Concerns are rising over the security of artificial intelligence tools used in software development as vulnerabilities have emerged. A specific flaw, known as CVE-2026-0628, has been linked to Google’s Gemini AI within the Chrome browser, rated as High with a CVSS score of 8.8. This vulnerability could allow malicious browser extensions to hijack the Gemini Live panel, raising significant security threats for users.
In addition to established systems, there is a growing trend of downloads for potentially harmful AI extensions that may compromise user data. Many of these extensions are appearing in popular app stores, misleading users seeking AI functionalities.
In a separate development, Microsoft is enhancing data protection measures for its Microsoft 365 Copilot AI assistant in response to user feedback regarding the handling of sensitive information. New controls will enable organizations to implement data loss prevention (DLP) measures on files stored in OneDrive and SharePoint, although these settings will not apply to locally saved files.
On March 2, Microsoft also released a patch, KB 5082314, addressing a certificate renewal issue for Windows Hello for Business in specific Active Directory Federation Services (ADFS) deployments. This cumulative update is significant for organizations utilizing ADFS.