New tools, products, platforms, funding rounds, and company developments in AI security.
Offroad, a new startup, uses agentic AI (AI systems that can take autonomous actions) to help organizations find and fix identity risks across their systems. The company addresses a growing problem where identities (human users, machines, and AI agents) are spreading across many systems, making it difficult for security teams to manually manage access and permissions, especially as AI agents operate at scales and speeds humans cannot match.
Fix: Offroad's approach, as described in the source, is to 'use its own autonomous agents to find the issue, gather the context necessary to understand the problem, and then fix it.' The system either reports details to a human for review or takes autonomous action wherever safe. Additionally, Offroad has launched ohauth.ai, described as 'A community catalog of OAuth apps (third-party applications with delegated access) with over-privileged scopes, dead publisher domains, and silent permission drift' to help organizations identify risky applications.
SecurityWeekThis security bulletin covers multiple threats: Cisco released patches for a high-severity SSRF vulnerability (server-side request forgery, where attackers trick a server into making unwanted requests) in Unified Communications Manager that could let unauthenticated attackers write files and gain root access; Russia's FSB reported foreign intelligence services deployed spyware on officials' mobile devices to steal data and conduct surveillance; threat actors are using social engineering to distribute VIP Keylogger through JavaScript, batch, and VBS loaders disguised as business communications; and the U.S. Treasury sanctioned Iran's largest cryptocurrency exchange for facilitating payments linked to terrorist activities and ransomware actors.
This article discusses a podcast interview about Elon Musk's planned SpaceX IPO (initial public offering, when a private company sells shares to become publicly traded) and the state of X (formerly Twitter). The interview explores how Musk may be bending corporate governance rules (the systems that keep companies accountable to shareholders and investors) to make the SpaceX IPO happen, and examines whether Musk's 2022 purchase of Twitter has damaged his reputation and businesses as predicted.
A high-severity vulnerability in Hugging Face Transformers (a popular Python library for running AI models) allows attackers to execute malicious code on systems even when developers use the trust_remote_code=false setting, which is meant to block remote code execution. The attack works by hiding malicious instructions in a fake configuration parameter called _attn_implementation_internal that looks like a normal internal setting, leaving no warning messages or traces. This vulnerability affects versions 4.56.0 through 5.2.x and is particularly dangerous because the Transformers library is downloaded millions of times per week and used widely in enterprise environments.
Endava, a global technology services company, transformed its software delivery by adopting AI agents (AI systems that can autonomously perform tasks) as a core part of daily work across all business functions, not just engineering. The company made OpenAI its enterprise platform and embedded AI throughout its entire DavaFlow lifecycle (their software development process), from requirements gathering to deployment, which accelerated delivery and reduced manual work. Key to their success was treating AI adoption as a behavior change requiring leadership commitment and hands-on experimentation, rather than simply rolling out new software tools.
Hackers discovered a way to take over Instagram accounts by tricking Meta's AI support chatbot into resetting passwords for accounts that weren't theirs. The attacker would use a VPN (a tool that masks your location) to hide their location, then convince the chatbot to send a password reset code to an email address they controlled, allowing them to take over the victim's account. Meta said the specific exploit was fixed, but security experts warned that chatbots are fundamentally unreliable for account security tasks.
OpenAI is rolling out an improved memory system called "Dreaming" for ChatGPT that automatically learns user preferences and context from conversations over time, addressing problems with older memory features that became outdated or incorrect. Unlike the previous "saved memories" system that only worked when users explicitly asked ChatGPT to remember something, Dreaming runs in the background to continuously synthesize and update memories from chat history, making ChatGPT more personalized without requiring manual input. Users can view and edit their stored memories through a memory summary page, and this update is being released to Plus and Pro users in the US with broader rollout planned.
Silicon Valley tech companies spent tens of millions of dollars on California political campaigns to influence candidates and gain regulatory leverage, particularly to fight against AI regulation and taxation while promoting AI growth. The tech industry views having favorable candidates in office as essential to maintaining business dominance and avoiding restrictions on their operations.
OpenAI CEO Sam Altman is meeting with U.S. lawmakers and Trump administration officials in Washington, D.C. to discuss a new executive order requiring AI companies to voluntarily give the government access to their models for up to 30 days before release. Altman publicly supports the order, saying it strikes the right balance between developing safe AI models and providing cybersecurity tools to trusted defenders.
Morgan Stanley is opening its wealth management platforms (ShareWorks and Equity Edge) to AI agents (autonomous software that can make decisions and take actions without human input) from corporate clients, allowing these agents to access data directly without using traditional human-focused interfaces. The bank plans to expand this access to 3,400 clients by next year, using the Model Context Protocol (an open-source standard that lets AI models connect to data sources). This move reflects Wall Street's shift toward AI agents handling tasks that software users currently perform manually.
