New tools, products, platforms, funding rounds, and company developments in AI security.
Microsoft announced new AI initiatives at its Build conference, including in-house reasoning models (AI systems designed to work through problems step-by-step) and AI agents (software that can perform tasks autonomously), signaling it is moving toward independence in the AI market. The company's partnership with OpenAI, which previously dominated Microsoft's AI strategy, effectively ended in late April, though Microsoft still provides cloud computing services (the remote servers that store and process data) to OpenAI.
Director Martin Scorsese announced he invested in and advises Black Forest Labs, a company that creates text-to-image generative AI (AI that produces images from written descriptions), which he uses to make storyboards (visual plans for film scenes). This decision has caused backlash from other film industry professionals, though Scorsese defends the practice by saying it helps him communicate his creative vision to actors and crew more quickly.
Meta is launching Meta Business Agent, an AI tool that helps businesses of any size respond to customer questions, recommend products, and book appointments through WhatsApp, Messenger, and Instagram. The feature will be available through a paid subscription tier as Meta tries to reduce its dependence on advertising (which currently makes up 98% of its revenue) and compete with other AI companies like OpenAI and Google.
Uber has implemented a $1,500 monthly spending cap per employee on agentic coding tools (AI systems that can independently write and execute code, like Claude Code and Cursor) to control costs after exhausting its 2026 AI budget in just four months. The policy limits spending on each tool separately, meaning an employee can spend up to $1,500 on one tool and another $1,500 on a different tool, which works out to roughly 11% of a typical software engineer's yearly salary in AI tool costs.
Wasmer engineers used Codex (an AI code generation tool) to build Edge.js, a JavaScript runtime that runs Node.js workloads inside WebAssembly (a low-level code format that runs in sandboxes for security and portability). What would have taken one year to build was completed in two weeks, allowing a small team to tackle a project previously only feasible at large companies.
Microsoft has released new security tools to control autonomous AI agents (software programs that can independently take actions like accessing files and running code) as companies adopt them in development workflows. The main offering is Microsoft Execution Container (MXC), a sandbox (an isolated environment that restricts what a program can do) that lets developers set boundaries on what resources and files agents can access. Microsoft also updated MDASH (a vulnerability research system using multiple AI agents to find security flaws) and introduced open-source governance tools to address risks from agents having too much autonomy.
OpenAI, the company behind ChatGPT (a conversational AI system), is facing competitive pressure as rival AI companies race to go public through IPOs (initial public offerings, where companies sell shares to the public for the first time) and raise large amounts of investment money. The article notes that OpenAI's CEO Sam Altman has scaled back earlier predictions about building super intelligence and reshaping society, and the company has struggled to generate revenue from ads and specialized chatbots.
OpenAI has published its public policy agenda centered on ensuring that artificial general intelligence (AGI, highly capable AI systems that can perform many tasks) benefits all of humanity through five core principles: democratization, empowerment, universal prosperity, resilience, and adaptability. The document outlines OpenAI's policy priorities, including a focus on frontier AI safety (protecting against risks from the most advanced AI models, particularly regarding CBRN weapons like cyber or biological threats) and support for state and federal frameworks that emphasize transparency, safety incident reporting, and developer accountability.
This document proposes a strategy for the U.S. government to create lasting institutions that oversee frontier AI (the most advanced AI systems being developed). The plan has three main parts: build a national framework based on state laws already in place, strengthen CAISI (the federal organization responsible for frontier AI safety) as the main federal institution, and develop a broader government-wide plan to address national security and public safety risks from advanced AI.
The UK's Competition and Markets Authority has ruled that Google must allow website publishers to opt out of AI Search features, including AI Overviews (summaries generated by AI) and prevent their content from being used to train Google's AI models. This new rule gives publishers, especially news organizations, more control over how their content is used by AI systems.
A new vulnerability called HTTP/2 Bomb affects major web servers like NGINX, Apache, Microsoft IIS, Envoy, and Cloudflare by combining two attack techniques: a compression bomb (exploiting HPACK, HTTP/2's header compression scheme) and a Slowloris-style hold (a denial-of-service attack that keeps many connections open). A single attacker on a home internet connection can exhaust a vulnerable server's memory and make it inaccessible within seconds.
OpenAI introduced an updated GPT-Rosalind model designed specifically for life sciences research at enterprise scale, combining advanced coding abilities with stronger performance in drug discovery areas like medicinal chemistry and genomics. The update was evaluated using LifeSciBench, a new benchmark that tests AI performance across six key research workflows including evidence analysis, scientific reasoning, and experimental design. The content also includes detailed technical feedback on limitations in a micro-dystrophin research study, with specific recommendations for improving experimental methods.
Fix: For the micro-dystrophin expression study's identified problems, the source explicitly recommends: (1) for Western blot quantification, "use a recombinant micro-dystrophin standard and an orthogonal method that distinguishes transgene from endogenous dystrophin, such as targeted mass spectrometry or a transgene-specific/epitope-specific assay"; (2) for immunofluorescence, "repeat IF with an antibody against an epitope present in the transgene but absent from revertant dystrophin" and "quantify transgene-positive fibers separately from revertant fibers"; (3) for surrogate endpoint validity, "empirically validate the relationship between micro-dystrophin mass-percent, sarcolemmal localization, downstream functional restoration, and clinical benefit before treating expression as a surrogate endpoint"; and (4) for biopsy design, use matched bilateral sampling strategies that account for spatial variability and disease progression.
