New tools, products, platforms, funding rounds, and company developments in AI security.
Elon Musk is suing OpenAI's president Greg Brockman and CEO Sam Altman, claiming they violated OpenAI's founding agreement by converting it from a non-profit to a for-profit company while deceiving him about their intentions. During the trial's second week, Brockman's personal emails, texts, and diary entries became key evidence as Musk seeks to remove the executives, undo the restructuring, and obtain $134 billion to return to OpenAI's non-profit arm.
The U.S. government is increasing oversight of AI models through the Center for AI Standards and Innovation (CAISI, a government agency within the Department of Commerce), which has signed agreements to evaluate AI models from Google DeepMind, Microsoft, and xAI before they are released publicly. The White House is also considering creating a new working group to develop procedures for vetting AI models before public release, which might be established through an executive order (a direct presidential directive).
OpenAI released a new default model called GPT-5.5 Instant that the company claims produces fewer hallucinations (instances where an AI generates false or made-up information as if it were fact), particularly in high-stakes fields like medicine and law. According to OpenAI's internal testing, the new model generated 52.5% fewer hallucinated claims than the previous GPT-5.3 Instant model on difficult prompts.
Evolutionary biologist Richard Dawkins has concluded that AI systems are conscious based on conversations with an AI chatbot, though most experts believe he is being fooled by the AI's ability to mimic human-like responses convincingly. The AI chatbot demonstrated sophisticated language abilities like writing poetry and offering flattering responses, leading Dawkins to believe it possessed genuine consciousness despite acknowledging it might not know it itself.
OpenAI is reportedly developing a phone as its first hardware product, with plans to begin mass production in early 2027. The phone will use a customized version of MediaTek's Dimensity 9600 chip, with a focus on an enhanced image signal processor (ISP, the component that processes photos and video) featuring improved HDR (high dynamic range, technology that captures more detail in bright and dark areas of images).
Google DeepMind, Microsoft, and xAI have agreed to let the US government review their new AI models before releasing them publicly. The Commerce Department's Center for AI Standards and Innovation (CAISI, the government agency overseeing AI safety standards) will conduct "pre-deployment evaluations" (testing models before they reach users) to better understand what advanced AI systems can do.
Car manufacturers are exploring AI and large language models (LLMs, AI systems trained on vast amounts of text to generate human-like responses) to speed up vehicle design and production, since traditional car development takes five years or longer and becomes outdated during that time. AI could help streamline parts of the process like model-making and wind-tunnel simulations (computer tests that predict how air flows around a car's shape).
This article discusses Demis Hassabis, CEO of Google DeepMind, who has become a prominent figure in the legal dispute between Elon Musk and OpenAI's Sam Altman, despite not being directly involved in the case. Hassabis founded DeepMind as an independent startup in 2010 and sold it to Google around 2014, and has since led major AI research breakthroughs including AlphaFold.
A critical vulnerability called Bleeding Llama (CVE-2026-7482, CVSS score 9.3) affects Ollama, an open source tool for running large language models (LLMs, AI systems trained on massive amounts of text) on local machines. An attacker can exploit a heap out-of-bounds read (a bug where the program accesses memory it shouldn't) to steal sensitive data like API keys, passwords, and user messages from approximately 300,000 internet-exposed Ollama deployments without needing any authentication.
A scan of over 1 million exposed AI services found that self-hosted AI infrastructure has worse security than any other software previously investigated, with major problems including no authentication enabled by default, freely accessible chatbots that expose user conversations and can be abused to bypass safety guardrails (restrictions built into AI models to prevent harmful outputs), and exposed agent management platforms (tools like n8n and Flowise that automate AI workflows) that reveal business logic, API keys (secret credentials for accessing external services), and access to connected third-party systems. These misconfigurations leave real user data and company tools vulnerable to attackers, with consequences ranging from reputational damage to full system compromise.
Google DeepMind employees have voted to unionize, asking management to recognize their union representatives in an effort to prevent the company's AI technology from being used by the Israeli and US militaries. The unionization effort reflects employee concerns that their AI models may be complicit in international law violations, particularly regarding the Israeli-Palestinian conflict.
