New tools, products, platforms, funding rounds, and company developments in AI security.
Anthropic published documentation explaining how they use multiple containment techniques to restrict what Claude can do across their products. They use process sandboxes (isolated execution environments), virtual machines (complete simulated computers), filesystem boundaries (limiting file access), and egress controls (preventing unauthorized data transfer) to prevent AI agents from accessing credentials, exfiltrating data (stealing information), or reaching unintended systems, even if a user, the AI model, or an attacker tries to find workarounds.
Fix: Anthropic implements containment through: gVisor for Claude.ai, Seatbelt (macOS) and Bubblewrap (Linux) for Claude Code, and full VMs using Apple's Virtualization framework (macOS) or HCS (Windows) for Claude Cowork. They also prevent credentials from entering sandboxes in the first place, ensuring they cannot be exfiltrated regardless of how an agent tries to access them.
Simon Willison's WeblogResearchers discovered Greyvibe, a Russia-aligned crime group that uses large language models (LLMs, AI systems trained to generate text) extensively throughout its cyberattacks against Ukrainian targets, including government and military organizations. The group has used generative AI to create spear phishing emails (fraudulent messages pretending to come from trusted sources), malicious scripts, and custom malware programs like PhantomRelay and LegionRelay (remote access trojans, or RATs, which are tools that let attackers control compromised computers). Greyvibe has conducted multiple campaigns since August 2025 using various attack methods, from fake websites to ClickFix-style attacks (tricks that convince users to run malicious commands on their computers).
A cybersecurity researcher named Nightmare Eclipse and Microsoft had a public conflict over responsible disclosure practices, with the researcher publishing vulnerability details after claiming Microsoft ignored his reports, while Microsoft argued that uncoordinated disclosures (releasing bug information before patches are available) create unnecessary risk for users. Tom Gallagher, a Microsoft security executive, acknowledged the debate over whether current patching practices fit today's landscape but stated the company is not currently changing its policies, though it will continue to evaluate them.
Attackers are abusing ChatGPT's share feature (which lets users publish rendered content on legitimate OpenAI URLs) to display fake outage pages that trick users into downloading malware disguised as the ChatGPT desktop application. The "LLMShare" campaign uses Google ads to direct people to these malicious shared pages, which appear to come from OpenAI's domain but actually deliver malware-infected downloads through a fake installation portal.
The Linux Foundation is promoting DNS-AID, a new standard that allows AI agents (autonomous programs that can act independently) to find and communicate with each other using DNS (the system that translates website names into IP addresses) instead of requiring separate proprietary registries. DNS-AID enables agents and MCP (Model Context Protocol, a standard for how agents exchange information) servers to use the existing internet infrastructure as a vendor-neutral directory, with domain owners creating a special DNS address at _index._agents.{domain} as a discovery point.
Anthropic, an AI company, recently achieved a $965 billion valuation after securing $65 billion in funding, and analyst Dan Ives believes investor interest in AI is far from peaked and will expand to data layer companies (companies that manage and organize data). Ives predicts a major market rally with several large public offerings planned for 2026, though some analysts warn this could signal a market peak similar to the dot-com bubble of the late 1990s.
Braintrust, an AI observability company, uses Codex (OpenAI's code-generation AI model) to quickly turn customer feature requests into working preview branches in minutes, with half the team adopting it within one month. The speed of Codex enables faster feedback loops with customers and allows engineers to test ideas in real time rather than letting requests sit in a backlog. Codex's ability to handle large amounts of text output without slowing down makes it more effective than other models for this workflow.
Boston Children's Hospital integrated AI (artificial intelligence) across its entire organization as a core part of clinical and operational work, rather than treating it as a separate experiment. By building an enterprise AI layer (a shared, secure internal AI system used across teams) and redesigning workflows in areas like supply chain and surgical scheduling, the hospital has diagnosed over 40 previously unresolved rare conditions, saved approximately 60,000 hours of staff time, and enabled more than one-third of employees to use AI daily in their work.
Film director Gareth Edwards publicly endorsed generative AI (software that creates content like images or text from descriptions) for movie-making at an Amazon event, comparing it favorably to traditional CGI (computer-generated imagery) and calling it a tool as fundamental as a camera. Edwards argued that filmmakers have no reason to avoid adopting AI since it can help with creative work and will eventually surpass CGI in quality.
Adobe's Firefly AI Assistant is a conversational AI agent designed to automate tasks within Adobe's design software while keeping users in control of the creative process, unlike traditional AI image generators that work independently. The assistant acts as a multitasking middleman that can operate design apps on behalf of users, though early testing suggests the results are not particularly impressive despite the tool's thoughtful approach to preserving creative control.