OpenAI BlogA security study of 100 AI agents found that only 11 are both capable and well-defended, with 98% suffering from the 'lethal trifecta' (private data access combined with exposure to untrusted content combined with ability to take outbound actions, creating too much power with too little control). Computer agents and coding agents pose the greatest security risks because they have wide system access and users cannot see or reliably control what actions they actually take between receiving a task and completing it.
Fix: Uber instituted monthly spending limits of $1,500 per employee per AI coding tool. According to the source, these limits 'have been instituted in recent months' and apply specifically to agentic coding software such as Cursor and Claude Code, with separate budgets maintained for each tool.
Simon Willison's WeblogGoogle Gemini's voice assistant had a prompt injection flaw (a vulnerability where attackers hide malicious instructions in input data) that allowed attackers to embed harmful commands in notifications. This could trick users into performing unwanted actions through social engineering (manipulating people into revealing information or taking harmful actions).
Fix: Microsoft Execution Container (MXC) is positioned as the primary mitigation. According to the source, "MXC is a sandboxed code execution system for running untrusted code (model output, plugins, tools) on Windows, Linux, and macOS" that "provides multiple containment backends — from OS-native process sandboxes to full VMs — behind a unified JSON configuration schema and TypeScript SDK." The source states MXC is "a policy-driven execution workflow that lets developers specify what an AI agent can access, such as files, networks, resources, credentials, and then enforces those boundaries at runtime." Integration with Agent 365 will bring additional controls from Defender, Entra, Intune, and Purview to agent environments.
CSO OnlineSam Altman, CEO of OpenAI, has been invited by French President Macron to attend the G7 conference in June 2026, where AI is expected to be a major topic of discussion. OpenAI plans to focus on youth safety, frontier AI risks (particularly cyber and biological threats), and getting tech companies to make voluntary commitments to responsible AI development. This invitation is part of Macron's broader effort to attract major tech companies and investment to France's AI infrastructure.
Public marketplaces for AI skills (specialized add-ons that extend AI agent capabilities) are being flooded with malicious skills that steal passwords and data. Security companies have released skill scanners to detect these threats, but researchers found that these scanners are easy to bypass, sometimes in under an hour, because they rely on static detection methods that attackers can repeatedly modify to evade.
Fix: OpenAI supports state-level legislative efforts such as California SB 53, the New York RAISE Act, and Illinois SB 315, which emphasize transparency, public reporting around catastrophic-risk evaluations and safety incidents, whistleblower protections, and enforceable accountability for developers. OpenAI also supports Congressional action to establish a comprehensive federal framework that leverages state frontier safety laws, strengthens the Center for AI Standards and Innovation (CAISI) as the primary federal institution for frontier AI safety, and mobilizes a broader resilience plan across government to address national security and public safety challenges.
OpenAI BlogAI systems, particularly agentic AI (autonomous software that makes decisions and takes actions with minimal human oversight), are creating new security risks in enterprises by operating across systems at machine speed and collapsing traditional security boundaries. Security leaders now have board-level urgency and increased budgets to address these threats, though organizations still lack reliable ways to monitor what these AI agents are accessing and whether their actions align with company policies.
Google is rolling out a new Android security feature called 'fake call detection' that protects users from AI deepfake scam calls where scammers impersonate someone's contacts. The feature works by having a user's device send an encrypted confirmation signal when receiving a call, and if that signal is missing, it pings the actual contact's phone to verify the call is real, warning the user to hang up if the contact's device confirms they're not calling.
Fix: Google's mitigation is built into the new 'fake call detection' feature, which is rolling out globally this month to Android 12 and later devices (starting with Pixel devices) and enabled by default. The feature requires Phone by Google, Contacts, and Google Messages (with RCS, or Rich Communication Services, enabled) to be installed. Google also stated: 'If your device uses a different app, you can install Phone by Google from the Play Store and set it as your default phone app to help protect yourself from fake calls.'
BleepingComputerFix: NGINX: Upgrade to version 1.29.8 or later, which adds the max_headers directive with a default of 1000. Alternatively, disable HTTP/2 with http2 off;. Apache HTTPD: Upgrade mod_http2 to version 2.0.41 or later. Alternatively, set Protocols http/1.1 to disable HTTP/2. Microsoft IIS, Envoy, and Cloudflare Pingora: No patch available as of the article's writing date.
The Hacker NewsAnthropic expanded its Project Glasswing (an AI-based vulnerability hunting initiative that finds security bugs in software) to 150 more companies, especially those in critical infrastructure like power and healthcare. However, security experts warn this creates a bottleneck problem: if AI finds vulnerabilities 10 or more times faster than before, companies may not be able to validate, prioritize, patch, and deploy fixes quickly enough, potentially overwhelming security teams rather than actually improving defense.
Palo Alto Networks CEO Nikesh Arora reported a surge in customer meetings, with the company fielding roughly 1,200 inquiries in recent weeks from organizations seeking guidance on AI security risks. The article notes that AI-powered attacks are becoming more sophisticated, making cybersecurity more important for companies, and that earlier investor concerns about AI disrupting cybersecurity companies appear to have been overblown.