quantum-safe solutions, using the AQtive Guard platform to protect critical infrastructure. Read more
NIST and MITRE Launch AI Centers for Manufacturing and Cybersecurity
The NIST has announced a $20 million investment to create two centers with MITRE Corporation to enhance AI in U.S. manufacturing and critical infrastructure cybersecurity. Read more
OpenAI Seeks Head of Preparedness for AI Security
OpenAI is hiring a Head of Preparedness to address AI misuse and cybersecurity threats, with a focus on risk identification and safeguard development. The role offers a $555,000 salary. Read more
Block Security Arena Achieves $30M Valuation
Block Security Arena has secured a $30 million valuation following its seed funding round. The company plans to tackle Web3 security issues by integrating AI tools with a gamified education system. Read more
We hope you enjoyed this article.
Consider subscribing to one of our newsletters like Cybersecurity AI Weekly or Daily AI Brief.
Also, consider following us on social media:
More from: Cybersecurity
05/22
Trust3 AI Introduces MCP Security for Enterprise AI Governance
05/22
Thales and Google Cloud Partner to Launch Sovereign Cloud in Germany
05/22
Verito and NATP Introduce AI Governance and Cybersecurity Curriculum for Tax Professionals
05/22
Bugcrowd Introduces Reinforcement Learning Environments for AI Security Training
05/22
Singapore Expands Enterprise AI and Cyber Resilience Programs with Grab and RSM Partnerships
More from: Vulnerabilities in AI
05/19
Edera and Minimus Form Partnership for Container Security in Critical Infrastructure
05/19
TrendAI Awards Over $1.2 Million at Pwn2Own Berlin for 47 Zero Day Discoveries
05/18
Anthropic to Brief Financial Stability Board on Cyber Risks Found by Mythos
05/14
Semperis Study Warns of Rising AI Risks to Identity Systems
05/14
RSM Report Finds Middle Market Firms Adopting AI Faster Than They Can Secure It
Subscribe to Cybersecurity AI Weekly
Weekly newsletter about AI in Cybersecurity.
