New tools, products, platforms, funding rounds, and company developments in AI security.
A $27 million political campaign between AI companies Anthropic and OpenAI, fought through a super PAC (a political organization that can raise unlimited funds), ended without a clear winner when Alex Bores, a New York politician who had authored AI safety legislation, narrowly lost a Democratic primary election. Bores had previously passed the RAISE Act, which added safety requirements for advanced AI companies, but this legislation upset the pro-AI super PAC that opposed him.
OpenClaw, an AI skills marketplace called ClawHub, discovered and removed five malicious packages that had bypassed security checks despite containing infostealers (malware that steals information like passwords and data). This incident demonstrates that threats can slip through marketplace defenses and compromise the AI supply chain (the network of tools and components used to build AI systems).
Figma announced new AI-powered design features at its Config conference, including AI-generated motion graphics (animations created by describing them to an AI chatbot) and coding layers that let developers edit code without leaving the design canvas. These updates aim to help creative teams automate repetitive tasks and work more efficiently in one integrated workspace.
OpenAI and Broadcom unveiled Jalapeño, OpenAI's first custom AI chip designed for inference (the process of running trained AI models to generate responses for users). The chip is an ASIC (application-specific integrated circuit, a processor built for one particular job rather than general computing), which is cheaper and more efficient than standard graphics processors but less flexible, and OpenAI designed it in nine months with help from its own AI models to address extreme demand for computing power.
OpenAI has announced a new chip called Jalapeño, an ASIC (application-specific integrated circuit, a processor designed for one particular job) built with Broadcom to power AI servers. The chip is specifically designed for AI inference (the process where a trained AI model processes user requests and generates responses), rather than AI training (where models learn from large amounts of data).
Intercept, a new nonprofit backed by Stripe, Anthropic, and OpenAI, has been funded with $500 million to develop ways to prevent respiratory infections like the common cold and flu. The organization will pursue multiple approaches, including vaccines, RNA drugs (medicines made from genetic material), antibodies (proteins that fight viruses), and large-scale air-cleaning systems using ultraviolet light to inactivate viruses in shared spaces like schools and offices.
AI systems need access to large amounts of current, structured data to work effectively, but the web was not designed for the automated data retrieval that AI applications require. Companies face a challenge: traditional training methods using old data snapshots are insufficient, and they need infrastructure that can continuously retrieve real-time, trustworthy information from millions of websites to keep AI outputs current and reduce hallucinations (when AI generates false information).
This article discusses how AI is being used to create 'reverse centaurs' (humans forced to serve as assistants to machines rather than being assisted by them), such as warehouse workers meeting algorithm-set targets or lawyers checking AI outputs like Gemini (a large language model, or LLM, made by Google). The author argues that despite tech leaders' warnings about AI's dangers, the real promise being sold is job elimination and loss of human autonomy, which benefits those in power.
OpenAI and Broadcom have unveiled Jalapeño, a specialized AI accelerator chip (a processor designed to speed up artificial intelligence computations) built specifically for LLM inference (the process of running trained AI models to generate outputs). Early testing shows the chip delivers significantly better performance per watt (computational power relative to energy use) than current alternatives, and it will be deployed in data centers starting in 2026.
Google has added computer use, a capability that allows AI agents to see and interact with computer screens to perform tasks, directly into Gemini 3.5 Flash (an AI model). This feature enables developers to build agents that can automate work across browsers, phones, and desktops, such as testing software or handling business tasks.
Fix: To mitigate prompt injection risks (attacks where malicious instructions are hidden in user inputs), Google uses targeted adversarial training for computer use in Gemini 3.5 Flash. The company also released two optional enterprise safeguard systems: one that requires explicit user confirmation for sensitive or irreversible actions, and another that automatically stops tasks if an indirect prompt injection is identified. The source recommends combining these features with secure sandboxing, human-in-the-loop verification (having humans review AI decisions), and strict access controls.
DeepMind Safety ResearchAI systems in businesses are shifting from passive assistants that answer questions to active agents that take real actions like retrieving data, calling APIs (application programming interfaces, which let software communicate with other software), and executing workflows. This change requires a new approach to security, moving beyond simple data governance rules about what employees can share with AI tools.
