New tools, products, platforms, funding rounds, and company developments in AI security.
The Trump administration ordered Anthropic to take its newest AI models offline and block access for all foreign nationals, including the company's own international employees. This incident highlights how the US government can control access to advanced AI technology, even for American companies, raising concerns about global AI development being dominated by American political decisions.
Tech company lobbyists in Washington have been pushing for preemption, a comprehensive federal law that would create one set of AI rules across the entire country instead of having different regulations in each state. Their efforts have faced political obstacles and public backlash, and they worry that after upcoming elections, Congress may have more Democrats who are unwilling to support their proposals.
Salesforce is acquiring Fin (formerly Intercom), an AI customer service platform, for $3.6 billion to strengthen its agentic AI (autonomous artificial intelligence agents that can independently handle tasks) offerings. Fin's main product is an AI agent powered by a proprietary model called Apex that can resolve customer inquiries across multiple channels including chat, email, WhatsApp, and Slack. This acquisition reflects how software companies are competing to invest in more autonomous AI technologies as businesses increasingly demand agentic solutions.
LiteLLM, a widely-used open-source AI gateway (a system that routes AI requests to multiple providers), has a critical vulnerability chain (CVSS score of 9.9, meaning extremely severe) that lets low-privilege users gain full admin control and run code on the server. The three bugs work together: an authorization bypass (CVE-2026-47101) that lets users create keys with unlimited access, a privilege escalation (CVE-2026-47102) that promotes users to admin, and a sandbox escape (CVE-2026-40217) that executes arbitrary code. This compromise exposes all provider API keys, encrypted credentials, and all prompts and responses passing through the gateway, plus allows attackers to alter AI responses in transit.
A critical flaw in Microsoft 365 Copilot Enterprise Search could let attackers steal emails, calendar details, and multi-factor authentication codes with a single click on a malicious link. Researchers discovered that three chained bugs, including parameter-to-prompt injection (tricking the AI by hiding instructions in a URL parameter), a timing flaw in how responses are filtered, and a Content Security Policy allowlist for Bing, allowed attackers to extract sensitive data without the user entering any passwords or clicking again.
Skydio is the largest US drone manufacturer that makes autonomous drones (aircraft that can operate with minimal human control) and sells them to critical industries like utilities, public safety, and militaries for inspecting infrastructure and gathering information. The drone market has shifted dramatically since China-made competitors like DJI were banned from the US, leaving Skydio as a primary alternative for enterprise customers who previously relied on cheaper foreign drones.
SearchLeak is a critical vulnerability in Microsoft 365 Copilot Enterprise that allowed attackers to steal sensitive data like emails, passwords, and documents through a single malicious link. The attack worked by chaining three separate flaws together: parameter-to-prompt injection (tricking the AI by hiding instructions in a URL parameter), an HTML rendering race condition (exploiting a moment when HTML isn't yet protected), and a server-side request forgery in Bing (making Bing unknowingly help retrieve stolen data). Microsoft fixed this vulnerability and assigned it CVE-2026-42824 with a critical severity rating.
Langflow, an open-source platform for building AI applications, has a path traversal vulnerability (CVE-2026-5027, rated 8.8 CVSS, a measure of how severe a vulnerability is) that allows attackers to write files to any location on a system and potentially execute remote code. The flaw is particularly dangerous because Langflow has login disabled by default, letting unauthenticated users exploit it with a single request, and attackers are actively using public exploit code to attack the approximately 7,000 internet-exposed instances.
The U.S. government ordered AI company Anthropic to disable access to its latest AI models, Fable 5 and Mythos 5, citing national security concerns about a potential jailbreak (a method to bypass safety restrictions). Anthropic complied by shutting down access for all users, and senior staff are meeting with Trump administration officials to resolve the dispute, which follows earlier government actions restricting defense contractors from using Anthropic's technology.
Anthropic, an AI company, is meeting with US government officials after releasing Fable 5 and Mythos 5, new versions of its Claude Mythos AI model, which the government suspended due to national security concerns. The government discovered a potential jailbreak (a method to make an AI tool do something unintended) in the publicly available version shortly after release, and Anthropic reported receiving only verbal evidence of the vulnerability so far.
Fix: Upgrade to LiteLLM v1.83.14-stable or later. This release, published May 2, includes the complete fix set for all three CVEs in the vulnerability chain.
The Hacker NewsThe U.S. government ordered Anthropic to restrict exports of its Fable and Mythos AI models (advanced models designed to find security vulnerabilities), citing national security concerns, which prompted Anthropic to suspend worldwide access to these models. Dozens of prominent cybersecurity experts published an open letter arguing this ban is dangerous because it removes powerful security tools from defenders while adversaries continue advancing, and they claim the vulnerability that justified the ban can be replicated in other widely available AI models like OpenAI's GPT-5.5 and Claude Opus 4.8.
Fix: Microsoft mitigated the flaw on its backend, so customers have nothing to worry about. No customer action was required.
The Hacker NewsAnthropic's AI models were taken offline due to disagreements between the company and US government officials over export controls, with personality clashes between key leaders cited as a contributing factor. The government is concerned about jailbreaks (methods to bypass safety restrictions on AI models), and one proposed solution is to make Anthropic's models resistant to jailbreaking, though officials acknowledge this may be impossible to achieve perfectly.
