New tools, products, platforms, funding rounds, and company developments in AI security.
Researchers have created a prototype of an AI-powered internet worm, which is malware (malicious software that spreads itself) that carries its own LLM (large language model, a type of AI trained on text data) and runs it on computers it has broken into. This design closely matches the original concept of computer worms from 1975, but now enhanced with AI capabilities.
Anthropic, an AI company, has filed for an initial public offering (IPO, the process of selling company shares to the public for the first time) with a $965 billion valuation and $47 billion revenue run rate, setting up a major test of whether sky-high valuations for AI companies are justified. Analysts say the key metric determining Anthropic's success won't be its valuation but its gross margin (the percentage of revenue left after paying the costs to provide AI services), which the company has kept secret and will likely reshape how the entire industry is valued. The filing could have major impacts on competitors and how enterprises price AI services going forward.
Claude Code, Anthropic's AI coding assistant, stores OAuth tokens (security credentials that prove access permission) in plaintext in a configuration file, and researchers discovered an attack where malicious npm packages (JavaScript libraries) can silently redirect these tokens to attacker-controlled servers before they reach legitimate services like GitHub or Jira. The attack is difficult to detect because the requests appear legitimate in audit logs, and Anthropic has not released a patch despite knowing about the vulnerability since April.
A former OpenAI researcher is now leading AI development at Chinese tech company Tencent, aiming to build AGI (artificial general intelligence, or AI with human-level or above capabilities), marking a shift in how Chinese companies approach AI compared to the U.S. Previously, Chinese firms focused on practical applications while U.S. companies pursued AGI, but as China recruits top talent from Silicon Valley, the companies are adopting the same long-term AGI goals. This contrasts with caution emerging in the U.S., where companies like Anthropic are calling for slower AI development due to safety concerns.
A US Commerce Department report criticizes NIST (National Institute of Standards and Technology) for a growing backlog of unprocessed vulnerabilities in the NVD (National Vulnerability Database, a catalog of known security flaws). The backlog has worsened due to budget cuts, increased vulnerability discoveries from AI tools, and inefficient coordination between NIST and CISA (Cybersecurity and Infrastructure Security Agency), including duplicated work and failure to share data despite having access to the same public information.
This article is about a political dispute, not an AI or LLM security issue. It discusses UK Prime Minister Keir Starmer criticizing Elon Musk for posts on X (a social media platform) related to a murder case, but contains no technical content about artificial intelligence, large language models, cybersecurity, or software vulnerabilities.
OpenAI has proposed a federal governance framework for frontier AI (the most advanced AI systems) that requires mandatory evaluations by a government body before public release, but stops short of giving regulators the power to block deployments. The proposal also includes broader requirements like third-party audits, transparency reports, incident reporting, and whistleblower protections for frontier AI developers, arguing that voluntary commitments alone are insufficient as AI systems become more capable.
A security flaw in Anthropic's Claude Code GitHub Action allowed attackers to hijack repositories by opening a single malicious GitHub issue that exploited a broken permission check and indirect prompt injection (tricking an AI by hiding instructions in its input). The vulnerability let attackers steal credentials needed to gain write access to code and workflows, potentially poisoning the Claude Code Action itself for downstream projects that use it.
This cybersecurity news roundup covers several major threats: attackers are poisoning AI chatbot search results to trick users into downloading malware that hijacks computer power for cryptocurrency mining; the Grandoreiro banking trojan continues targeting financial institutions despite being a decade old; and a ransomware group called The Gentlemen uses self-propagating malware to automatically encrypt entire networks. Additionally, Let's Encrypt is preparing to adopt Merkle Tree Certificates (a more efficient way to batch multiple digital certificates under one signature) to handle the larger file sizes of post-quantum cryptography, with a test environment launching in late 2026.
Fix: Disconnect Automatic Tank Gauge (ATG) systems from the public internet immediately, according to warnings from CISA, the FBI, the NSA, and other US agencies. For post-quantum cryptography concerns, Let's Encrypt plans to launch a staging environment for Merkle Tree Certificates in late 2026, followed by full production rollout in 2027.
SecurityWeekAttackers exploited Meta's AI customer support agent by tricking it into linking Instagram accounts to email addresses they controlled, showing that AI security risks extend beyond sophisticated attacks to simple social engineering exploits. Psychologist Gloria Mark warns that relying on AI chatbots like ChatGPT and Claude may weaken human attention spans, critical thinking, and emotional intelligence by deferring cognitive work to machines.
Despite rapid adoption of AI tools in security operations centers (SOCs, teams that monitor and respond to security threats), only 10% report excellent value from these investments. The problem is structural: most SOCs deploy off-the-shelf AI without customization or best practices, and individual AI tools don't share information with each other, so analysts still face fragmented workflows even though individual tasks run faster.
