It has been a week of big moves across the AI stack, from real attacks on ML infrastructure to new open models and fresh frontier releases. We also saw protocol updates that will shape how agents operate, plus shifts in public-sector AI and leadership changes at the top of the research world. There is a lot happening at once, and much of it sits right at the intersection of capability and security.

Let’s get into it.

Ray Framework Exploited in Global Cryptojacking Campaign

A two year old vulnerability in the Ray AI framework is being actively exploited in a campaign that hijacks exposed clusters for cryptomining and botnet operations. The activity highlights how quickly attackers move when machine learning infrastructure is deployed without authentication, proper access controls, or basic exposure checks.
🔗 Read the full story

Allen Institute for AI Releases Olmo 3 Open Weight Models

The Allen Institute for AI has introduced Olmo 3, a new open weight model family designed to offer strong performance and full transparency for researchers and developers. The release expands the set of models that teams can inspect, customize, and self host without license friction.
🔗 Read the announcement

Google Launches Gemini 3

Google has released Gemini 3 with improved multimodal reasoning, a new Deep Think mode, and tighter integration into Google's apps and services. As frontier models continue to embed themselves into enterprise and consumer workflows, security teams will need to monitor the growing number of pathways these systems use to access data and tools.
🔗 Read the announcement

Sweden Suspends Biased ML Fraud Detection System

Sweden’s social insurance agency has suspended an AI system used to flag potential benefit fraud after an investigation found that the model disproportionately targeted women, immigrants, and lower income groups. The decision underscores how quickly automated decisions can shape public policy, and why continuous evaluation and transparency are essential when governments deploy machine learning systems.
🔗 Read the coverage

Yann LeCun Leaves Meta to Pursue World Model Startup

Yann LeCun, Meta’s long time chief AI scientist, is reportedly leaving to launch a startup focused on world models, systems that build internal representations of their environment rather than rely solely on next token prediction. The move aligns with his belief that scaling language models alone cannot deliver the next major breakthroughs in AI.
🔗 Read the report

OpenAI Releases GPT 5.1

OpenAI has shipped GPT 5.1 with variants such as Instant and Thinking, each designed to match the reasoning depth and latency required for a given task. The update brings faster responses, more consistent reasoning, and new controls for developers who want to tune how the model behaves across workflows.
🔗 Read the official announcement

In case you missed it, from the Lakera blog:

What the New MCP Specification Means to You, and Your Agents

This article walks through the evolution of the Model Context Protocol and explains how upcoming features such as identity documents, authorization requirements, long running tasks, and registry based discovery will shape the safety of agentic systems. The piece is a practical guide for anyone building or securing agents.
🔗 Read the article

Indirect Prompt Injection, The Hidden Threat Breaking Modern AI Systems

Indirect prompt injection targets the data your AI ingests rather than the prompt itself, and it has become one of the most significant risks for systems that browse, retrieve, read documents, or call tools. This deep dive explains real incidents, why agentic AI amplifies the problem, and the architectural controls required to keep these attacks from escalating.
🔗 Read the article

From exploited clusters to new open models and evolving protocol standards, the theme this week is clear. AI systems are becoming core infrastructure, and the safety of that infrastructure will determine how quickly organizations can deploy more advanced capabilities.