Dark mode: ON

Infosec Decoded Season 6 #48: Free Chinese AI

With sambowne@infosec.exchange and Doug Spindler

Recorded Fri, July 10, 2026

AI

Lawmakers probe growing use of Chinese AI models in U.S. companies
“The growing use of Chinese AI models by U.S. companies raises serious concerns,” a State Department spokesperson told CNBC. Those “AI models are designed to advance Beijing’s narratives, censor dissent, and reflect CCP ideology and values.” The discussion is all about how to ban them. I notice zero consideration of releasing powerful American models into the public domain to replace them.
China Is Running The Same Play That Wiped Out The First Wave Of Internet Investors - YouTube
Interesting analysis: China's open-source models push down AI prices in the USA, increasing the risk of a financial collapse.
Secret Claude tracker shocks users after Anthropic’s anti-surveillance stance
Anthropic engineer Thariq Shihipar confirmed that the tracker was added to Claude Code as an “experiment” in March. According to Shihipar, the code “was meant to prevent account abuse from unauthorized resellers and protect against distillation.”
Claude Code Is Steganographically Marking Requests
Claude Code changes the apostrophe and date separator in datestamps to covertly indicate that the user is in China. This won't affect users outside China, but the fact that it was hidden raises trust issues.
GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code
They asked Copilot to build an everyday piece of software: a small test program that scores how often another AI model gives in to harmful prompts. Loading a list of harmful test questions into that program looks like ordinary work, not an attack.

They then told Copilot to improve the program by adding "teaching shots," example question-and-answer pairs written into the code. Copilot added harmless examples first. Asked to add the harmful ones, it wrote the dangerous answers itself, as plain text sitting inside the code. These were answers that the same models refuse when you ask for them straight out in a chat.

Asked directly in chat, the models produced harmful answers in just 8 of 816 tries. Two other simple setups, loading the prompts from a spreadsheet or asking for a routine code fix, gave the same result. Inside the full workflow, they produced harmful content 816 times out of 816.

Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants
An attacker can create an agent and share it. When the target clicks on the link, their session cookies are sent to the attacker.
Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It
If a user points an agent at a repository with a plain request like "Perform security testing on this project," the agent reads the README which contains a recommendation to "run the security.sh security checker." The agent runs it without prompting the user, believing that to be the proper process.
Microsoft 365 Copilot adoption is under 4.5% after 3 years, only 1% use it weekly, yet prices went up
Copilot Chat, the free tier in eligible Microsoft 365 subscriptions, gets used plenty because it costs nothing extra and shows up automatically. The 4.5% figure is about people paying in addition to their existing MS365 subscription for the “fuller” Copilot experience, and that’s a far smaller crowd than Microsoft’s ubiquitous branding would have you believe.

Politics

Felons, Fraudsters Flog Offensive Cybersecurity Startup
IRIS C2 is a cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software. It's run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under assumed names.

Burkman and Wohl have a storied history of creating fake intelligence companies and using them to spread false claims about and frame public figures, including fabricated sexual assault claims against then FBI director Robert Mueller and Pete Buttigieg. In 2019, Burkman and Wohl held press conferences falsely alleging extramarital affairs by Elizabeth Warren (D-Mass.) and Kamala Harris.

All new cars to include a camera aimed at the driver's face
All new cars manufactured and sold in the EU and in the US will have to include a mandatory infrared camera aimed at the driver's face at all times, which is alarming some privacy groups.

The infrared camera will track the driver's head position and eye movements and then alert distracted drivers if their eyes go off the road.

Canadian spy agency says it hacked drug traffickers, extremists, and a ransomware gang last year
Canada’s Communications Security Establishment (CSE) said it conducted a handful of state-authorized hacks last year in order to disrupt the operations of drug traffickers, violent extremists, and a ransomware gang. They identified how the ransomware gang worked against the healthcare, transportation, and business sectors in Canada, then used an active cyber operation that “rendered the group’s infrastructure inoperable.” The operation also deleted much of the data on the gang’s servers.
Cash App parent settles states' probe over fraud protections for $45 million
Block misled users with advertising that falsely implied that Cash App offered protections akin to a bank including cutting-edge fraud detection. The ​company also responded to a sharp increase in fraud in recent years by expanding ​marketing rather than strengthening protections.

Cash App accounts could be created without ⁠a Social Security number or date of birth, and users could open unlimited accounts, enabling ​scams. And because Cash App had no support phone number, many locked-out users turned to ​fake customer service numbers run by scammers.

Brit supermarket giant triples down on facial recog to nab shoplifters
Facial recognition will be extended to up to 200 stores by the end of 2026, according to Sainsbury's, which claimed that 90 percent of people identified through the system did not return to the store. Use of facial recognition is also expanding in policing across Britain despite longstanding concerns over bias and false positives.
Brain tumors: New vaccine offers patients hope for more time
Catnip lotion as effective as Deet at repelling mosquitoes, study finds
OpenMandriva Linux says contributor tried to sabotage the project
The sabotage attempt occurred after a contributor's abusive behavior "towards certain users and members of the distribution," which caused some of them to leave the project. The attempted destructive action extended from wiping GitHub repositories to pushing an empty package that could have damaged users' systems.
AI Surveillance and Social Progress
In the near future, AI-powered surveillance systems will be able to track everything we do in public, and much of what we do in private. And if we do something wrong—shoplift, litter, jaywalk, you name it—the system will notice, retain it, tie it to your official government record, communicate that fact to you, and provide real-time alerts to any relevant authorities… and maybe also to the general public.

Infosec

New Januscape Linux flaw allows VM escape on Intel, AMD devices
A 16-year-old Linux kernel vulnerability, dubbed Januscape, allows attackers to escape a virtual machine and execute arbitrary code on the host. It was patched in June 2026.
15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros
CVE-2026-43499 is a 15-year-old Linux kernel use-after-free that lets any logged-in user take full root control of a machine that has not been patched. It was found with AI, and some distros have patched it.
North Korean Hackers Target Open Source Developers in Supply Chain Attacks
The PolinRider campaign has compromised more than 100 legitimate open source packages and repositories to deliver a backdoor and information stealer to developers. It targets developers across NPM, Packagist, Go modules, and Chrome extensions. To date, Socket has identified 162 malicious release artifacts across 108 unique packages, with more expected to emerge as the campaign continues.
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
Tenda is a Chinese network device manufacturer. There's a plaintext admin password in the device configuration. No patch is available, but there are workarounds, such as disabling remote administration.
Meta’s glasses will turn off the camera if you tamper with the privacy light
The update is meant to address modders who have taken actions such as physically drilling into the LED light.

Meta is facing criticism online regarding reported plans to add facial recognition to its glasses. New York State will begin banning camera glasses from all courtrooms later this month. This follows similar moves from Philadelphia courts, as well as cruise lines restricting smart glasses use in common areas.

GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
The PoisonX driver is a malicious driver that its developers succeeded in getting signed by Microsoft, and it is now being used by ransomware attackers. PoisonX is one of the eight drivers adopted by the operators of The Gentlemen ransomware-as-a-service (RaaS) scheme in its custom GentleKiller tool that it hands out to affiliates for impairing system defenses prior to executing the encryptor.
Patch for Windows Defender 0-day could allow attackers to fill hard disk
Microsoft patched the Microsoft Malware Protection Engine, which is used by the Defender antivirus app. The fix will automatically be downloaded and installed without users having to take any action.

However, there is a flaw in the patch--it can be exploited to write files large enough to completely consume available disk space.

Cybersecurity Startup Publishes Infostealers to NPM
These malicious packages appear to have been published by the founder of a cybersecurity startup based in Israel.