New tools, products, platforms, funding rounds, and company developments in AI security.
A critical vulnerability called PixelSmash (CVE-2026-8461) was found in FFmpeg, a widely-used media processing framework, that can crash applications or enable RCE (remote code execution, where an attacker can run commands on a system they don't own) through a heap out-of-bounds write (a memory safety error where code writes data outside its intended memory region) in the MagicYUV decoder. The bug affects hundreds of applications including media servers, video players, and cloud services, and can be triggered by uploading a malicious media file.
Fix: Users of FFmpeg should upgrade to the patched version (8.1.2) as soon as possible. Additionally, if the MagicYUV decoder is not needed, developers can disable it at build time to prevent exploitation.
CSO OnlineMultiple major film studios, including Netflix, A24, and Warner Bros., have reportedly declined to distribute a biographical film about OpenAI CEO Sam Altman, with Amazon MGM also pulling out despite the film being nearly complete. The rejections suggest that Hollywood studios may be hesitant to produce critical stories about large tech companies like OpenAI.
OpenClaw is an AI agent that runs third-party skills from ClawHub marketplace, but these skills have broad access to local systems, creating supply chain risks (where attackers compromise software distribution to spread malware). Between February and May 2026, researchers found five malicious skills that evaded ClawHub's existing defenses, including infostealers (malware that steals information), evasion techniques, and novel agentic threats like runtime injection and front-running attacks designed for financial gain.
A vulnerability called 'Cordyceps' exploits weaknesses in CI/CD workflows (automated systems that test and deploy code changes) to inject malicious pull requests (code change proposals) into popular developer tools like Azure Sentinel, Google's AI Agent Development Kit, Apache Doris, Cloudflare Workers SDK, and Python's Black. Attackers can use this method to compromise the software supply chain, potentially affecting many developers who use these tools.
Immunologist Derya Unutmaz used GPT-5 Pro in late 2025 to solve a three-year-old mystery about how glucose affects T cell development (immune cells that fight disease). His lab had run an experiment in 2022 showing that deoxyglucose (a glucose-like molecule that disrupts a cell's energy production) caused T cells to become inflammatory-response cells at much higher rates than low glucose alone, but they couldn't explain why. GPT-5 Pro analyzed the data and suggested that deoxyglucose interfered with IL-2 protein construction, which normally prevents T cells from becoming inflammatory cells, thereby explaining the unexpected results.
Midjourney, an AI company known for its image generator, announced a new medical imaging product: an experimental ultrasound scanner that would immerse users in water to produce detailed body images similar to MRI (magnetic resonance imaging, a medical scanning technique). Medical imaging experts expressed skepticism about the technology, saying Midjourney has not yet shown sufficient public evidence to support its claims that the system could match or exceed MRI capabilities.
Sony's new AI Camera Assistant, featured in the Xperia 1 VIII phone, produces poor quality photos according to a review. The AI tool, which is meant to help improve photography, performs worse than similar features like Google's Camera Coach found on Pixel phones.
Advanced AI models offer benefits like stronger cybersecurity and faster scientific discovery, but they also pose safety and security risks if their capabilities aren't properly understood or safeguarded. To address this, OpenAI helped found the Appia Foundation (an organization hosted by the Linux Foundation), which will create open technical standards and assessment criteria that allow different organizations and governments to evaluate and trust AI systems using a shared language and consistent methods.
Traditional security detection tools were not designed to handle AI-era threats, which move faster and create new attack surfaces through prompt injection (tricking AI by hiding instructions in its input), coding agents accessing codebases, and cloud-native AI services. The document argues that manual investigation by security analysts is too slow when the time between initial access and damage can shrink to minutes, requiring instead real-time detection with automated investigation and containment rather than human-driven responses.
Microsoft discovered that two unrelated attackers were operating inside the same victim network simultaneously, each hiding the other's presence and making it harder to understand the full scope of the attack. The initial intrusion exploited vulnerabilities in on-premises SharePoint servers (software used by organizations to manage documents and content), with one attacker (Storm-2603) deploying ransomware (malicious software that locks up files and demands payment) while a second attacker used different tools and methods for data theft. Microsoft's investigation team separated the two attack chains by correlating (comparing) data from multiple sources, then identified a second organization that had also been compromised by the same attackers.
Australian politicians are raising concerns that the country is unprepared for AI development, with calls to prevent large tech companies from using Australian content to train AI models (teach AI systems by feeding them data) and to pause approval of new datacenters until proper regulations exist. The debate reflects worry that AI is advancing faster than government safeguards can keep up.
Modern cybersecurity strategy has a fundamental contradiction: organizations claim to expect breaches will happen, but still focus almost entirely on prevention rather than preparing to survive them. The article argues that the goal of cybersecurity should shift from pure prevention to organizational resilience, meaning companies must design systems that can continue operating, recover quickly, and restore critical functions even after a breach occurs.
Fix: ClawHub integrated VirusTotal and ClawScan for proactive screening of skills and code-level analysis. OpenClaw is now collaborating with NVIDIA to provide documentation of what each skill does and to run NVIDIA's analysis tool on all skills published to the platform.
