New tools, products, platforms, funding rounds, and company developments in AI security.
A LayerX Security report shows that enterprise AI risk is not spread evenly across workers but is concentrated among a small group of "power users" (employees who use AI much more frequently and deeply than average) and a few dominant platforms like ChatGPT and Copilot. While most employees use AI casually, the top 5% of users generate far more AI conversations and sensitive data exposure, and AI tools are fragmenting across many unmanaged platforms like personal accounts and browser extensions, making it hard for organizations to see and control where their data goes.
Nebius, a cloud provider that supplies GPUs (graphics processing units, the specialized chips used to train AI models), saw its stock rise after a hedge fund founded by a former OpenAI researcher disclosed a 5.6% ownership stake in the company. Nebius has become a major provider of AI computing infrastructure in Europe, recently securing major partnerships including a $27 billion deal with Meta and a $2 billion investment from Nvidia.
Mistral AI, a French startup competing with OpenAI and Anthropic, is exploring the design of its own semiconductor chips to reduce costs and gain more control over its infrastructure, though it currently relies on Nvidia chips. The company is also expanding data centers in France and Sweden, and launching a new enterprise platform called Vibe that uses agentic AI (systems that can autonomously complete tasks like coding and drafting) to help customers with work tasks.
A robot named Lightning recently broke the human world record at a Beijing half marathon, sparking interest in whether robots are about to become common in everyday life like chatbots have. China is leading robotics development with over £100 billion in planned government investment over the next 20 years, and researchers are working on giving robots human-like abilities so they can eventually perform tasks like cleaning homes and weeding gardens.
MUFG, one of Japan's largest financial groups, is partnering with OpenAI to become an AI-native company (an organization where AI is integrated into everyday work processes) by rolling out ChatGPT Enterprise to approximately 35,000 employees at Mitsubishi UFJ Bank starting in 2026. The bank chose ChatGPT Enterprise for its broad applicability and enterprise-grade security (security features designed for large organizations), and paired the technology rollout with mandatory employee training, custom workshops, and guidance to help workers understand how to use AI confidently and in compliance with financial regulations.
Cybercriminals are increasingly using data theft and extortion without encryption (ransomware, a type of malware that locks files until payment is made), shifting from the 90% encryption rates seen in 2021-2024 to just 78% in 2025. This change is driven by better backup systems, stricter regulations like GDPR's 72-hour reporting requirement, and the fact that data exposure alone now costs organizations an average of $5.08 million in fines and lawsuits. Threat actors are particularly targeting mid-sized firms in Professional Services, Healthcare, and Construction, focusing on valuable business data like financial records and bids.
OpenAI and Anthropic have shifted their enterprise pricing models away from discounted per-seat plans to usage-based API pricing (paying for every token, a unit of text processed by the AI model), making enterprise costs equivalent to their public API rates. Both companies released new, more expensive AI models in April 2026 and locked enterprise customers into year-long contracts at these higher prices, suggesting they have found a profitable business model with coding agents and enterprise customers willing to pay $200+ per month per user.
Researchers discovered a malicious npm package (a collection of code shared through Node Package Manager, a repository for JavaScript libraries) called "mouse5212-super-formatter" that steals files from Claude AI users' directories. The package disguises itself as a legitimate tool but actually uploads files to a threat actor-controlled GitHub account by authenticating with stolen or hard-coded credentials during installation.
A flaw in Starlette (CVE-2026-48710), the framework that powers FastAPI, allows unauthenticated attackers to bypass authentication by sending a malformed character in a web request's Host header. The flaw tricks Starlette into parsing the request path differently than the actual server sees it, so security checks on one path may allow access to a protected route, potentially enabling SSRF (server-side request forgery, where an attacker makes the server request data from unintended locations) or even remote code execution on affected systems.
Robinhood has launched a feature allowing traders to create separate accounts for AI agents (software programs that can make decisions automatically) with dedicated funds to buy and sell stocks. The feature is designed to automate investment decisions like monitoring specific industries or rebalancing portfolios, but Robinhood warns that agentic trading carries significant risk, including potential loss of the entire investment.
SecurityWeek is hosting the 2026 AI Risk Summit on August 11-12 in Half Moon Bay, California, bringing together security leaders, AI researchers, and policymakers to discuss challenges in AI adoption and security. The conference will cover topics like securing AI systems, adversarial attacks (techniques where attackers try to fool AI models), deepfakes (AI-generated fake media), data protection in AI workflows, and AI governance and compliance.
Pope Leo XIV released an encyclical letter called Magnifica Humanitas warning that AI is not just a technical tool but a system that affects people's rights, opportunities, and freedom when used in processes impacting human lives. The letter was created in partnership with Anthropic, a major AI company, and sparked various reactions from the tech industry.
Organizations are rapidly adopting AI agents (autonomous systems that can execute tasks and make decisions without human intervention), but this creates serious security risks that traditional defenses cannot match. Threat actors are developing agentic attacks (cyberattacks powered by AI that learn and adapt autonomously) that move faster than human security teams can respond, while AI agents themselves lack the judgment to avoid harming their own enterprises. The security industry must evolve from manual fixes to automated, scaled remediation strategies to defend against machine-speed attacks.
