New tools, products, platforms, funding rounds, and company developments in AI security.
At Google I/O, DeepMind CEO Demis Hassabis announced that Google aims to use AI to transform drug discovery and eventually solve all diseases. The article appears to be a critical analysis examining the feasibility and implications of this ambitious claim.
OpenAI and Anthropic's expected IPO valuations (both projected over $800 billion) depend on maintaining high pricing power, but cheaper AI alternatives are rapidly emerging and becoming competitive. Chinese AI labs like DeepSeek and Kimi charge a fraction of what OpenAI and Anthropic do for comparable work, and enterprises are adopting cost-reduction strategies like "advisor models" (where a cheap open-source model handles most tasks and only calls expensive frontier models when needed), causing usage of Chinese models on some platforms to jump from 1% to 60% in just one year.
OpenAI is preparing to confidentially file documents for an IPO (initial public offering, when a private company becomes publicly traded) as soon as this week, working with major investment banks like Goldman Sachs and Morgan Stanley. The company, valued at over $850 billion, is planning this public debut as part of normal strategic planning, though leadership hasn't confirmed a specific timeline.
Google has introduced a new YouTube Shorts Remix feature that uses Gemini (Google's AI model) to let users restyle or modify other people's videos. Users can transform clips into different art styles like pixel art or anime, or digitally alter content by changing appearances, adding people, or inserting themselves into videos. Creators can choose whether to allow or block others from remixing their videos.
Google is integrating its Gemini AI model into search ads, which will now display recommended products with AI-generated explanations of why you should buy them. This update is part of Google's broader shift toward AI-powered search results, including a new conversational search box and AI-generated content alongside traditional search results.
GitHub confirmed that attackers compromised an employee's device through a poisoned VS Code extension (a malicious add-on program for a code editor), leading to the theft of code from around 3,800 internal repositories. The breach was detected and contained quickly, and GitHub is investigating the incident while validating that no customer data was affected, only internal GitHub code.
1Password partnered with OpenAI to protect credentials from being leaked by AI coding agents, which are AI systems that can write and deploy software automatically. The companies created an Environments MCP Server (a module that connects different systems together) for Codex that gives AI agents access to credentials only when needed, without storing them in code, prompts, or the AI model's memory where they could be stolen. Credentials are issued just-in-time, scoped to specific tasks, and kept encrypted in 1Password's vault rather than exposed where attackers could find them.
Tech companies have long promised AI assistants but delivered disappointing results until recently, with OpenClaw, an open-source AI agent platform (software that can perform tasks autonomously), gaining popularity. Google has now announced new AI agents at I/O 2026 that can perform various tasks like gathering information and planning events, running continuously in the background with claimed seamless integration.
Anthropic patched a vulnerability in Claude Code's network sandbox (a restricted environment that controls where the AI can send data) that could have allowed attackers to bypass security controls and steal sensitive information. The vulnerability, called a SOCKS5 hostname null-byte injection issue (a trick where attackers hide a malicious server address using special characters to fool the security filter), was silently fixed in version 2.1.88 released on March 31, 2025, but was never publicly disclosed or assigned a tracking identifier.
A malicious version of Bitwarden CLI was published on npm for 90 minutes in April 2026, stealing developer credentials through a compromised GitHub Action (an automated workflow tool). The incident received a CVE (common vulnerabilities and exposures, an official vulnerability identifier), but the CVE only notified defenders after the fact rather than providing a patch to apply, highlighting how CVE has drifted from its original purpose of identifying code flaws with fixable versions to tracking security incidents.
Google announced updates to its search engine that will use AI more heavily, allowing users to ask longer, more natural questions that get answered by Google's chatbot instead of traditional search results. The company also revealed new smart glasses (wearable devices with computer capabilities) for consumers, marking its return to the hardware market over a decade after its previous glasses faced public criticism. These changes are powered by Google's new Gemini 3.5 AI model.
AI agents (autonomous systems using LLMs to solve problems) create security risks because LLMs are unpredictable and vulnerable to prompt injection (tricking an AI by hiding instructions in its input), so they can make harmful decisions with confidence. The solution is to place authorization controls (decisions about which actions are allowed) at the boundary where the agent calls external tools, rather than relying on hard-coded workflows or human approval alone. Amazon Bedrock AgentCore uses Cedar, an open-source authorization policy language, to centralize and enforce these controls outside the LLM where they cannot be bypassed.
Fix: Amazon Bedrock AgentCore Gateway sits between the agent and the tools it calls. When you associate a Policy (written in Cedar) with a Gateway, it blocks everything by default and selectively allows only specified tool invocations under defined conditions. Cedar is an open source authorization policy language developed by AWS that is purpose-built for authorization, readable by humans, and analyzable by machines using automated reasoning.
