New tools, products, platforms, funding rounds, and company developments in AI security.
Hundreds of software packages on npm (Node Package Manager) and PyPI (Python Package Index) were compromised in the Shai-Hulud attack campaign, which used stolen OIDC tokens (authentication credentials that verify a developer's identity) to publish malicious versions with valid cryptographic signatures, making them appear legitimate. The malware targets developer credentials like GitHub tokens, AWS secrets, and SSH keys, then hides itself in code editor auto-run tasks so uninstalling the packages doesn't remove it. The attack affected popular projects including TanStack, Mistral AI, Bitwarden, and others.
Testing Anthropic's Claude Mythos AI model on the curl data transfer tool found only one actual low-severity vulnerability in 178,000 lines of code, despite Anthropic's claims that the model could identify thousands of zero-day vulnerabilities (previously unknown security flaws). Experts are divided on whether this result shows that Mythos is less powerful than claimed or simply that curl's code is already very secure from previous audits and analysis by other tools.
Copy.Fail is a critical Linux kernel vulnerability that lets an attacker with basic user access escalate their privileges to root (the highest permission level) by exploiting the kernel crypto API and splice function (a system call that efficiently moves data between files). The vulnerability affects most Linux distributions without requiring special tricks or version-specific offsets, and it's especially dangerous in shared environments like Kubernetes clusters and cloud servers where multiple users or containers share the same kernel.
Over 170 packages in popular NPM and PyPI repositories (code libraries that developers use) were compromised by the hacking group TeamPCP in a coordinated attack, including packages from TanStack, UiPath, and Mistral AI. The malware (malicious software) stolen sensitive information like API keys (credentials for accessing services), developer tokens, and cryptocurrency wallets, then tried to spread by using stolen GitHub tokens to publish infected versions of other packages. The attackers used a novel technique called a supply chain attack (compromising the tools and processes used to build and distribute software) by exploiting three security weaknesses in GitHub Actions (automated workflows for building and releasing code) to bypass security checks and make malicious packages appear legitimate.
TeamPCP compromised multiple popular software packages (from companies like TanStack, Mistral AI, and Guardrails AI) by injecting malicious code that steals credentials for cloud services, cryptocurrency wallets, and development tools. The attack used a technique called SLSA provenance (a system that verifies software was built securely) to make the malicious packages look legitimate, and the malware persists by modifying development tools like VS Code so it runs every time the tool starts.
Linux kernel maintainers are proposing a 'kill switch' that would let system administrators disable a vulnerable function in the OS kernel (the core software that manages hardware and system resources) until a patch for a zero-day vulnerability (a previously unknown security flaw) is ready. The proposal aims to protect servers during the gap between when a vulnerability is discovered and when a patched kernel can be built, tested, and restarted on systems, though security experts debate whether this approach is practical or creates new risks.
NVIDIA engineers and researchers use Codex, an AI coding tool built on GPT-5.5, to automate complex engineering tasks and machine learning research workflows. The tool can work autonomously for long sessions, finding bugs and writing code that earlier models couldn't, and has enabled teams to build production systems and run experiments much faster than before. Codex integrates with remote infrastructure (SSH, or secure shell protocol, which lets users securely connect to distant computers) and can even test its own code as it's being built.
AutoScout24 Group, a large European and Canadian online car marketplace, implemented AI tools like ChatGPT and Codex (an AI coding assistant) across its 2,000 employees to speed up software development and improve code quality. By embedding Codex directly into engineering workflows and creating an "AI Champions" network for knowledge sharing, the company reduced development timelines from 2-3 weeks to 2-3 days for some projects while maintaining reliability.
Thinking Machines, an AI company founded by former OpenAI CTO Mira Murati, is developing 'interaction models' that can process audio, video, and text simultaneously and respond in real time, unlike current AI models that wait passively for users to finish typing or speaking before responding.
Google's security team reported that it stopped hackers from using AI models to find and exploit a zero-day vulnerability (a software flaw unknown to developers) as part of a planned large-scale attack that would have bypassed two-factor authentication (a security method using two verification steps). The incident highlights a growing concern that criminals are using available AI tools to discover software weaknesses in ways that could harm companies and organizations.
OpenAI's Chief Revenue Officer announced that enterprise AI adoption is reaching a 'tipping point' and introduced a new Deployment Company to accelerate business adoption of AI technology. The company acquired Tomoro, an AI consulting firm, bringing about 150 forward-deployed engineers (specialists who work directly with clients to integrate AI into their business processes) who will help organizations understand their workflows and implement AI solutions.
A developer demonstrated how to use an LLM (large language model) directly in the shebang line (the first line of a script that tells the system how to run it) of executable text files, allowing scripts to be written as natural English prompts instead of traditional code. The approach uses the LLM tool with various options to generate outputs like SVG images, incorporate external tools, and even execute YAML templates that define custom Python functions.
Microsoft CEO Satya Nadella testified in a lawsuit that Elon Musk never contacted him about concerns that Microsoft's investments in OpenAI violated any agreements or commitments. Musk sued OpenAI and its leaders in 2024, claiming they abandoned the company's nonprofit mission, and he alleges Microsoft's $13 billion in investments to OpenAI helped enable this breach of charitable trust. Nadella stated that Microsoft's investments were commercial partnerships with clear business benefits, not donations, and that he believed the company acted appropriately.
