New tools, products, platforms, funding rounds, and company developments in AI security.
The US has proposed the AI Incident Reporting Act, which would require developers of advanced AI models to report major safety and security incidents to the Commerce Department within seven days of discovering them. The law would cover incidents like attempts to evade human oversight, theft of model weights (the internal parameters that make an AI work), and capabilities that could enable cyberattacks or weapons development, with the Commerce Department required to notify Congress within 48 hours for imminent threats.
MCP (model context protocol, a standard for connecting AI agents to business tools) is transitioning to an enterprise version on July 28, 2026, with a 12-month deprecation window for older versions. While the new stateless design removes some vulnerabilities like session hijacking, it introduces new security risks including predictable tracking identifiers that could enable workflow hijacking, HTTP header leaks of sensitive data like API keys, cross-site scripting (XSS, where attackers inject malicious code into web pages) attacks via MCP Apps, and denial-of-service (DoS, overwhelming a system to make it unavailable) risks from long-running tasks.
The GDPR (General Data Protection Regulation, a European law protecting personal data) has successfully increased data protection awareness and compliance among companies over its first 10 years, with enforcement fines exceeding €6 billion. However, businesses increasingly view GDPR as burdensome and complicated, particularly for AI development, with 69% of companies in 2025 reporting that data protection regulations make it difficult to train AI models with sufficient data.
Anthropic is testing mobile support for Claude Cowork, an agentic mode (where Claude can autonomously complete tasks) that lets users manage long-running tasks like document creation and file analysis from their phone. The mobile version would act as a remote control for Cowork running on a desktop computer, allowing users to start tasks, monitor progress, and continue work in the background even when the app is closed.
The Trump administration asked OpenAI to delay the full release of GPT-5.6 (a large language model, which is an AI system trained on vast amounts of text) over security concerns. Instead of a public release, OpenAI will first offer the model in limited preview form to only a small group of business customers, with the federal government approving each customer's access individually.
A German court ruled that Google is liable for inaccurate AI search summaries, rejecting the argument that Google is merely a neutral carrier of information. The ruling clarifies that when companies use AI to rewrite and summarize content from other sources, they act as publishers and editors, making editorial decisions like traditional newspapers, rather than simply transmitting information. This legal development suggests that companies deploying AI systems bear responsibility for their accuracy, similar to how they would be liable if human employees made the same errors.
Ford's automated systems and AI models made production and design errors that required the company to hire experienced technicians, sometimes rehiring former employees, to fix the mistakes. Ford acknowledged that while AI is powerful, it is prone to errors that depend heavily on the quality of training data (the information used to teach AI models how to work).
Anthropic, a major AI company, is rapidly expanding its data center operations in Asia-Pacific by hiring 13 people, with eight positions in Australia and Japan, to handle increasing demand for its AI products. The company is building infrastructure in these regions because they offer advantages like renewable energy, political stability, and security benefits, though Australia's copyright laws present a potential obstacle to large-scale expansion.
Agentic AI (AI systems that can work independently on tasks for extended periods, rather than just answering single questions) is transforming how people work by handling longer, more complex tasks instead of short interactions. At OpenAI, a tool called Codex shifted from being used mainly by engineers to becoming the primary AI tool across all departments, including non-technical ones like Legal and Recruiting, with usage growing dramatically over the past year. Users increasingly delegate tasks that would take humans hours or even days to complete, with some users running dozens of hours of parallel agent tasks in a single day.
LlamaIndex v0.14.23 is a maintenance release that updates dependencies (uv and pip, which are Python package managers) across multiple directories and fixes various bugs in the core library. Key fixes include handling empty input sequences, preserving video and document blocks in memory, resolving recursion errors in text splitting, and preventing state mutation issues in workflows.
The article explains that while casual prompt testing (trying unusual inputs to see if an AI refuses them) is accessible to anyone, it is insufficient for enterprise AI systems. Enterprise AI is more complex because it includes policies, retrieval pipelines (systems that fetch information from databases), APIs (interfaces allowing programs to communicate), tools, permissions, workflows, and data sources, requiring more rigorous testing approaches.