AWS Security BlogMicrosoft released two open-source tools to help developers test AI agent security during development. RAMPART is a testing framework (built on PyRIT, an earlier tool) that lets developers write test cases to find safety problems like cross-prompt injections (when untrusted data reaches an AI indirectly through sources like emails or files) and data exfiltration (unauthorized data leakage). Clarity is a planning tool that guides developers through design decisions early in a project, before coding begins, so potential issues can be addressed cheaply rather than fixed later.
Fix: Microsoft provides RAMPART and Clarity as open-source tools. According to the source: RAMPART is 'a Pytest-native safety and security testing framework for writing and running safety and security tests for AI agents' that 'evaluates the outcome of those tests and reports the results.' Clarity helps developers 'arrive at the right approach even before writing a single line of code' by 'guiding them through problem clarification, solution exploration, failure analysis, and decision tracking.' Microsoft states that using these tools 'move[s] AI safety from a one-time review to a set of living artifacts that developers can use throughout the lifecycle.'
The Hacker NewsGoogle announced Gemini Spark, an upcoming AI agent product that connects with Google apps like Gmail and Drive, which runs on Gemini 3.5 Flash and a tool called Antigravity. To address prompt injection risks (tricking an AI by hiding instructions in its input), Google stated that Spark operates in isolated virtual environments with encrypted credentials, data loss prevention policies, and a secure gateway, though the author expresses concern about whether these protections are sufficient given the sensitive data users may process through it.
Fix: According to Google's documentation, Gemini Spark implements the following security measures: 'Spark operates in a fully managed, secure runtime on Google Cloud' with 'every task executes in a fresh, strictly isolated, ephemeral VM to help ensure data never overlaps between sessions.' Additionally, 'all traffic routes through our secure Agent Gateway that enforces Data Loss Prevention (DLP) policies, while user credentials remain fully encrypted and are never exposed directly to the agent.'
Simon Willison's WeblogA UK study by the thinktank Demos found that AI chatbots like ChatGPT gave voters false information in response to 34% of questions about the Scottish election, including made-up scandals and invented candidates. The Electoral Commission has called for new legal controls to regulate AI platforms and prevent this kind of misinformation (false information spread to deceive people).
AI, particularly agentic AI (AI systems that can plan and take actions independently), is making attacks on applications faster, cheaper, and more widespread than ever before. Attackers are now targeting all apps as primary threats rather than some being less important, and apps face hostile attacks within hours of being published online instead of days. Critical sectors like medical devices and automotive apps are seeing the steepest increases in attacks because AI tools have made it easier to reverse engineer (understand how software works by analyzing it) the complex, specialized code that once protected these systems.
Simply using security and privacy benchmarks (standardized tests that measure how well a system performs) is not enough to ensure AI is truly secure, because benchmarks don't accurately measure AI capabilities. Instead of relying on benchmarks alone, organizations should apply proven security engineering practices, such as process-driven standards like BSIMM (Building Security In Maturity Model, a framework that guides companies through security best practices), while staying extra vigilant since AI systems don't have a single reliable security measurement like software does.
Google and other companies are expanding AI labeling systems like SynthID (invisible watermarking that tags AI-generated images) and C2PA Content Credentials to help people identify fake or AI-generated content online. These technologies aim to combat deepfakes (manipulated videos or images made to look realistic) and other misleading AI content that has been deceiving people on social media.
Fix: 1Password introduced an Environments MCP Server for Codex that implements just-in-time credential access. According to the source, the solution works by: (1) issuing credentials only when needed and scoped to the specific task, (2) keeping secrets outside the model's context window, (3) providing a secure runtime environment where secrets are mounted, used, and discarded with user authentication required at access time, (4) using 1Password's vault technology to keep secrets end-to-end encrypted and centrally managed, (5) limiting access through custom permissions, and (6) injecting required variables directly into the application process at runtime so credentials exist in memory only for the authorized process and only as long as needed. The source states: 'The credentials never appear in code, terminals, or model context.'
SecurityWeekFix: The vulnerability was fixed in Claude Code version 2.1.88, released on March 31, 2025. According to Anthropic, the fix was included in a public commit to the 'sandbox-runtime' repository on March 27, 2025.
SecurityWeekThis article discusses AI Bills of Materials (BOMs, which are detailed lists of components and dependencies used in AI systems), and how security leaders can prepare to use them effectively in their organizations. The piece focuses on five strategies that CISOs (Chief Information Security Officers, the executives responsible for security) can use to both adopt AI BOMs and help shape how they're created in the future.
Singapore has signed separate agreements with Google and OpenAI to strengthen its position as a global AI hub and speed up AI deployment in public services, healthcare, education, and business. OpenAI will invest over $234 million in Singapore's AI ecosystem and establish its first applied AI lab outside the U.S., while Google will focus on solving societal challenges, building an AI-ready workforce, and creating a secure AI ecosystem (systems designed to prevent harmful outcomes from AI).