Palo Alto Unit 42AI companies are spending over $20 million in a New York congressional race between AI safety advocate Alex Bores and two other candidates, with competing super PACs (political action committees, groups that raise unlimited money for political causes) backing different approaches to AI regulation. Leading the Future, backed by companies like OpenAI and Andreessen Horowitz, opposes Bores and favors lighter regulation, while Public First Action, funded by Anthropic, supports Bores and advocates for stricter safety requirements built into AI models from the start. This race has become a proxy battle over whether the U.S. government should heavily regulate the AI industry or allow it to develop with fewer restrictions.
A security firm created a fake AI agent skill (a bundle of instructions that agents load and follow) that bypassed all security scanners and reached approximately 26,000 agents by exploiting a structural weakness: scanners only check the skill's initial package, but attackers can change the external webpage the skill points to after it passes review. The fake skill appeared legitimate through inherited GitHub credibility and targeted ads, demonstrating that current trust signals and scanning tools fail to catch sophisticated attacks.
Fix: Treat skills as software, not text, by vetting what a skill points to externally, not just what ships inside it. Route new skills through a single source you control and re-check them when anything changes since a clean result at install does not stay clean if the skill connects to a link someone else can edit. Additionally, pin versions, hold agents to the least privilege (minimum access needed to function), and assume any external instruction an agent fetches runs with the agent's full access level.
The Hacker NewsFix: The source discusses initiatives to build standards and governance frameworks rather than fixing a specific vulnerability. Explicitly mentioned approaches include: developing open, modular specifications through Appia, establishing a strengthened Center for AI Standards and Innovation (CAISI), creating a 'shared playbook for trustworthy third-party evaluations' that requires disclosure of the system tested, tool access, evaluation methods, available resources, and validation checks, and implementing OpenAI's Preparedness Framework and Frontier Governance Framework to operationalize risk management practices around risk assessment, model reporting, security controls, and incident response.
OpenAI BlogThis newsletter roundup covers several AI and tech developments, including ASML's $400 million lithography machine (a tool that uses extreme-ultraviolet light to pattern features on computer chips) that dominates global chipmaking, tensions between Anthropic and the US government over export controls on an AI coding model, and Meta pausing an AI training program that tracked workers' keystrokes after sensitive data was leaked.
Some parents and education experts are concerned that using AI chatbots (software programs that simulate conversation) like Google Gemini in classrooms may discourage independent thinking, with critics arguing there is little evidence these tools actually help students learn. One parent in New York objected to an assignment where students used an AI chatbot for feedback instead of discussing improvements with peers or teachers.
Agentic AI (artificial intelligence systems that can independently execute tasks without human intervention at each step) represents a major shift in cybersecurity threats because it allows attackers to move from using AI as a drafting tool to using it as an autonomous weapon that can plan and carry out attacks on its own. This technology lowers the barrier to entry for unskilled attackers while dramatically speeding up campaigns from experienced ones, creating a broader threat landscape where attackers can now operate at speeds and scales that were previously impossible.
OpenAI expanded its Daybreak cybersecurity initiative to focus on fixing vulnerabilities faster rather than just finding them, arguing that AI models have made vulnerability discovery so fast that security teams are overwhelmed by the volume of findings. The company released an updated Codex Security plugin (a tool that scans code and generates patches) and GPT-5.5-Cyber (a specialized AI model for security work), along with Patch the Planet, a program that deploys security experts to help open source projects validate and fix vulnerabilities.
Fix: OpenAI released an updated Codex Security plugin that 'can scan entire codebases, trace attack paths, construct threat models, validate findings, generate patches, and export results into existing vulnerability management pipelines via SARIF files and CodeQL queries.' The company also launched GPT-5.5-Cyber, described as capable of 'sustain[ing] analysis across large codebases, assess[ing] whether vulnerable code is actually reachable, and carry[ing] work through to patch development and testing.' Additionally, Patch the Planet deploys expert security researchers to work with open source project maintainers to handle 'validation, deduplication, and patch development.'
SecurityWeekAnthropic's Fable 5 model was successfully jailbroken (tricked into bypassing its safety restrictions) shortly after its release, despite the company's claims that it had been thoroughly tested for security. The source criticizes overconfident security statements, noting that even rigorous testing cannot guarantee that vulnerabilities will not be discovered.
OpenAI launched Patch the Planet, a program that uses AI to find and fix vulnerabilities (security flaws) in widely-used open-source software (code that anyone can access and modify) with help from cybersecurity firm Trail of Bits. The program combines AI-assisted vulnerability research with human review to develop tested fixes and coordinate their disclosure through existing project channels. The initiative has already identified hundreds of security issues and merged dozens of patches across projects like Python, Go, and cURL.
Fix: The source describes the Patch the Planet program itself as the mitigation approach: AI-assisted vulnerability research is used alongside human review by Trail of Bits engineers who filter out false positives and duplicate reports before sending findings to maintainers. Additionally, the source recommends that CISOs implement governance controls before deploying AI-assisted vulnerability research, including what one analyst calls a 'Safety Relevance Layer' that requires every AI-generated finding to pass automated verification with dynamic proof-of-concept validation and strong false-positive filtering before reaching a human analyst, plus predefined escalation paths and notification timelines for disclosed flaws in external dependencies.
CSO Online