Attackers exploited Meta's AI customer support agent by simply asking it to link Instagram accounts to email addresses they controlled, allowing them to steal accounts including a high-profile one. The hack shows that while AI security discussions often focus on powerful AI systems attacking computer infrastructure, the real vulnerability here was that the AI agent itself became a target through direct, straightforward manipulation that should have been caught before deployment.
Fix: The source explicitly mentions two mitigations: (1) Companies can use traditional software to build guardrails that make sure agents follow strict rules, such as always asking for answers to security questions before sending sensitive account information to a new email address. (2) Agents should undergo rigorous red-teaming, a process of testing systems by simulating attacks to find vulnerabilities before they're deployed to users.
MIT Technology ReviewAI tools are being sold increasingly on underground ransomware marketplaces, with sales growing from 38 posts in December 2025 to 1,486 in February 2026. These tools include weaponized LLMs (large language models without safety protections), deepfakes for identity fraud, AI-enhanced malware, and stolen AI accounts, making it easier for criminals to launch attacks at scale. The source notes that while criminal security is weaker than it appears and criminals sometimes steal from each other, ransomware attacks have grown 20% since 2023 and become significantly more profitable.
A UK Labour MP has launched a legal case against Elon Musk's company xAI over harmful content created by their Grok AI tool (a chatbot), including fake sexual images and videos of her. Following this test case, other potential victims have contacted her lawyer to pursue similar legal action against the company.
As AI systems evolve from simple assistants into autonomous agents (AI systems that can make decisions and execute tasks independently), organizations face new security risks because these agents access sensitive systems and data at speeds humans cannot match. The article outlines three principles for secure AI deployment: treat AI agents as privileged identities (accounts with special access permissions) requiring continuous monitoring, secure the entire AI lifecycle from development through production rather than just the initial build phase, and use AI-powered analytics to detect threats in real time across multiple systems.
Fix: The report states that 'NIST must improve the efficiency of enrichment processes to ensure sustainability' and notes that 'before system updates and subsequent process changes were completed in March 2025, NIST refused to use CISA's data.' The source indicates technical updates to the NVD system were needed 'to incorporate CISA's enrichment data because the system lacked the capability to attribute data to specific sources,' and these updates were completed in March 2025, allowing NIST to leverage CISA's data to expedite backlog reduction.
CSO OnlineCrowdStrike CEO George Kurtz stated that growing concerns about AI-powered cyber threats are creating business opportunities for his company, as enterprises seek security solutions to safely deploy AI across their organizations. He noted that demand for CrowdStrike's AI Detection and Response platform (a tool that finds and responds to AI-related security attacks) is accelerating, with the company's second quarter pipeline exceeding $50 million and growing 250% sequentially. Kurtz argued that AI is actually increasing the need for cybersecurity by making attackers more sophisticated, rather than reducing it.
Anthropic co-founder Jack Clark warns that AI is advancing so rapidly it could soon develop without human control, and he calls for a regulatory 'brake pedal' (a way to slow or pause AI progress) to keep society in control of these increasingly powerful systems. He notes that Anthropic's Claude chatbot already writes 80% of its own code, and reaching 100% is possible within two years, which would have major implications for society.
Gartner analysts warn about four critical threats where attackers currently have an advantage, including deepfakes (AI-generated fake videos or images) and prompt injection (tricking an AI by hiding malicious instructions in its input). The analysts are urging organizations to strengthen their security defenses against these emerging threats.
Microsoft's AI Red Team updated their taxonomy of failure modes in agentic AI systems (AI systems that can autonomously perform tasks) from v1.0 to v2.0 based on 12 months of real-world security testing. The update added seven new failure mode categories, including agentic supply chain compromise (injecting malicious instructions into tool registries), goal hijacking (redirecting an agent's objectives through disguised commands), and inter-agent trust escalation (one compromised agent deceiving others about its permissions). The revision was driven by rapid adoption of open-source agentic frameworks, widespread vulnerabilities in tool ecosystems, and the emergence of computer-use agents that interact with graphical interfaces.
Fix: Update to claude-code-action v1.0.94 or later. Then audit any workflow that lets users without write access or bots trigger Claude: if it takes untrusted input, limit secrets to only the Anthropic API key and GITHUB_TOKEN, and remove tools and permissions that could be used for stealing data.
The Hacker NewsAgentic AI (AI systems that can take independent actions across networks) is being deployed in U.S. defense networks, but security risks are growing just as fast, especially after an unauthorized group reportedly accessed Anthropic's Claude Mythos model within hours. The article emphasizes that AI is only as trustworthy as the data it uses, the networks it connects to, and the security controls protecting it, requiring careful attention to what data enters the model, who can access it, and where the AI sends requests.