New tools, products, platforms, funding rounds, and company developments in AI security.
IBM's stock fell 11% after Anthropic announced that its Claude AI model can now automate COBOL (a decades-old programming language used in banking and business systems) modernization work, which is a core part of IBM's business. Claude can map dependencies, document workflows, and identify risks in old code much faster than human analysts, potentially making IBM's COBOL-related services less valuable.
A Russian-speaking hacker used generative AI (software that creates text and code) to break into over 600 FortiGate firewalls, which are security devices that protect networks. The attacker stole login credentials and backup files, likely to prepare for ransomware attacks (malware that locks up data until victims pay money).
Michael Gerstenhaber, a Google Cloud VP overseeing Vertex (a platform for deploying enterprise AI), describes how AI models are advancing along three distinct frontiers: raw intelligence (accuracy and capability), response time (latency, or how quickly the model answers), and cost-efficiency (whether a model can run reliably at massive, unpredictable scale). Different use cases prioritize these frontiers differently—for example, code generation prioritizes intelligence even if it takes time, customer support prioritizes speed within a latency budget, and large-scale content moderation prioritizes cost-effectiveness at infinite scale.
This article discusses concerns about AI posing a threat to cybersecurity companies, which has caused their stock prices to decline. However, the piece argues against abandoning investments in these companies despite these concerns.
OpenAI has announced the 'Frontier Alliance,' a partnership with four major consulting firms (Boston Consulting Group, McKinsey, Accenture, and Capgemini) to help enterprises adopt its AI technologies, particularly OpenAI Frontier, a no-code platform for building and deploying AI agents. The partnership aims to address slow enterprise adoption of AI by helping consultants redesign company strategies and workflows to integrate OpenAI's tools rather than simply adding AI to existing processes.
Cybersecurity stock prices fell sharply after Anthropic announced a new AI tool for its Claude model that can scan software code for vulnerabilities and suggest fixes, causing investors to worry that AI might replace traditional cybersecurity services. However, some analysts argue the threat is limited, noting that while AI could improve efficiency in specific tasks like code scanning, it cannot yet replace full end-to-end security platforms (complete systems that handle all stages of protecting against attacks).
Anthropic's CEO is meeting with the U.S. Defense Secretary to resolve disagreements over how the military can use the company's AI models (large language models trained to understand and generate text). Anthropic wants guarantees its technology won't be used for autonomous weapons (systems that make decisions without human control) or domestic surveillance, while the Department of Defense wants permission to use the models for any lawful purpose without restrictions.
The U.S. Defense Secretary is meeting with Anthropic's CEO to pressure the company into allowing military use of Claude (Anthropic's AI system) for mass surveillance and autonomous weapons (weapons that can fire without human approval). Anthropic has refused these uses, and the Pentagon is threatening to label it a "supply chain risk" (a designation that would ban it from government contracts), which could void their $200 million military contract and force other Pentagon partners to stop using Claude.
OpenAI announced partnerships with four major consulting firms (Accenture, Boston Consulting Group, Capgemini, and McKinsey) to help deploy its enterprise AI platform called Frontier, which acts as an intelligence layer that connects different systems and data within organizations to help companies manage and build AI agents (tools that can independently complete tasks). These consulting partnerships aim to accelerate AI adoption for enterprise customers by combining OpenAI's technology with the consulting firms' existing relationships and deep knowledge of how businesses operate.
This newsletter covers multiple business and policy topics, including the Supreme Court striking down Trump's tariffs (duties, or taxes on imported goods) in a 6-3 decision, followed by Trump announcing a new 15% global tariff the next day. A major winter blizzard caused airlines to cancel 15% of U.S. flights on Monday, and Trump called on Netflix to fire board member Susan Rice.
Attackers are using autonomous AI agents (AI systems that can independently perform tasks without constant human direction) in supply chain attacks (compromises targeting the software or services that other programs depend on) to steal cryptocurrency from wallets. While this current campaign focuses on crypto theft, security researchers warn the technique could be adapted for much broader attacks.