Google discovered and blocked a zero-day exploit (a previously unknown security flaw) that was created with AI assistance, which criminals planned to use for mass attacks on a web administration tool. Researchers identified AI involvement by finding signs in the Python script like artificial CVSS scores (severity ratings) and text patterns typical of AI language models.
OpenAI's Q1 2026 data shows ChatGPT adoption expanded beyond early adopters, with growing usage among older age groups, users with typically feminine names, and people in emerging markets across Latin America, Asia-Pacific, and Africa. Workplace use evolved to focus on specialized tasks like content creation and health documentation rather than just general writing. Overall, ChatGPT became a more mainstream tool used by diverse people in more countries for recurring tasks.
Fix: The mainline fix landed on 1 April. Distros are rolling kernels out now. Patch. Additionally, a custom seccomp profile (a security filter that restricts which system calls programs can use) is needed, since Kubernetes Pod Security Standards and the default RuntimeDefault seccomp profile do not block the vulnerable syscall.
Schneier on SecurityGo's built-in fuzzing tool (a technique that tests software by feeding it random or semi-random inputs to find bugs) was missing key features available in other languages like Rust and C++, so researchers built gosentry, a modified version of the Go toolchain that adds stronger bug detection, grammar-based fuzzing (testing structured inputs like parsers), and coverage reports while keeping the same familiar interface. Gosentry detects bugs that vanilla Go fuzzing misses, including integer overflows (when numbers get too large for their storage), data races (when multiple threads access the same data unsafely), and goroutine leaks (abandoned lightweight threads), without requiring developers to rewrite existing fuzzing tests.
Fix: Use gosentry instead of Go's standard fuzzer: point existing Go fuzz harnesses at gosentry's binary and run them with new CLI flags like --catch-races=true and --catch-leaks=true to enable additional bug detection. For example: ./bin/go test -fuzz=FuzzHarness --focus-on-new-code=false --catch-races=true --catch-leaks=true. Gosentry also supports generating coverage reports from existing fuzzing campaigns with the --generate-coverage flag, and the --panic-on flag can make the fuzzer stop when specific functions like log.Fatal are called.
Trail of Bits BlogAgentic AI (AI systems that can independently execute tasks and take actions) is already running in many organizations without security teams fully understanding it, creating a significant security gap. Security professionals cannot effectively protect technology they don't understand, and teams that lack fluency in agentic AI are being bypassed by business units moving forward without their input. The article identifies three main categories of agentic AI risk: general-purpose coding agents (like GitHub Copilot), vendor-built agents using MCP (Model Context Protocol, which allows agents to connect to external services), and custom agents built by non-technical users, each requiring different security considerations.
CISOs (Chief Information Security Officers, the top security leaders at companies) are taking on increasingly important roles as AI becomes central to business operations and security threats grow. Companies like Brown & Brown and PayPal are addressing AI risks by creating AI security frameworks and governance structures that require security reviews before any AI tool is deployed, ensuring AI is used safely and responsibly.
Fix: According to the source, companies should implement AI security frameworks that require security reviews before deploying any AI capability. These frameworks should evaluate AI use cases against security requirements, data sensitivity, operational risk, and business impact. Additionally, organizations should establish AI Governance Working Groups (as Brown & Brown has done) to perform AI risk assessments and ensure AI is fit for purpose and used responsibly.
CSO OnlineOpenAI launched Daybreak, a new tool that uses AI models to help organizations find and fix software vulnerabilities before attackers can exploit them. Daybreak combines OpenAI's AI capabilities with Codex Security to automate tasks like code review, threat modeling, and patch validation. However, the article notes that AI tools have created a problem where vulnerabilities are discovered faster than developers can fix them, leading to 'triage fatigue' (where maintainers get overwhelmed sorting through many vulnerability reports, some of which may be false alarms generated by AI).
Fix: According to the source, Daybreak addresses the remediation bottleneck by incorporating 'patch validation' and 'remediation guidance into the everyday development loop so software becomes more resilient from the start.' Additionally, the text states that 'companies like Anthropic, Google, and OpenAI have increasingly positioned AI security agents as a new operational layer to address the remediation bottleneck and safeguard digital infrastructure from potential exploitation.' However, no specific technical steps or implementation details are provided in the source text.
The Hacker NewsFix: The proposed mitigation, as described by Sasha Levin, is: 'for many such issues, the simplest mitigation is to stop calling the buggy function.' Levin suggests that 'the cost of this socket family stops working for the day is much smaller than the cost of running a known vulnerable kernel until the fix lands.' A proposed version of a kernel kill switch has been provided by Levin and a colleague, though the source does not detail the technical implementation of this kill switch.
CSO OnlineOpenAI launched Daybreak, an AI security initiative designed to find and fix vulnerabilities (weaknesses in software that attackers could exploit) before attackers discover them. Daybreak uses the Codex Security AI agent to analyze an organization's code, identify potential attack paths (ways an attacker could compromise the system), and automatically detect high-risk vulnerabilities.