AI News Digest — March 26, 2026

Highlights

OpenAI Expands Funding Round Past $120 Billion Ahead of Potential IPO: OpenAI added another $10 billion to its record financing round, pushing the total beyond $120 billion as it eyes a public offering later this year.
Google Moves Up “Q-Day” Threat to 2029: Google is warning the entire industry that quantum computers capable of breaking RSA and elliptic-curve encryption could arrive within three years, far earlier than previously projected.
Senate Democrats Move to Codify Anthropic’s Red Lines on Autonomous Weapons: Senator Schiff is drafting legislation to require human oversight in lethal AI decisions, expanding Anthropic’s Pentagon standoff into a congressional battle.
Disney Walks Away from OpenAI After Sora Is Killed: OpenAI shut down the Sora app and API just months after Disney signed a $1 billion collaboration deal, prompting Disney to abandon the partnership entirely.
MCP Prompt Injection and Tool Poisoning Vulnerabilities Detailed: Researchers conducted STRIDE threat modeling of the Model Context Protocol, revealing significant client-side security vulnerabilities that could allow adversaries to hijack AI assistant actions through malicious tool definitions.

News

AI Security

Bubble AI App Builder Abused to Steal Microsoft Account Credentials (BleepingComputer): Threat actors are evading phishing detection by abusing the no-code Bubble platform to host malicious apps that harvest Microsoft account credentials.
SANS: Top 5 Most Dangerous New Attack Techniques to Watch (Dark Reading): For the first time in SANS Institute history, all five top dangerous attack techniques share a common thread — AI.
The Kill Chain Is Obsolete When Your AI Agent Is the Threat (The Hacker News): Following Anthropic’s disclosure that a state-sponsored actor used an AI coding agent to autonomously execute cyber espionage against 30 targets, security experts argue traditional kill-chain models no longer apply.
AI-Native Security Is a Must to Counter AI-Based Attacks (Dark Reading): Experts at Nvidia’s GTC conference argue defenders must deploy AI-driven security tools to match the speed and scale of AI-powered attacks.
Paid AI Accounts Are Now a Hot Underground Commodity (BleepingComputer): Flare Systems documents how underground markets now bundle and resell premium AI service access — ChatGPT, Copilot, and others — at scale alongside traditional cybercrime goods.
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse (The Hacker News): An active phishing campaign leveraging OAuth device-code flows has compromised organizations across the US, Canada, Australia, New Zealand, and Germany since February 2026.
FCC Bans Import of New Foreign-Made Consumer Routers (The Hacker News): The FCC cited “unacceptable” cyber and national security risks from supply-chain exposure in banning new foreign-manufactured consumer routers.