This article discusses Broadcom's stock performance and mentions a new AI chip called Jalapeno that was co-designed with OpenAI. The article suggests this chip development could be a significant business opportunity for Broadcom.
Two members of Scattered Spider, a cybercrime collective, were convicted for attacking Transport for London's network in September 2024, which disrupted services, exposed personal data of 10 million people, and caused £29 million in damages. Thalha Jubair and Owen Flowers used social engineering and help-desk impersonation tactics to compromise TfL systems. The group is known for targeting IT support providers to bypass multi-factor authentication (security that requires multiple verification methods) and gain unauthorized access to networks.
A macOS malware called "Gaslight" uses prompt injection (tricking an AI by hiding instructions in its input) to confuse AI-powered malware analysis tools by embedding fake error messages, crash reports, and debugging data within the executable file. The malware contains 38 fabricated system messages designed to make LLM (large language model)-assisted analysis tools question their own sessions or stop analyzing the malware, rather than trying to evade detection in sandboxes (isolated test environments). Researchers attribute the malware to a North Korean-linked threat actor, and while it hasn't been shown to successfully bypass current AI analysis platforms, it suggests attackers are developing new anti-analysis techniques targeting AI-based security tools.
A TOCTOU attack (time-of-check to time-of-use, a type of race condition where a system checks something and then uses it, but the situation changes in between) can trick AI agents that control computers by changing what's on the screen while the AI is thinking. For example, an attacker can swap out a button with a different one, or overlay a fake button on top of a real one, so the AI clicks something it didn't intend to, like sending an email or visiting a malicious site.
Fix: "Ensure that the UI hasn't changed before taking an action." Anthropic addressed this in Claude Computer-Use by implementing a check to "ensure that pixels haven't changed before action," according to Felix Rieseberg's announcement when the feature shipped.
Embrace The RedA research paper shows that large language models (LLMs) are vulnerable to prompt injection attacks (tricks where attackers hide malicious instructions in text input) because they rely on role tags (formatting markers that separate different instruction blocks) as their main security mechanism, but these tags don't actually reflect how the model processes information internally. The researchers conclude that unless LLMs develop a genuine ability to understand and maintain role boundaries, prompt injection attacks will remain difficult to prevent permanently.
CIOs face pressure to rapidly adopt AI across their organizations to prove business value, but must balance this speed with managing new security and governance risks. AI introduces unique challenges because its behavior is indeterminate (unpredictable and hard to verify like traditional technology) and employees are eager to use it without oversight, creating what's called shadow use (unauthorized use of tools that bypasses IT controls). Organizations should clarify their specific business goals and conduct a risk assessment before implementing AI rather than adopting it out of fear of falling behind.
A new malware called Gaslight, created by North Korea-aligned hackers, targets macOS systems and uses prompt injection (tricking an AI by hiding instructions in its input) to disrupt AI tools that analyze malware. The malware embeds fake system-failure messages designed to confuse AI-assisted analysis tools, while also stealing sensitive data like browser histories and passwords through a command-and-control (C2, a server that lets attackers remotely control infected computers) channel powered by Telegram.
A U.S. Congresswoman claimed her staff used AI only for "spellcheck" when writing a summary of a defense bill amendment, not for drafting the actual legislation. Screenshots shared online showed what appeared to be Claude (an AI assistant) being used to generate the amendment summary, prompting the congresswoman to deny that AI was used to write any actual laws.
AI agents that can autonomously access websites, emails, and files are vulnerable to 'traps' - maliciously designed information that tricks them into wrong actions. These traps include content injection (hiding malicious instructions in webpage code or metadata), semantic manipulation (using repetition and emotional language to guide decisions), and cognitive state attacks (poisoning databases that agents rely on for memory), with research showing such attacks succeed 57-90% of the time depending on the type.