AI Sec Watch

OpenAI announced a limited preview of three new GPT-5.6 models: Sol (high-performance), Terra (balanced), and Luna (fast and affordable), with pricing ranging from $1-$30 per million tokens depending on the model and whether the input or output is being processed. The company is starting with a limited preview for trusted partners approved by the U.S. government before making the models more broadly available, and the new models include improved prompt caching (a feature that stores frequently used inputs to speed up responses) with explicit cache breakpoints and longer minimum cache duration.

OpenAI released three new AI models (GPT-5.6 Sol, Terra, and Luna) but is initially limiting access to a small group of trusted partners at the U.S. government's request, following President Trump's recent AI executive order asking developers to let the government assess model capabilities before full release. The company says it plans to make the models generally available in the coming weeks and is working with the Trump administration to develop a repeatable assessment process for future model releases.

OpenAI released GPT-5.6, a new model suite with three versions: Sol (flagship), Terra (medium-tier for high-volume work), and Luna (fast and affordable). The models are designed to excel at coding, cybersecurity, biology, and agentic AI tasks (where AI systems can plan and execute multi-step goals with minimal human direction), and Sol is priced competitively against competitors like Anthropic's Claude.

Malware authors are creating code that tricks AI-based security tools (LLM-assisted products, which use large language models to analyze threats) into stopping their analysis or refusing to work, according to security researchers at SentinelLabs. One example is macOS.Gaslight, believed to be linked to North Korean hackers, and this is part of a growing trend where malware is specifically designed to evade AI-powered defenses.

Docling is a tool that helps process documents by reading different file formats and connecting with AI systems. Before version 2.94.0, Docling's HTML backend had unsafe handling of URIs and file paths (ways of locating files on a computer), which could be exploited as a security weakness. This issue was fixed in version 2.94.0.

Docling is a tool that processes documents in different formats and connects them with AI systems. Versions 2.45.0 through 2.91.0 had security flaws in how they parsed METS-GBS archives (a type of compressed document file), allowing attackers to craft malicious files that could steal sensitive data, use up system resources, or crash the application.

Companies are shifting away from "tokenmaxxing" (using as much AI as possible without worrying about costs) toward efficiency and cost control, with some businesses switching to cheaper AI alternatives like DeepSeek to reduce spending. OpenAI and Anthropic, which have benefited enormously from the previous spend-at-all-costs mentality, may face slower growth as enterprises demand clearer returns on their AI investments and limit their token (units of data processed by AI models) spending.

This cybersecurity news roundup covers several major incidents and policy developments, including Russian authorities using legacy Cellebrite software (a tool that extracts data from phones) to breach an activist's iPhone, a major data breach at Tata Electronics exposing 630 GB of Apple and Tesla secrets, and a Five Eyes warning that advanced AI is accelerating vulnerability research and exploit development (automated creation of attack tools), compressing attack timelines from years to months. Additional stories include guilty pleas from Scattered Spider hackers who compromised London's transport system, an upcoming Android developer verification framework launching in 2026, and U.S. government restrictions on OpenAI's GPT-5.6 model deployment.

Anthropic removed its Mythos-class models (its most advanced AI systems) from service after receiving an order from the Trump administration on a Friday evening. Two weeks later, the company has provided no updates on negotiations or timeline for when these models might return online, leaving the situation unresolved.