Willow, an Israeli startup, launched a platform that manages identity and access for AI agents (autonomous systems that perform tasks independently) in enterprises, securing tools like Claude and ChatGPT through centralized control. The platform assigns verified identities to each AI agent, restricts which systems they can reach using least-privilege access (allowing only the minimum permissions needed), and detects unauthorized AI usage across a company's network. With $7 million in funding, Willow aims to let companies safely deploy AI agents without giving them unrestricted access to sensitive systems and data.
AI is making it faster for attackers to turn newly discovered vulnerabilities into working exploits, with exploitation timelines shrinking from days or weeks to just hours. Security teams are overwhelmed with too many vulnerability alerts to handle, so they need to focus on identifying which exposures actually matter by evaluating reachability (can attackers access it?), exploitability (can it be compromised?), and business impact. To address this, organizations should use AI-powered scanning tools to find complex attack chains and prioritize vulnerabilities based on real-world risk rather than just volume.
Fix: The source mentions that organizations should use Wiz Attack Surface Management (ASM), which combines external visibility of internet-facing assets with internal cloud context to help identify and reduce critical exposures. However, the text is cut off and does not provide specific implementation details or complete mitigation steps beyond recommending this tool approach.
Wiz Research BlogFix: Cisco has addressed the SSRF vulnerability in Unified CM and Unified CM SME Release versions 14SU6 and 15SU5.
The Hacker NewsResearchers discovered a critical vulnerability in Google's Gemini voice assistant where attackers could inject malicious commands through messaging notifications (WhatsApp, Slack, SMS) using a technique called Fake Context Alignment, allowing them to control smart home devices, make calls, and manipulate the assistant without the user knowing. The attack exploited prompt injection (tricking an AI by hiding instructions in its input) by embedding hidden commands in foreign languages or muted links that Gemini would process but not read aloud. Google patched the vulnerability in November 2025 with content classifier improvements (software filters that categorize and block harmful content).
Fix: Google patched the vulnerability in mid-November 2025 with content classifier improvements.
SecurityWeekMajor AI company leaders, including those from Anthropic, OpenAI, and Microsoft, have sent an open letter to US lawmakers calling for stronger rules to prevent their AI systems from being used to develop biological weapons. They argue there is a serious gap in biosecurity (protections against biological threats) that could allow people to use AI to help create dangerous genetic material for harmful purposes, potentially causing a global pandemic.
Fix: The vulnerability was silently patched in Transformers version 5.3.0, released on March 3. Users should update to this version or later to receive the fix.
CSO OnlineFix: Instagram spokesperson Andy Stone stated that 'the issue was now fixed' on Monday.
Schneier on SecurityMajor AI companies like Anthropic and OpenAI are expanding access to frontier AI models (cutting-edge AI systems) for vulnerability discovery tools like Claude Mythos, which can identify security weaknesses in software. Security experts warn that these tools are becoming cheaper and more capable, and that attackers are already using similar AI systems, so organizations need to prepare for more advanced threats including the ability to chain together multiple medium-severity vulnerabilities into high-impact attacks.
Fix: According to Paul Chichester from the UK's National Cyber Security Centre, "Organisations should improve cybersecurity by hardening access controls and running incident response exercises." Additionally, organizations should "use AI to write better code and look for vulnerabilities" themselves, and ensure their teams can "rapidly validate, prioritize, and remediate the issues being discovered before attackers find them first."
CSO OnlineA vulnerability in Google Gemini's Android voice assistant could be hijacked through poisoned notifications from apps like WhatsApp or Slack, allowing attackers to manipulate what Gemini says, open windows, fake messages, or launch apps without needing malicious software on the phone. The attack works by treating hostile notification text as instructions the assistant should follow. Google has already patched this vulnerability, and there is no evidence it was exploited in the real world.
Fix: Google has since patched it.
The Hacker NewsElon Musk's AI company xAI is asking a court to force four people who claim Grok (an AI chatbot) was used to create sexual deepfake images of them to reveal their real names in a lawsuit, despite their concerns about harassment and privacy. The plaintiffs, currently identified by pseudonyms like "South Carolina Doe," say they already suffered emotional distress from the deepfakes, including one targeting a child, and fear further harm if their identities become public.
A UK Labour MP is suing Elon Musk's AI company after its Grok tool (a generative AI chatbot) was used to create non-consensual sexualized images of her, part of a broader problem of fake intimate images being generated and shared on X. The MP described seeing herself depicted in inappropriate ways without permission as deeply violating.
Google's new Gemini AI agent called Spark demonstrates impressive capability by accessing personal information like pet names and family members' identities without users explicitly sharing them, raising privacy concerns. The article argues that while AI companies promote these tools as solutions to improve productivity, they may be missing more important societal problems that actually need fixing.
A former police officer named Christi Hill was falsely identified on social media and AI platforms, including Grok (an AI chatbot), as being involved in an arrest related to a murder case, forcing her to go into hiding. The false identification spread across multiple platforms, demonstrating how AI systems can amplify misinformation by misidentifying people in real-world situations.