New tools, products, platforms, funding rounds, and company developments in AI security.
Enterprises are rapidly deploying AI agents (software systems that can act independently to complete tasks), and these agents need identity management (systems that verify who or what is accessing resources and what they're allowed to do). New research shows that budgeting for AI agent security differs significantly from how companies budget for traditional identity management projects.
Sony views generative AI (machine learning systems that can create new content like images or text) as a useful tool for game development, particularly for automating repetitive tasks. The company emphasizes that AI should enhance developer creativity rather than replace human talent, and that the artistic vision and emotional impact of games will continue to come from Sony's studios and performers.
Court documents from a lawsuit between Elon Musk and Sam Altman revealed that Microsoft's executives were worried OpenAI might leave to work with Amazon instead and publicly criticize Microsoft's cloud service (Azure, Microsoft's platform for running applications online). The documents show communications between Microsoft CEO Satya Nadella and OpenAI CEO Sam Altman from 2017 when they were beginning to discuss a partnership to fund OpenAI's AI research.
This article discusses the chaotic leadership transition at OpenAI in 2024, when Sam Altman was removed as CEO under unclear circumstances involving video calls and informal communications between current and former leadership. The situation's complexity is now being revealed through an ongoing legal dispute between Elon Musk and Altman.
Claude in Chrome, Anthropic's browser extension, has a bug called ClaudeBleed that allows malicious extensions to hijack it and trick it into performing unauthorized actions like stealing files, sending emails, or stealing code from private repositories. The vulnerability exists because the extension trusts any script from its origin (claude.ai) without checking who is actually running it, breaking Chrome's normal security model. Anthropic released a partial fix in version 1.0.70 on May 6, but researchers found the vulnerability can still be exploited by switching the extension to privileged mode.
A vulnerability called ClaudeBleed in the Claude extension for Chrome allows attackers to take over the AI agent by exploiting weak permission checks and improper trust verification. The flaw lets any malicious Chrome extension send commands to Claude and use prompt injection (tricking the AI by hiding instructions in its input) to control its actions, potentially stealing data from Gmail or Google Drive or sending emails on the user's behalf.
This article discusses how major tech companies like Palantir and Anthropic are using fashion and lifestyle products as marketing tools to build their brand image and appear more culturally sophisticated. The piece describes examples such as Palantir selling a $239 branded denim jacket made in Montana and Anthropic taking over a coffee shop, suggesting these companies are attempting to appeal to customers and the public through lifestyle branding rather than traditional tech marketing.
Major AI chatbots like ChatGPT, Gemini, Grok, and Claude have safety features designed to prevent them from producing harmful content such as hate speech, criminal instructions, and exploitation material. However, people called 'AI jailbreakers' deliberately try to bypass these safety restrictions, and journalist Jamie Bartlett explores why they do this and what it reveals about how large language models (AI systems trained on huge amounts of text data) actually work.
Cloudflare's stock dropped 18% after the company announced it would cut 1,100 employees (20% of its workforce) because agentic AI (AI systems that can autonomously plan and execute tasks) has fundamentally changed what jobs the company needs. Despite beating earnings expectations with strong revenue growth of 34% year-over-year, CEO Matthew Prince stated that the company's AI usage increased over 600% in three months as it shifts to an AI-first operating model, making many current roles obsolete.
OpenAI announced GPT-5.5-Cyber, a specialized version of its latest AI model designed for cybersecurity teams, which is being released in limited preview to vetted partners. Unlike the standard GPT-5.5 model, this version has relaxed safety restrictions to make it easier for security professionals to use it for tasks like vulnerability identification (finding weaknesses in software), patch validation (checking if security updates work), and malware analysis (studying malicious software). This release comes one month after rival Anthropic launched Claude Mythos, a similar AI tool also restricted to select cybersecurity organizations.
Ollama, a popular framework for running AI models locally, has a critical vulnerability (CVE-2026-7482, called Bleeding Llama) that allows attackers to steal sensitive data like passwords, chat messages, and system secrets from over 300,000 exposed servers. The flaw lets unauthenticated attackers upload a specially crafted file that tricks Ollama into reading memory beyond its intended boundaries, and the vulnerability is easy to exploit because Ollama has no authentication enabled by default.
This is a brief announcement of llm-gemini version 0.31, posted by Simon Willison on May 7, 2026. The content appears to be metadata and navigation elements from a blog or news site covering developments in large language models (LLMs, AI systems trained on vast amounts of text data) and Google's Gemini AI model, rather than detailed technical information about the release itself.
In November 2023, OpenAI CEO Sam Altman was suddenly removed from his position because he was "not consistently candid in his communications with the board." Through a lawsuit called Musk v. Altman, details from former CTO Mira Murati's testimony are now revealing what actually happened during that dramatic weekend at OpenAI.