Many organizations are deploying AI agents (autonomous software systems that make decisions with minimal human oversight) without proper observability (visibility into how they work) or governance processes, creating serious risks. The article highlights that 54% of surveyed organizations cannot fully trace what their agents are doing, and traditional security tools were designed to detect human anomalies rather than rogue agents, making them ineffective for agent monitoring.
Fix: According to the source, organizations should implement: least-privilege scoped tool permissions (limiting what actions agents can perform), policy enforcement layers that review every prompt and tool call, end-to-end tracing (detailed logs that record prompts, tool calls, and downstream actions), and tiered autonomy (giving agents free rein on low-stakes tasks while requiring human approval for consequential decisions). The source also emphasizes that organizations need centralized agent inventory and governance layers, and must collect detailed execution traces to enable transparency and make governance signals actionable.
CSO OnlineGoogle Cloud announced AI Threat Defense, a new security platform that uses AI to automatically detect and stop cyberattacks powered by AI before they cause damage. The platform combines threat intelligence, cloud security scanning, and code repair tools (powered by Google's Gemini AI model) to find weaknesses in software, predict attack paths, and deploy security fixes within minutes rather than days.
Fix: Google describes AI Threat Defense's four-step framework: (1) map environments and make sensitive assets unreachable from the internet; (2) conduct deep-dive code analysis and AI-driven testing to find vulnerabilities in internet-accessible applications and business-critical systems; (3) use AI agents to generate and test patches, with CodeMender automatically creating fixes in developers' tools at build time and tagging libraries across source control and production; and (4) implement machine-speed detection and real-time defense with consistent operational tracking. Google states this approach reduces remediation time to minutes by proactively generating verified fixes before attackers can exploit vulnerabilities.
SecurityWeekFix: OpenAI worked with MUFG on security requirements by offering concrete proposals through product improvements and updates to address security and governance barriers. Additionally, OpenAI supported the rollout through guidance for enterprise use, operational planning, product education, training programs for all employees, custom GPT workshops, and executive study sessions. MUFG also implemented mandatory AI training, requiring employees to complete e-learning before they could use ChatGPT Enterprise.
OpenAI BlogOpenAI has published a Frontier Governance Framework that describes how its safety and security practices meet new legal requirements from California and the EU, building on its existing Preparedness Framework for managing risks from advanced AI systems. The framework covers risk assessment and mitigation in areas like cyber attacks, dangerous biological/chemical/nuclear risks, manipulation, and loss of control, along with model reporting and incident response. OpenAI says it will update this framework as AI capabilities and regulations evolve.
Governments and private companies must quickly adapt their security practices as adversaries use AI to evade financial sanctions and finance weapons of mass destruction, with countries like North Korea and Iran now deploying AI models to create fraudulent documents, manage fake company networks, and hide cryptocurrency transactions. AI is making these illegal activities faster, higher quality, and more coordinated, shifting from AI-assisted evasion (using AI for individual tasks like writing emails) to AI-enabled evasion (where AI orchestrates entire deception schemes across multiple systems and channels). Enterprise IT managers face a critical challenge because traditional security boundaries designed for human attackers are being bypassed by automated technologies.
Fix: Dr. Aaron Arnold advises IT managers to protect their organizations by "incorporating defensive AI, the use of behavior-based analytics, using 'circuit breakers' when there is heavy use of API or MCPs (management control planes, systems that oversee how applications connect), updating personnel training, and hardening identity verification, especially for any remote hiring."
CSO OnlineA Cisco study found that popular AI models from OpenAI, Anthropic, Google, and others are much more vulnerable to attack when faced with multiple prompts in a conversation compared to single-prompt tests. Current safety benchmarks (standardized tests that measure how well models resist harmful requests) only test models with one prompt at a time, but real attackers use iterative techniques like role-playing, breaking tasks into smaller steps, and gradually escalating requests across multiple turns, which bypass safety guardrails far more effectively than official scores suggest.
OpenAI and other AI companies have spent millions through a political action committee to oppose Alex Bores, a New York state assemblyman who wrote AI safety regulations, inadvertently making him more famous and turning him into a prominent figure in the AI regulation debate. The article suggests this corporate spending against Bores has backfired by drawing public attention to him and the issue of who should regulate AI technology.
Fix: Starlette's maintainer released a patch through an official GitHub security advisory. Additionally, researchers created badhost.org, a website that can test whether applications are vulnerable to this flaw.
CSO OnlineAI models can now discover zero-day vulnerabilities (previously unknown security flaws) and chain exploits (combine multiple attacks together) faster than organizations can patch them, shrinking response windows from weeks to minutes. To defend effectively, organizations need to operate at machine-speed by focusing on two key areas: reducing the time to identify and fix vulnerabilities, and maintaining visibility across their entire environment including cloud, code, and software supply chains. The Wiz platform helps with this through tools like ASM (attack surface management, which maps all exposed systems and applications) and Red Agent (an AI-based security tester that finds complex vulnerabilities automatically).
Fix: The source describes Wiz's approach to addressing this threat but does not explicitly detail specific patches, versions, or technical mitigations. It recommends using Wiz ASM to reduce attack surface by identifying and remediating exposed vulnerabilities, and leveraging Wiz Red Agent as an autonomous AI-pentester to continuously uncover exploitable vulnerabilities at machine-speed. However, no concrete patching steps, version updates, or specific mitigation techniques are provided in the text.
Wiz Research Blog