In 2023, the SEC required public companies to disclose cybersecurity risk management in their annual filings, prompting an analysis of the top 200 S&P companies' cybersecurity leadership structures. The analysis found that Chief Information Security Officers (CISOs) lead cybersecurity at over 70% of companies with an average of 23 years of experience, most commonly reporting to the Chief Information Officer, while the Audit Committee oversees cybersecurity at about 60% of companies, and the NIST Cybersecurity Framework (a set of best practices for managing cyber risks) is the most referenced security standard.
Big tech companies are legally challenging GDPR (General Data Protection Regulation, Europe's data protection law) fines, with nearly 40% of the €7.1 billion in fines announced over eight years either annulled or under appeal. While GDPR successfully established a global 72-hour breach notification standard (the requirement that organizations tell people within three days if their data is stolen), experts note the framework has structural weaknesses that companies exploit in court, and upcoming AI regulations may face similar challenges.
Pope Leo XIV released a major teaching warning about AI's harms, including job displacement, accelerated warfare, and environmental exploitation. Anthropic co-founder Chris Olah spoke at the Vatican ceremony, which some experts criticize as potentially creating superficial 'feelgood' messaging rather than substantive critical examination of AI risks.
ChatGPhish is a vulnerability in ChatGPT that allows attackers to embed malicious instructions in web pages, which ChatGPT then processes and renders as clickable phishing links and images inside its trusted interface when users ask it to summarize the page. The vulnerability works because ChatGPT automatically trusts and fetches Markdown links and images from summarized web pages, potentially leaking user information like IP addresses or tricking users into scanning malicious QR codes that bypass desktop security filters.
Elon Musk's social media post about SpaceX's deal with AI company Anthropic contradicts details in SpaceX's IPO (initial public offering, when a private company sells shares to the public) filing, creating confusion for investors. The filing says Anthropic will pay SpaceX $1.25 billion per month through May 2029, but Musk claimed the lease is only 180 days with a 90-day cancellation option, potentially worth far less. This discrepancy matters because it affects how much revenue SpaceX can expect from this new compute capacity (computing power) business.
An attacker exploited CVE-2026-39987, a critical vulnerability in Marimo (a notebook software) that allows unauthenticated remote code execution, to break into a system and then used an LLM agent (an AI system that can plan and execute tasks autonomously) to steal cloud credentials and database information. The attacker's use of an AI agent made the attack more flexible and adaptive compared to traditional scripted attacks, allowing it to handle unexpected obstacles in real-time.
Fix: The vulnerability CVE-2026-39987 was addressed in Marimo version 0.23.0, released in April 2026. All versions prior to and including 0.20.4 are affected and should be updated to version 0.23.0 or later.
The Hacker NewsThe European Union wants to increase discussions with the U.S. about advanced AI models that have cyber capabilities, particularly after Anthropic's Mythos model (a very powerful AI system) raised concerns about AI-powered cyberattacks. The EU has not yet received access to preview Mythos, and the White House has opposed expanding access to the model beyond the U.S. due to security concerns, though Anthropic says it is developing safeguards and expects to release Mythos-class models to customers within weeks.
Fix: Anthropic stated that 'Models of Mythos' capability require strong cyber safeguards before they can be generally released' and 'We're making swift progress on developing these safeguards and expect to be able to bring Mythos-class models to all our customers in the coming weeks.' No specific technical safeguards or implementation details are described in the source text.
CNBC TechnologyEmployees are using AI-driven development platforms (vibe coding, where non-programmers build working applications by describing what they want) to quickly build custom applications and connect them to company systems, then publish them on the public internet without involving security teams or implementing basic access controls. A study found over 2,000 such exposed applications containing sensitive data across major companies, sitting unprotected because traditional security tools like EDR (endpoint detection and response, software that monitors what happens on company devices) and DLP (data loss prevention, software that blocks sensitive information from leaving the company) were designed to catch different types of threats and don't detect these cloud-to-cloud connections or applications built in web browsers.
Organizations are rapidly adopting unauthorized AI tools without proper security oversight, creating 'shadow AI' (unsanctioned AI use that bypasses governance controls) that exposes sensitive data and creates new attack surfaces. Traditional security tools like firewalls and Zero Trust architecture (a security model that requires verification for every access request) cannot detect AI-specific threats such as prompt injection (tricking an AI by hiding malicious instructions in its input), leaving companies vulnerable to data leaks, compliance failures, and attacks that exploit AI systems.
Fix: CrowdStrike Falcon AI Detection and Response (AIDR) is designed to provide visibility, control, and protection for AI-driven environments and can identify and stop AI-specific threats such as prompt injection.
CrowdStrike BlogOpenAI is launching Rosalind Biodefense, a program that gives vetted developers access to GPT-Rosalind (a reasoning model trained for life sciences) to build defensive tools against biological threats like pandemics. The company is also expanding trusted access to this model for select U.S. government and allied partners working on public health and biodefense, supported by safety measures like capability assessments, expert red teaming, and security controls to prevent misuse.