Agentic AI (autonomous AI systems designed to achieve specific goals) relies heavily on having accurate context (the complete information about your systems, assets, and threats) to make good security decisions. If given incomplete or wrong context, agentic AI will still act quickly and confidently but make bad decisions at machine speed, potentially causing catastrophic harm like shutting down critical business systems without understanding their importance.
Meta paused an employee monitoring program called the Model Capability Initiative that tracked workers' keystrokes, mouse clicks, and screen content to collect data for training AI models (computer programs that learn patterns from data). After over 1,600 employees signed a petition and a security report revealed the collected data was accessible to anyone inside the company, Meta confirmed it was pausing the program while investigating potential privacy breaches.
Fix: Meta stated: 'We're pausing it while we investigate.' The company also noted it had 'carefully designed this program with privacy safeguards,' though no explicit fix, remediation steps, or timeline for resolution beyond the pause was mentioned in the source text.
The Guardian TechnologyAdvanced AI agents (agentic models, which are AI systems that can autonomously test and execute code) emerging in 2026 are compressing the time between discovering a vulnerability and launching attacks from weeks to seconds, making traditional security catalogs obsolete. These AI-powered attackers can now move laterally across converged IT and OT (operational technology, the systems controlling physical infrastructure like factories) networks at machine speed, potentially causing physical damage before humans even detect the breach.
Malware developers are embedding forbidden text about weapons into spyware code to trick AI analysis tools into refusing to analyze it. The malicious code hides real instructions in comments (lines ignored by the computer) and uses obfuscation (making code hard to read) to confuse AI-powered security scanners that feed code directly to language models without treating it as untrusted input.
Researchers demonstrated that a malicious AI agent skill (a reusable tool that extends an AI agent's capabilities) passed security scanners and reached 26,000 users by exploiting a gap in how skills are reviewed. The attack worked by hiding malicious instructions behind a fake website domain that redirected to a legitimate site during security checks, then changed its content after approval to collect user data, showing that one-time security scans cannot detect skills that behave differently after they gain trust.
As organizations increasingly adopt AI across their operations, they face growing security challenges because AI systems touch critical infrastructure and data in complex ways. AI security posture management (AI-SPM, tools that monitor and assess the security of AI models, data, and applications) has emerged as an important category to address these risks, especially since many enterprises run AI agents without proper security oversight or governance strategies. Security teams need to carefully evaluate AI-SPM tools to match their organization's maturity level and avoid duplicating existing security tools or leaving coverage gaps.
AI agents deployed in organizations need access to sensitive systems, but current OAuth tokens (standardized digital credentials that verify identity and permissions) cannot properly track both the agent's identity and the user it represents, making it impossible to enforce proper access controls or detect misuse. The problem grows as agents become more autonomous and can act on behalf of multiple users, invoke other agents, and operate without human oversight. OAuth tokens were designed for single-principal scenarios (one actor), but AI agents operate in complex multi-principal situations that the industry has not yet standardized.
Anthropic's Mythos AI model identified vulnerabilities in classified U.S. government computer systems within hours during a security testing initiative called Project Glasswing, according to a U.S. official. The testing was conducted in cooperation with U.S. intelligence agencies to assess potential security risks the model could pose. In response, the Trump administration issued a directive requiring Anthropic to prevent foreign nationals from accessing its latest models (Fable 5 and Mythos 5), and Anthropic disabled these models for all customers to comply.
Fix: Anthropic disabled the Mythos and Fable models for all of its customers to comply with the Trump administration's directive requiring the company to prevent foreign nationals from using its latest artificial intelligence models, known as Fable 5 and Mythos 5.
SecurityWeekMeta paused an employee monitoring program called the Model Compatibility Initiative (MCI) after employees bypassed its security protections to access restricted data, and then did so again even after Meta claimed to fix the vulnerability. The program collected sensitive data including keystrokes, mouse movements, screen content, private conversations, and performance information to train AI models. Security experts criticized Meta for deploying inadequate access controls (security measures that limit who can view data) on such highly sensitive information, even though the company had the resources to implement stronger protections.
Fix: According to Meta vice president Stephane Kasriel, the unauthorized access discovered on June 18 was closed "within four hours," but "the initial fix didn't stick, and access to the data had to be further locked down." Meta stated in an email that the program is "pausing it while we investigate."
CSO Online