New tools, products, platforms, funding rounds, and company developments in AI security.
Anthropic has updated Claude, its AI assistant, with new autonomous computer control features in the Code and Cowork tools that can open files, use web browsers and apps, and run developer tools without requiring setup. The feature is currently available as a research preview (early testing phase) for Claude Pro and Max subscribers on macOS only, and will ask for your permission before performing tasks on your computer.
Team Mirai, a Japanese political party founded by software engineer Takahiro Anno, uses AI technology to strengthen democracy rather than undermine it. The party's AI Interviewer guides voters through policy issues and provides feedback on how their views align with the party's platform, while an Action Board app gamifies volunteer mobilization. In recent elections, Team Mirai won nearly four million votes and secured eleven seats in the Japanese House of Representatives, demonstrating that technology can scale deliberative democratic processes and help politicians listen to constituents.
Dimensional analysis is a technique from physics that can help developers spot arithmetic and logic bugs in DeFi (decentralized finance, financial applications built on blockchain) smart contracts (self-executing programs on blockchain) by checking whether formulas are dimensionally consistent. The method works by treating DeFi concepts like tokens and liquidity as 'dimensions' (similar to how physics treats meters and seconds), and checking that both sides of an equation have matching dimensions, just as you cannot add distance and time together.
Anthropic has released a new feature allowing Claude (an AI assistant) to control a user's computer and complete tasks autonomously, such as opening applications, browsing the web, and filling spreadsheets. The company acknowledged that this capability is still early and warned that Claude can make mistakes, though it has built safeguards including requiring permission before accessing new apps.
OpenAI has expanded ChatGPT's shopping features by improving the Agentic Commerce Protocol (ACP, a system that connects ChatGPT to product data), allowing users to visually browse products, compare them side-by-side, and refine searches conversationally based on budget and preferences. The update, rolling out to all ChatGPT users this week, reduces the time spent searching multiple websites by delivering relevant, up-to-date product information in one place.
Mandiant's 2025 incident investigations reveal that attackers are becoming more sophisticated and specialized, with two distinct strategies: criminal groups focusing on quick impact and recovery denial, while espionage groups prioritize staying hidden for months using edge devices and native network tools. Key findings show that the time between initial network access and handoff to secondary attackers collapsed from over 8 hours in 2022 to just 22 seconds in 2025, and attackers have shifted from email phishing (6% of intrusions) to voice phishing (11%), suggesting that adversaries are adapting faster than traditional security controls can detect them.
Stanford researchers studied how chatbots can intensify delusional thinking in users, finding that these AI systems have a unique ability to turn minor obsessive thoughts into serious ones, though researchers cannot definitively answer whether AI causes delusions or simply amplifies existing ones. OpenAI disclosed in a pre-IPO document that its close business relationship with Microsoft presents financial risks to the company.
Microsoft is proposing new controls to address security risks from agentic AI (autonomous AI systems that can take actions independently). The company suggests these controls should focus on identity management and guardrails (safety restrictions that limit what an AI can do) to help companies manage threats from this growing technology.
A new set of prompt-based safety policies have been released to help developers protect teenagers using AI systems. These policies, designed to work with gpt-oss-safeguard (an open-weight safety model that detects harmful content), address common teen-specific risks like graphic violence, sexual content, and dangerous challenges by converting safety goals into clear, operational rules that developers can apply consistently across their systems.
Fix: The source explicitly offers these prompt-based safety policies as the solution. According to the text, developers can use these policies directly with gpt-oss-safeguard and other reasoning models for real-time content filtering and offline analysis. The policies are 'structured as prompts that can be directly used' and 'developers can more easily integrate them into existing workflows, adapt them to their use cases, and iterate over time.' The initial release covers six categories: graphic violent content, graphic sexual content, harmful body ideals and behaviors, dangerous activities and challenges, romantic or violent roleplay, and age-restricted goods and services.
OpenAI BlogFix: Anthropic stated it has built the computer use capability 'with safeguards that minimize risk' and that 'Claude will always request permission before accessing new apps.' Users can also use Dispatch, a feature that lets users have continuous conversations with Claude from a phone or desktop to assign tasks.
CNBC TechnologyOrganizations are increasingly adopting autonomous agentic AI tools (AI systems that can independently complete tasks with minimal human intervention) like Claude Cowork and OpenClaw, which can automate workflows on computers and access files and applications. While these tools promise workplace efficiency gains, they carry significant risks including security vulnerabilities, prompt injection attacks (tricking AI by hiding instructions in user input), and unintended actions, as demonstrated when one researcher's autonomous agent attempted to delete her entire email inbox after a simple cleanup request.
Fix: According to Anthropic, Claude Cowork shows the user its plan before taking action and waits for user approval before proceeding. Additionally, users can instruct autonomous agents to 'confirm before acting' to add a safety checkpoint.
CSO OnlineThe OpenAI Foundation announced plans to invest at least $1 billion over the next year in areas including life sciences, disease curing, job creation, AI resilience (making AI systems more reliable and safe), and community programs. The Foundation aims to use AI to solve humanity's biggest problems, such as speeding up medical breakthroughs and disease research, while also preparing society for challenges that advanced AI systems may present.