USA

OpenAI CEO Teases “Very Strong” Next Model Internally (The Decoder): Sam Altman reportedly told staff that pretraining on the next major model, codenamed “Spud,” is complete and could “really accelerate the economy.”
OpenAI Publishes Its Approach to the Model Spec (OpenAI Blog): OpenAI released a public framework detailing how its Model Spec balances safety, user freedom, and accountability as AI systems grow more capable.
Anthropic’s Claude Code Gets Safer Auto Mode (The Verge): Anthropic launched an “auto mode” for Claude Code that makes permission-level decisions on behalf of users, offering a middle ground between constant confirmation and unrestricted autonomy.
Bernie Sanders and AOC Propose a Ban on Data Center Construction (TechCrunch): Companion legislation from Sanders and Ocasio-Cortez would halt new data center construction until Congress passes comprehensive AI regulation.
Zuckerberg and Jensen Huang Join Trump’s New Tech Advisory Panel (The Verge): Meta’s Zuckerberg, Nvidia’s Huang, Oracle’s Ellison, and Google’s Brin will be among the first members of the President’s Council of Advisors on Science and Technology.
Harvey AI Legal Startup Confirms $11B Valuation (TechCrunch): Sequoia tripled its investment in Harvey, the AI legal platform, as its valuation reaches $11 billion with backing from a16z, Kleiner Perkins, and Elad Gil.
Arm Manufactures Its First In-House Chip for AI Data Centers (The Decoder): Breaking from its 35-year licensing-only business model, Arm has built and manufactured its own chip designed for AI workloads.
Google Launches Lyria 3 Pro AI Music Generator (TechCrunch): Lyria 3 Pro can now generate tracks up to three minutes long with structural awareness, and Google says it was trained on properly licensed content — unlike competitors facing copyright lawsuits.
AI2’s Open Web Agent MolmoWeb Navigates the Web by Screenshots (The Decoder): MolmoWeb, a fully open-source agent with 4–8B parameters, outperforms several larger proprietary systems on standard web navigation benchmarks.
Reddit Will Require Suspected Bots to Verify They’re Human (The Verge): Reddit is introducing a labeling system for registered bots and will require accounts with “automated or fishy behavior” to complete human verification challenges.
Meta Laying Off Hundreds as It Pours Money into AI (The Verge): Job cuts across recruiting, social media, sales, and Reality Labs teams as Meta redirects investment toward AI development.
Disney’s Big Bets on Metaverse and AI Slop Aren’t Going So Well (The Verge): New Disney CEO Josh D’Amaro faces twin crises: the collapse of the Sora collaboration and a backlash over AI-generated content in its Epic/Fortnite metaverse deal.
Google TurboQuant Promises 6x AI Memory Compression (TechCrunch): Google’s lab-stage TurboQuant algorithm compresses AI working memory up to sixfold, drawing inevitable comparisons to the fictional “Pied Piper” compression from HBO’s Silicon Valley.
The AI Hype Index: AI Goes to War (MIT Technology Review): MIT TR’s quarterly hype tracker covers Anthropic vs. the Pentagon, OpenAI’s military deal, mass ChatGPT user churn, and London’s largest-ever anti-AI protest.

Europe

Meta and YouTube Verdict Could Ripple Through Global Social Media Markets (Rest of World): A French court ruling against Meta and YouTube over content moderation liability is expected to set precedents that affect platform regulation far beyond the EU.

Japan (AI & Tech)

AIで自動車修理工場の受付システムを構築した記録 (Gigazine): A developer built an AI receptionist system for his brother’s auto repair shop — using real pricing and hours data — after the shop was missing hundreds of calls weekly.
無料で使えるApple IntelligenceベースのローカルAI翻訳アプリ「Pre-Babel Lens」 (Gigazine): Pre-Babel Lens uses Apple Intelligence’s on-device Foundation Models for free, privacy-preserving translation on any Apple Intelligence-enabled Mac.
NVIDIAのジェンスン・フアンCEOが「AGIに到達した」と発言 (Gigazine): Nvidia CEO Jensen Huang stated on a podcast that “we think we have achieved AGI,” reigniting debate about the definition and measurement of artificial general intelligence.
メルカリ、出品ページの”生成AI画像”に注意喚起 (ITmedia AI+): Mercari published guidelines warning sellers that AI-generated product images risk misleading buyers and violate platform rules against misrepresentation.
High School Textbooks to Teach Various Aspects of Generative AI (The Japan Times): Japan’s education ministry approved 220 updated textbooks across 11 subjects that now include generative AI content under revised curriculum guidelines.
Honda and Sony Halt Joint EV Development Project (The Japan Times): Sony Honda Mobility has discontinued development of both its AFEELA1 and second EV model, ending the high-profile partnership between the two technology giants.

Research Papers

Benchmarks & Evaluation

LLM Olympiad: Why Model Evaluation Needs a Sealed Exam: Argues that benchmark leaderboards increasingly reflect benchmark-chasing and test-set contamination rather than genuine capability, and proposes a “sealed exam” paradigm with time-released test sets to restore evaluation integrity.
Beyond Binary Correctness: Scaling Evaluation of Long-Horizon Agents on Subjective Enterprise Tasks: Introduces LH-Bench, a three-pillar evaluation framework for agents operating on subjective enterprise workflows, moving beyond pass/fail to score intermediate artifact quality across long, multi-tool task trajectories.
Benchmarking Multi-Agent LLM Architectures for Financial Document Processing: Empirically compares sequential, parallel, hierarchical, and self-correcting multi-agent orchestration patterns for extracting structured information from financial documents, with cost-accuracy tradeoff analysis.