Fix: The source mentions that Anthropic has worked on Constitutional Classifiers (a method to detect and prevent unsafe outputs) and claims no universal jailbreak has been found against Claude Mythos. However, no explicit fix, patch, or confirmed mitigation is presented as a resolved solution in the text.
Simon Willison's WeblogNewCore, a new cybersecurity startup, has raised $66 million to help companies manage AI agents as workplace participants by giving them digital identities with proper authentication and access controls. As companies increasingly deploy AI agents alongside human employees, NewCore argues that traditional identity platforms (systems that verify who users are and what they can access) are outdated and designed only for humans, not software workers. NewCore's platform treats AI agents as first-class identities with their own permissions and access controls, using a 'split-key' architecture (dividing credentials between the customer and the platform to prevent a single point of failure) to secure them.
Fix: NewCore's platform addresses this through several built-in features explicitly described in the source: a 'split-key' architecture that divides critical identity credentials between the customer and the platform to eliminate a single point of compromise; an 'Agentic Skill' integration package for coding assistants like Claude Code, OpenAI's Codex, and Cursor that allows AI tools to access enterprise systems as managed identities rather than through manually distributed credentials; and a mobile app that lets employees grant, review, and revoke access for AI agents, providing human oversight as companies deploy more autonomous systems.
TechCrunch (Security)Fix: Microsoft addressed SearchLeak at the beginning of the month. With Microsoft having fixed CVE-2026-42824, there's no user action required to mitigate this threat.
BleepingComputerNewCore, an Israeli cybersecurity startup, has emerged from stealth mode with $66 million in funding to build an identity platform designed for the era of agentic AI (AI systems that can take autonomous actions). The platform uses Secure Split Key (SSK), a technique that prevents a specific class of attacks on SAML (Security Assertion Markup Language, a system for managing authentication) infrastructure, and includes features like hardware-bound credentials and continuous identity discovery to protect human, machine, and AI agent identities.
Fix: Update Langflow to version 1.9.0 or later (current version is 1.10.0). The vulnerability affects versions up to 1.8.4, and the fix was released on April 15.
CSO OnlineAnthropic stopped all access to its Fable 5 and Mythos 5 AI models after receiving an export control directive (a government order restricting who can use certain technology) that prevents foreign nationals from using these systems. The shutdown was triggered by US regulations that treat advanced AI as technology that needs restricted access.
Researchers discovered that attackers can exploit AI agent guardrails (safety systems that check AI behavior) by inserting malicious content into documents, causing the security mechanisms to enter extended thinking loops that dramatically slow down or crash shared AI systems. This reasoning-extension DoS (denial-of-service, a type of attack that makes systems unavailable) attack targets the safety layer itself rather than trying to jailbreak the AI model, and it works across multiple AI frameworks and different LLM families. Unlike traditional attacks that try to produce unsafe outputs, this technique compromises availability by exhausting computational resources, with some systems experiencing slowdowns of up to 148 times normal speed.
Sovereign cloud (cloud infrastructure located in a specific country or region to comply with data residency laws) alone does not guarantee the control that enterprises expect over their AI workloads, despite regulatory pressure in Europe and increasing scrutiny in the US. The real control point lies in identity governance (managing who can access what resources and under what circumstances) and related infrastructure layers like encryption key management, access logging, and workload identity management, not just where data is physically stored.
AI agents (software systems that can read data, process external content, and take actions) now commonly have all three dangerous capabilities together, making them vulnerable to prompt injection (tricky instructions hidden in data that trick the AI into doing harmful things). Security experts like Meta recommend the 'Rule of Two,' which limits agents to only two of these three capabilities per session and requires human approval if all three are needed, but this framework has limitations and doesn't fully solve the problem.
Fix: Meta's security team published the 'Rule of Two' framework, which recommends agents satisfy no more than two of the three trifecta properties (access to private data, exposure to untrusted content, ability to communicate externally) in a single session, with human-in-the-loop approval required if all three are necessary. Simon Willison endorsed this framework as 'the best practical advice for building secure LLM-powered agent systems today.'
CSO OnlineAI agents operate at machine speed across multiple systems, making traditional security models that grant access once at login insufficient for protecting modern infrastructure. CrowdStrike's Continuous Identity approach continuously evaluates identity, device, threat, and business context to grant, adjust, or revoke access in real time, with specific features for AI agents including verification based on SPIFFE standards (an identity framework), removal of standing privileges (permissions that remain active indefinitely), and immediate revocation when risk conditions change.
Fix: CrowdStrike provides Continuous Identity for AI Agents through Falcon Next-Gen Identity Security, which eliminates standing privileges and verifies trust for every agent action in real time using SPIFFE identity standards and the Shared Signals Framework. The system evaluates each action against the human user's and agent's entitlements and current security and business context, ensures agents cannot exceed the permissions of their human operator, preserves human identity and permissions when agents delegate to sub-agents, and immediately revokes access if context changes (such as new vulnerabilities or HR status changes). Additionally, CrowdStrike Falcon AI Detection and Response (AIDR) continuously inspects prompts and intent to detect permission misuse, triggering Continuous Identity to revoke access before damage occurs.
CrowdStrike BlogAccording to a report, the White House may have restricted exports of Anthropic's Mythos AI model because it feared a group linked to China had accessed it, which would pose serious national security risks. One concern is that the Chinese government could use distillation (training a simpler AI on a more advanced one to copy its behavior) to reverse engineer the model.