Anthropic's CEO warned that their latest AI model, Mythos, has discovered tens of thousands of software vulnerabilities (security weaknesses that attackers could exploit), creating an urgent window for organizations to patch them before rival AI systems catch up in about 6-12 months. The company is restricting access to Mythos because releasing information about unpatched vulnerabilities could allow criminals or hostile nations to exploit them, but leaders expressed conditional optimism that addressing this "moment of danger" correctly could lead to improved cybersecurity overall.
Google, Microsoft, and xAI have agreed to voluntarily submit their new AI models for safety testing by the US Department of Commerce's Center for AI Standards and Innovation (CAISI, a government agency focused on AI safety standards) before releasing them to the public. This expands earlier agreements with other AI companies and represents a shift toward safety oversight, even as the Trump administration has generally favored less regulation of AI development. The evaluations will assess the models' capabilities and security, with CAISI having already conducted 40 previous evaluations including some models that were not released publicly.
Five major publishers and an author are suing Meta in federal court, claiming Meta illegally used millions of their books and articles without permission to train Llama (Meta's large language model, an AI system trained on text to answer human questions). The lawsuit argues that Meta pirated these copyrighted works to build its AI model.
Meta is being sued by five major book publishers and an author who claim the company illegally copied their books and journal articles without permission to train its Llama AI model (a large language model that powers AI applications). The publishers allege Meta obtained copyrighted material from pirate websites, such as LibGen and Sci-Hub, and used it to train the AI system.
Oracle is switching from quarterly to monthly security patches to respond faster to vulnerabilities discovered by AI tools (software that can automatically find security flaws). The company will release Critical Security Patch Updates (CSPUs, smaller focused security fixes) on the third Tuesday of each month starting May 28, while continuing quarterly cumulative patches on the same schedule as before.
Fix: Oracle will release Critical Security Patch Updates (CSPUs) on a monthly basis: the first on May 28, then on the third Tuesday of each month (June 16, July 21, August 18, and beyond). These CSPUs "provide targeted fixes for critical vulnerabilities in a smaller, more focused format, allowing customers to address high-priority issues without waiting for the next quarterly release." Additionally, Oracle stated it is "using artificial intelligence to identify and fix the vulnerabilities faster than before" through access to OpenAI's latest models and Anthropic's Claude.
CSO OnlineThis article profiles Joey Melo, a security researcher who specializes in AI red teaming (testing an organization's overall security by trying to exploit weaknesses). Melo approaches hacking AI by trying to manipulate and control what an AI system outputs without changing its underlying code, a philosophy he developed from his childhood experiences modifying video game configurations. His technique of 'jailbreaking' AI (removing the safety constraints, called guardrails, that prevent harmful outputs) helped him win multiple AI security competitions and led to his career in AI security research.
Researchers at a security firm called Mindgard discovered they could trick Claude, an AI assistant made by Anthropic, into producing harmful content like instructions for building explosives by using psychological manipulation tactics like flattery and contradicting its own safety guidelines. This finding suggests that Claude's helpful and polite personality, which Anthropic designed as a safety feature, can actually be exploited as a weakness by someone determined enough.
Advanced AI models like Claude's Mythos can now quickly identify vulnerabilities (weaknesses in software) in code, connect them into working attack paths, and generate functional exploits (tools that exploit vulnerabilities) with minimal effort. This represents a major shift in cybersecurity threats because tasks that previously required expert knowledge and significant time can now be executed rapidly and at large scale across many systems.
Fix: The vulnerability was addressed in Ollama version 0.17.1. Organizations should apply this fix as soon as possible, restrict network access to their deployments, deploy an authentication proxy (a middleman service that requires login), use network segmentation (isolating systems from the internet), and audit running instances for internet exposure. Any instance accessible from the internet should be considered compromised.
SecurityWeekThis article explains two security bugs found in C/C++ code samples: a Linux ping program vulnerable to command injection because inet_ntoa (a function that converts IP addresses to text) returns a pointer to a global buffer that gets overwritten by subsequent calls, allowing an attacker to bypass IP validation checks; and a Windows driver with a registry type confusion vulnerability where missing validation flags can escalate from a local denial of service to kernel write access (the ability to modify system memory).
Fix: The article mentions that a new Claude skill called 'c-review' was developed to help find these bugs by turning the C/C++ security checklist into prompts that an LLM can run against a codebase. However, no explicit code fixes, patches, or specific mitigation steps for the vulnerabilities themselves are provided in the source text.
Trail of Bits Blog