Secure GenAI

Secure GenAI

Secure GenAI
Secure GenAI Podcast
EY 4T SQL online, Aardvark, Atlas’s Omnibox, OpenAI releases “safeguard”, false reports of Gmail breach
0:00
-12:30

EY 4T SQL online, Aardvark, Atlas’s Omnibox, OpenAI releases “safeguard”, false reports of Gmail breach

GenAI Safety & Security | Oct 27 - Nov 2, 2025
Emma's avatar
Emma
Nov 02, 2025

If you enjoy our newsletter, please consider to be a paid subscriber to help us keep more news and updates coming out.

Secure GenAI is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Highlights

  • EY: 4T SQL database online.

  • Aardvark an agentic security researcher OpenAI.

  • Atlas’s Omnibox opens up new privacy and security risks.

  • OpenAI releases “safeguard” models preview.

  • False reports of Gmail breach spread.

Deep Dive

EY: 4T SQL database online TechRadar

  • Exposed to the public internet.

  • Contain sensitive info: API keys, session tokens, user credentials.

  • Cached authentication tokens, service account password.

  • No client information, personal data or confidential EY has been impacted.

  • Took a week to fully remediate the issue.

Aardvark an agentic security researcher OpenAI

  • Autonomous agent to discover and fix security vulnerabilities.

  • Analyze full repo to produce threat model.

  • Reflects its understanding of the project’s security objective and design.

  • Inspect commit level changes against the entire repo.

  • Integrate with OpenAI codex to fix vulnerabilities.

  • Private Beta is Open: Apply here

Atlas’s Omnibox: new privacy and security risks Malwarebytes

  • Atlas: ChatGPT based AI browser.

  • Omnibox: search and prompt bar.

  • Attacker pastes crafted link.

  • Omnibox input treated as prompt.

  • Atlas trusts input, skips checks,

  • Many safety checks bypassed.

  • Injected instructions gain elevated trust.

OpenAI “safeguard” models Artificial Intelligence - news

  • Empowers developers with safety controls.

  • Models: 120B and 20B versions.

  • Licensed under Apache 2.0.

  • Developers define custom safety policies.

  • Model interprets rules at inference.

  • Enables policy-based content classification.

  • Available soon on Hugging Face.

Gmail Breach Fake News TheRegisters

  • False reports of Gmail breach spread.

  • Claimed 183M accounts compromised.

  • Google confirms no new intrusion.

  • Data came from old stolen credentials.

  • Originated via Have I Been Pwned update.

Thanks for reading Secure GenAI ! This post is public so feel free to share it.

Share

[Available] Book Report Q3, 2025

[Available] Book Report Q3, 2025

Emma
·
Sep 29
Read full story
Available: Q2 2025 Report

Available: Q2 2025 Report

Emma
·
Jul 1
Read full story
Available: Q1 2025 Book Report

Available: Q1 2025 Book Report

Emma
·
Apr 1
Read full story
Teaser: Y2 GenAI Safety and Security

Teaser: Y2 GenAI Safety and Security

Emma
·
Mar 5
Read full story
David Sachs & what's next

David Sachs & what's next

Emma
·
Mar 24
Read full story
How David Sachs thinks about AI & Crypto

How David Sachs thinks about AI & Crypto

Emma
·
December 23, 2024
Read full story
How upcoming Trump senior AI policy advisor thinks

How upcoming Trump senior AI policy advisor thinks

Emma
·
December 30, 2024
Read full story
California Takes the Lead on AI Regulation

California Takes the Lead on AI Regulation

Emma
·
October 3, 2024
Read full story

Discussion about this episode

User's avatar
© 2025 Emma
PrivacyTermsCollection notice
Start your SubstackGet the app
Substack is the home for great culture