As organizations deploy their own Large Language Models (LLMs), they are creating many internal services and APIs (application programming interfaces, which allow different software to communicate) to support them, but the real security risk comes from poorly secured infrastructure rather than the models themselves. Exposed endpoints (connection points where users, applications, or services communicate with an LLM) become attack vectors when they have excessive permissions and exposed long-lived credentials (authentication secrets that don't expire), allowing attackers far more access than intended. Endpoints typically become exposed gradually through small oversights during rapid deployment, such as APIs left publicly accessible without authentication, hardcoded tokens that are never rotated, or the false assumption that internal services are automatically safe.
Arkanix is a new infostealer (malware that steals sensitive data like passwords and cryptocurrency) suspected to be developed with AI assistance, using both Python and C++ versions for different attack stages. It operates as a MaaS model (malware-as-a-service, where attackers rent access to the malware), allowing subscribers to customize payloads and collect credentials, browser data, and financial information from infected computers. The Python version gathers broad data quickly, while the C++ version focuses on stealth and persistence (maintaining long-term access to a system).
Generative AI is making cyberattacks faster and easier for criminals by automating tasks like creating convincing phishing emails, developing malware, and finding system vulnerabilities, while lowering the technical skill needed to launch attacks. Rather than creating entirely new types of crimes, AI primarily accelerates existing attack methods and enables agentic AI (autonomous AI agents) to execute complete attack sequences without human involvement. Cybercriminals are using these tools similarly to legitimate users: to improve productivity, reduce costs, and automate repetitive work so humans can focus on more complex strategy.
Guide Labs has open-sourced Steerling-8B, an 8 billion parameter LLM designed to be interpretable, meaning its decisions can be traced back to its training data and understood rather than treated as a black box. The model uses a new architecture with a concept layer that buckets data into traceable categories, allowing developers to understand why the model produces specific outputs and control its behavior for applications like blocking copyrighted content or preventing bias in loan evaluations.
A software engineer is creating a collection of documented patterns for agentic engineering, which refers to using coding agents (AI tools that can generate, execute, and iterate on code independently) to help professional developers work faster and better. The project will be published as a series of chapters on a blog, inspired by classic design pattern documentation, with the first two chapters covering how cheap code generation changes software development and how test-first development (TDD) helps agents write better code.
Instagram's leader Adam Mosseri warned that AI can now convincingly fake almost any content, making it hard for creators to stand out with authentic material. He proposed solving this by having camera manufacturers cryptographically sign images (using math-based codes that prove an image wasn't altered) at the moment they're captured, creating a verifiable record of what's real versus AI-generated.
Fix: Camera manufacturers will cryptographically sign images at capture, creating a chain of custody to establish a trustworthy system for determining what's not AI.
The Verge (AI)Citrini Research published a scenario describing how AI agents (autonomous AI systems that can make decisions and take actions independently) could trigger economic collapse by replacing white-collar workers with cheaper AI alternatives, creating a negative feedback loop where job losses reduce consumer spending, forcing companies to invest even more in AI to survive. The scenario imagines unemployment doubling and stock market value falling by a third within two years, though the researchers present it as a thought experiment rather than a prediction.
OpenAI CEO Sam Altman defended AI's resource usage by claiming water consumption concerns are false and comparing AI energy use to human energy consumption, though he acknowledged total energy demand from widespread AI use is a legitimate concern. Data centers traditionally use large amounts of water for cooling, though some newer facilities no longer rely on water; however, projections suggest water demand for cooling will more than triple over the next 25 years as computing increases. Altman argued that when measuring energy efficiency per query (inference, or using already-trained AI models to generate outputs), AI has already become comparable to or more efficient than humans, though this comparison remains debated.
Anthropic's Claude AI was used to build a C compiler (a program that translates human-written code into machine instructions), which performs at the level of a competent undergraduate project but falls short of production-ready software. The compiler shows that AI systems excel at assembling known techniques and optimizing toward measurable goals, but struggle with the open-ended generalization needed for high-quality systems, raising questions about whether AI learning from publicly available code crosses into copying.