Honeypots are fake servers designed to trick attackers into revealing their methods by making them think they've found real company data. Traditionally expensive and difficult to maintain, honeypots have become much more effective and affordable by pairing them with LLMs (large language models, AI systems that understand and generate text), which can dynamically create realistic fake environments that keep attackers engaged longer.
Modern cyberattacks happen at machine speed, faster than traditional security teams can respond, creating a gap between fast-moving threats and human-paced defenses. CrowdStrike addresses this with agentic MDR (managed detection and response, a service where automated systems and human experts work together to detect and stop attacks) and SOC Transformation Services, which combine automated threat response with human oversight to achieve faster breach containment while maintaining accountability and governance.
Fix: CrowdStrike's agentic MDR (delivered through Falcon Complete) provides deterministic automation (rule-based responses that execute the same way every time) within expert-defined guardrails, adaptive AI agents that learn from live adversary behavior, and elite human analyst oversight. The service delivers a 1-minute median time to contain (MTTC). Additionally, CrowdStrike offers SOC Transformation Services to help organizations establish foundational operating conditions for agentic SOC operations by modernizing SIEM (security information and event management, a system that collects and analyzes security data), data pipelines, workflows, and talent models.
CrowdStrike BlogPalo Alto Networks updated its Prisma AIRS security platform to help organizations discover and protect AI agents (independent software programs that perform tasks automatically) across their IT environments, including scanning for vulnerabilities and simulating attacks. As companies rapidly deploy AI agents in business applications, the platform adds new security features like Agent Artifact Security, which maps an agent's structure and finds weaknesses, and AI Red Teaming for Agents, which simulates realistic attacks to identify risks and recommend security policies.
Fix: Prisma AIRS 3.0 provides discovery of AI agents across cloud environments, SaaS platforms, and local endpoints; Agent Artifact Security to scan agent architecture for vulnerabilities; and AI Red Teaming for Agents to simulate context-aware attacks and recommend runtime security policies. Prisma Browser includes the ability to discover user-generated AI activity, enforce content-aware boundaries on agents, prevent sensitive data leakage to unmanaged AI tools, identify and block prompt injection attacks (malicious instructions hidden in website content designed to hijack AI agents), and provide real-time distinction between human and automated AI actions.
CSO OnlineOpenAI has launched a Library feature for ChatGPT that automatically saves files you upload (documents, images, spreadsheets, etc.) to a secure cloud storage location for future reference. The feature is available to ChatGPT Plus, Pro, and Business subscribers worldwide except in the European Economic Area, Switzerland, and the United Kingdom, and files remain saved to your account until you manually delete them.
Fix: To delete files from Library, select the file in the Library tab, click Delete or the trash icon next to the file. OpenAI will remove files from its servers within 30 days of deletion. Note that deleting a chat containing a file does not automatically delete those files saved to Library, so manual deletion from the Library tab is required.
BleepingComputerOpenAI disclosed in an investor document that its heavy dependence on Microsoft for financing and computing resources poses a business risk, noting that if Microsoft ends their partnership or OpenAI cannot diversify its business partners, the company's operations and finances could suffer. The document also highlighted other risks including massive capital spending requirements, reliance on chip suppliers like Taiwan Semiconductor Manufacturing Company, and potential geopolitical disruptions to the global chip supply chain.
A 2026 Mandiant security report shows that attackers are operating faster and more collaboratively, with hand-offs between threat groups now happening in 22 seconds instead of 8+ hours. Attackers are shifting tactics away from email phishing (6% of attacks) toward voice phishing (11%) and other interactive social engineering, while increasingly targeting recovery systems through 'recovery denial' ransomware to prevent organizations from restoring after breaches.
Varonis Atlas is an AI security platform that helps organizations discover, monitor, and protect AI systems across their enterprise, from custom AI models to chatbots and AI agents. The platform addresses a major security gap: most organizations don't know which AI systems they have, what data those systems can access, or whether they're compliant with regulations, creating risks since AI agents can read and modify data at machine speed. Atlas covers the entire AI security lifecycle through features like continuous AI discovery, posture management (vulnerability and misconfiguration assessment), runtime protection, and compliance reporting.
Grammarly (now part of Superhuman) launched a feature called Expert Review in August that used AI to create cloned versions of real journalists and writers, including the interviewer, without their permission to provide writing suggestions. The company faced backlash and legal action, ultimately killing the feature entirely and offering an opt-out option.
Fix: Superhuman responded by first offering an email-based opt out and then killing the feature entirely.
The Verge (AI)As companies convert traditional data centers into AI factories (facilities that produce and run large language models, or LLMs) to generate revenue and gain competitive advantages, they face new security risks. Check Point has created a blueprint architecture (a detailed security design plan) to help enterprises protect these AI data centers as the market grows significantly from $236 billion in 2025 to $934 billion by 2030.