Apple is developing AirPods with built-in cameras that are approaching production testing stages. The cameras won't take traditional photos or videos, but instead capture low-resolution visual information that users can ask Siri (Apple's AI assistant) to analyze, such as identifying what meals they could make with ingredients in front of them.
Anthropic released Mythos, an AI model that can find thousands of previously unknown software vulnerabilities (flaws in code that haven't been patched yet), which sparked concern among banks, governments, and tech companies about a new wave of AI-enabled cyberattacks. However, cybersecurity experts say this vulnerability-finding capability already exists in older, publicly available AI models from Anthropic and OpenAI, and can be achieved through orchestration (coordinating multiple tools or models to work together on a task).
Fix: Anthropic released version 1.0.70 on May 6 with added security checks that prevent extensions from executing remote commands in standard mode. The company also stated that 'a fix that removes the affected message handler has been merged and will ship in an upcoming extension release,' though the source notes this promised fix did not fully materialize in version 1.0.70.
CSO OnlineMajor tech companies like Meta and Google are racing to develop AI agents (AI tools that can perform tasks for users rather than just answer questions), following the viral success of OpenClaw earlier this year. While AI agents promise major business benefits through increased user engagement and revenue opportunities, significant security and governance challenges remain unresolved, particularly the risk of agents "doing the wrong thing" rather than just saying the wrong thing.
Model Context Protocol (MCP, a plugin system that lets AI agents connect to external tools) has become a major security blind spot because organizations aren't scanning for or monitoring MCP risks, leaving them vulnerable to attacks that exploit supply chain vulnerabilities, exposed credentials, and malicious AI tool installations. The article highlights how attackers can compromise widely-trusted MCP packages (like the postmark-mcp npm package that exfiltrated emails from 300 organizations) and how developers often hardcode sensitive credentials into AI configurations, making MCP a vehicle for old attack types (like supply chain attacks and credential theft) to cause new damage.
Penetration tests (security checks where experts try to break into systems) show that AI and large language model (LLM, advanced AI systems trained on huge amounts of text) systems have significantly more high-risk security flaws than traditional software, with 32% of AI findings rated high-risk compared to 13% for legacy systems. LLM vulnerabilities are also fixed less often, with only 38% of high-risk issues resolved, and experts attribute this to AI systems being deployed quickly without mature security controls, newer attack surfaces like prompt injection (tricking an AI by hiding instructions in its input), and unclear responsibility for fixing problems across teams.
Fix: Anthropic released a patch that added internal security checks to prevent extensions running in 'standard' mode from executing remote commands. However, LayerX noted this fix only partially addressed the issue, as attackers can switch the extension to 'privileged' mode to bypass the protection, and users are not notified or asked to approve this mode switch.
SecurityWeekFix: Users should update to Ollama version 0.17.1, which includes a patch for this vulnerability. Additionally, deploy an authentication proxy or API gateway (a security layer that controls access) in front of all Ollama instances and never expose them to the internet without IP access filters and firewalls. If your Ollama server was internet-accessible, assume environment variables and secrets in memory may be compromised and rotate API keys, tokens, and credentials immediately. On local networks, Ollama servers should be isolated on secure network segments and behind firewalls.
CSO OnlineGoogle's Chrome browser automatically downloaded and installed Gemini Nano, a local AI model (an AI that runs directly on your computer rather than in the cloud) taking up about 4 GB of space, without clear user notification. Many users were unaware of this installation until recent reports highlighted the issue, raising concerns about transparency in how tech companies roll out AI features.
Fix: To disable Gemini Nano, open Chrome on your computer, click the 'More' menu (three vertical dots) in the top right corner, go to Settings, then System, and toggle 'On-device AI' to off. According to Google, "Once disabled, the model will no longer download or update." However, the source notes that directly uninstalling the file from the directory will cause Chrome to silently redownload it when the browser restarts, so using the settings toggle is the proper method. Be aware that disabling this feature will prevent certain security functions like on-device scam detection from working.
Wired (Security)AI agent frameworks like Semantic Kernel, LangChain, and CrewAI let AI models control tools and plugins (software add-ons that perform actions like running scripts or accessing databases), but researchers discovered that prompt injection (tricking an AI by hiding instructions in its input) can turn into RCE (remote code execution, where an attacker runs commands on a system they don't own). Two critical vulnerabilities in Microsoft's Semantic Kernel (CVE-2026-25592 and CVE-2026-26030) could allow attackers to execute code on a host machine through malicious prompts.
Fix: The source states that the two vulnerabilities in Semantic Kernel "have since been fixed" but does not provide specific patch versions, mitigation steps, or technical details on how to address the vulnerabilities. The text mentions "responsible disclosure" and working with maintainers but does not explicitly describe how to patch or mitigate these issues. N/A -- no explicit mitigation or patch version details discussed in source.
Microsoft Security Blog