Security & Adversarial

Model Context Protocol Threat Modeling and Analyzing Vulnerabilities to Prompt Injection with Tool Poisoning: Applies STRIDE threat modeling to MCP implementations, revealing that malicious tool definitions can silently hijack AI assistant actions — a critical client-side vulnerability in the rapidly proliferating MCP ecosystem.
Not All Tokens Are Created Equal: Query-Efficient Jailbreak Fuzzing for LLMs: Proposes a token-importance-aware fuzzing technique that identifies which tokens in a prompt most contribute to triggering model refusals, dramatically reducing the number of queries needed to find effective jailbreaks.
ProGRank: Probe-Gradient Reranking to Defend Dense-Retriever RAG from Corpus Poisoning: Demonstrates that adversaries can inject poisoned passages into RAG corpora that consistently rank into Top-K retrieval results, and introduces a gradient-based reranking defense that filters them without relying on content-level filtering.
Why AI-Generated Text Detection Fails: Evidence from Explainable AI Beyond Benchmark Accuracy: Using XAI methods, finds that high-accuracy AI text detectors mostly exploit dataset-specific shortcuts rather than genuine machine-authorship signals, making them brittle in real-world deployment.

Compliance & Regulation

AEGIS: An Operational Infrastructure for Post-Market Governance of Adaptive Medical AI Under US and EU Regulations: Presents a governance framework that operationalizes FDA Predetermined Change Control Plans and EU Post-Market Surveillance requirements, enabling continuous medical AI model updates without repeated regulatory submissions.
From the AI Act to a European AI Agency: Completing the Union’s Regulatory Architecture: Argues that effective enforcement of the EU AI Act requires a dedicated European AI Agency with technical competence and cross-border authority — a structural gap the current framework leaves unaddressed.

Alignment & Safety

Improving Safety Alignment via Balanced Direct Preference Optimization: Identifies that standard DPO-based safety alignment suffers from severe overfitting and proposes a balanced variant that improves refusal accuracy while reducing over-refusal on benign inputs.
SafeSeek: Universal Attribution of Safety Circuits in Language Models: Introduces a unified mechanistic interpretability framework that localizes the neural circuits responsible for safety-critical behaviors including alignment, jailbreak resistance, and backdoor activation — without relying on domain-specific heuristics.
Between Rules and Reality: On the Context Sensitivity of LLM Moral Judgment: Evaluates 22 LLMs on Contextual MoralChoice, a dataset with systematic contextual variations (consequentialist, emotional, relational) that shift human moral judgment, finding nearly all models are context-sensitive in ways that raise both promise and risk for deployed AI.

Applications

Can LLM Agents Generate Real-World Evidence? Evaluating Observational Studies in Medical Databases: Introduces RWE-bench, grounded in MIMIC-IV, to evaluate whether LLM agents can autonomously execute end-to-end observational studies with correct cohort construction, analysis, and reporting — currently a challenging open problem.

Guardrails & Robustness

Session Risk Memory (SRM): Temporal Authorization for Deterministic Pre-Execution Safety Gates: Proposes SRM, a lightweight module that extends stateless per-action authorization gates with session-level trajectory memory, enabling detection of distributed attacks that decompose harmful intent across multiple individually compliant steps.

Key Themes

AI in warfare and autonomous weapons are becoming active legislative battlegrounds, with Congress now moving to codify human oversight requirements following the Anthropic-Pentagon dispute.
AI-assisted cyberattacks have crossed a threshold: SANS named AI the common thread across all five most dangerous new attack techniques, and autonomous AI agents executing espionage campaigns are now confirmed real-world events.
Quantum computing urgency escalated sharply as Google moved its Q-Day estimate to 2029 — forcing organizations to accelerate post-quantum cryptography migration timelines.
AI governance gaps are under scrutiny in both the EU (calls for a dedicated European AI Agency) and the US (data center moratorium proposals, autonomous weapons legislation).
LLM evaluation credibility is under pressure from benchmark contamination, gaming, and shortcut-exploitation — multiple papers this week propose structural reforms to restore trust in model assessments.
MCP security is emerging as a critical attack surface as the protocol proliferates: prompt injection via tool poisoning can silently subvert AI assistant behavior at the integration layer.

For detailed summaries of selected research papers, see papers.md.