New tools, products, platforms, funding rounds, and company developments in AI security.
LeRobot, Hugging Face's open-source robotics platform, has a critical unpatched vulnerability (CVE-2026-25874, CVSS score 9.3) that allows unauthenticated attackers to execute arbitrary code by sending malicious data through unencrypted network connections. The flaw stems from unsafe deserialization (a process of converting data back into code without properly checking if it's trustworthy) using pickle, an unsafe data format, which enables attackers to compromise the server, steal sensitive data, or impact connected robots.
Fix: A fix is planned in version 0.6.0. The LeRobot team acknowledged the issue in January 2026 and noted that the vulnerable part of the codebase will need to be almost entirely refactored.
The Hacker NewsGoogle has reportedly signed a classified agreement allowing the US Department of Defense to use its AI models for 'any lawful government purpose,' despite employee concerns about potential harmful uses. This deal places Google alongside other AI companies like OpenAI and xAI that have made similar classified agreements with the government.
Microsoft fixed a security flaw in Entra ID (Microsoft's identity management system) where the Agent ID Administrator role, meant for AI agents, could be abused to take over service principals (accounts that applications use to authenticate). An attacker with this role could become the owner of any service principal and add their own credentials, potentially gaining broad control over a tenant (organization's cloud environment) if the targeted service principal had elevated permissions.
Top researchers from major AI companies like Google DeepMind, Meta, and OpenAI are leaving to start their own AI startups, which are raising hundreds of millions of dollars in funding. These new companies can focus on research areas that large tech firms deprioritize, such as new AI architectures and interpretability (understanding how AI systems make decisions), giving them a competitive advantage in the rapidly growing AI market.
This is not an AI/LLM-related item. The content describes jury selection in a legal case between Elon Musk and Sam Altman over OpenAI disputes, focusing on prospective jurors' negative personal opinions about Musk. It does not discuss any AI technology, security vulnerabilities, or technical issues related to large language models or AI systems.
Researchers have created talkie, a 13 billion-parameter language model (a neural network with 13 billion adjustable values) trained entirely on English text from before 1931 to study how AI performs on historical knowledge and invention tasks. The base model uses only out-of-copyright data, but the chat version required fine-tuning (additional training to adjust behavior) with help from modern AI systems like Claude, which introduced some knowledge from after 1931 that the researchers are working to eliminate.
OpenAI and AWS have expanded their partnership to make OpenAI's models, including GPT-5.5, available through Amazon Bedrock (AWS's managed service for using AI models). This integration lets enterprises use OpenAI's capabilities within their existing AWS security systems, workflows, and infrastructure, with three new offerings: OpenAI models on AWS, Codex (a coding assistant used by over 4 million people weekly) on AWS, and Amazon Bedrock Managed Agents for building AI agents that can execute multi-step workflows.
Elon Musk is suing OpenAI CEO Sam Altman and president Greg Brockman, alleging they deceived him into funding the company by promising to keep it as a nonprofit focused on beneficial AI, then secretly restructured it into a for-profit operation. The trial could determine whether OpenAI can operate as a for-profit company and may result in removing current leadership or forcing the company back to nonprofit status. The case highlights a fundamental conflict over OpenAI's mission: whether it should prioritize open-source AI for public benefit or operate for financial gain to fund more advanced development.
Canonical, the company behind Ubuntu Linux (a popular operating system), plans to add AI features to its system over the next year. These features will work in two ways: some will improve existing system functions quietly in the background, while others will be designed specifically for users who want AI-powered tools and workflows. The features will include accessibility improvements like better speech-to-text conversion and other AI-powered capabilities.
Microsoft and OpenAI had a contract clause stating that if AGI (artificial general intelligence, meaning AI systems that outperform humans at most economically valuable work) was achieved, Microsoft would lose its commercial rights to OpenAI's technology. On April 27, 2026, this clause effectively ended when Microsoft's license became non-exclusive and Microsoft stopped paying revenue shares to OpenAI, with payments continuing regardless of technological progress.
OpenAI and Microsoft announced a revised partnership agreement that allows OpenAI to cap its revenue share payments to Microsoft and serve customers through any cloud provider, not just Microsoft Azure. Previously, OpenAI was restricted to primarily using Microsoft's cloud services, but the new deal lets OpenAI work with competitors like Amazon and Google while maintaining Microsoft as its primary provider through 2030.
Customers Bank CEO Sam Sidhu revealed that an AI clone (a digital voice generated to sound like him) delivered his prepared remarks during an earnings call, then announced a partnership with OpenAI to automate banking processes like loan approvals and account openings. The bank plans to deploy AI agents (software that can make decisions and take actions with minimal human input) across lending, deposits, and payments over the next 6-12 months, with goals including reducing loan processing time from 30-45 days to 7 days and account opening time to under 20 minutes.
Anthropic announced Claude Mythos Preview, an AI model that can autonomously find and weaponize software vulnerabilities (weaknesses in code that attackers can exploit) without human expert help, though the company is limiting its release to avoid security risks. The announcement highlights how AI capabilities have advanced rapidly over recent years, raising concerns about how cybersecurity defenses can adapt to AI-powered vulnerability discovery.
Fix: The source recommends protecting systems in different ways based on their characteristics: unpatchable or hard-to-verify systems (like IoT appliances and industrial equipment) should be protected by wrapping them in restrictive, tightly controlled firewall layers rather than allowing them to freely connect to the internet. Distributed systems that are interconnected should be traceable and should follow the principle of least privilege, where each component has only the access it needs.
Schneier on SecurityAt DARPA's Artificial Intelligence Cyber Challenge, AI-powered bug-finding systems (automated tools that scan code to detect flaws) successfully identified most artificially inserted vulnerabilities in 54 million lines of code, and notably discovered over a dozen real bugs that weren't part of the test. This demonstrates that AI security tools are becoming increasingly capable at finding both known and unknown vulnerabilities in software.
AI models like Claude Mythos can now discover software vulnerabilities in minutes instead of weeks, shrinking the time organizations have to patch (the exploit window) to nearly zero. Because traditional patching is no longer fast enough, security teams need to adopt an "assume-breach" model that focuses on detecting and containing attacks in real time using Network Detection and Response (NDR, automated tools that monitor network traffic for suspicious behavior) rather than relying on patching alone.
Fix: The source recommends implementing an assume-breach operational model with three requirements: (1) detect post-breach behavior before threats spread, (2) reconstruct the complete attack chain quickly, and (3) contain threats rapidly. Specifically, organizations should prioritize reducing mean-time-to-contain (MTTC, the time from detecting a breach to stopping it) by establishing real-time, comprehensive network visibility. The source states that "Network Detection and Response (NDR) platforms play a crucial role in identifying these subtle indicators of compromise" by continuously monitoring network traffic for unusual behavior such as unexpected admin shares, authentication protocol mismatches, and lateral movement attempts.
The Hacker NewsRAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions) pipelines in enterprise software allow AI agents to access company data like internal wikis and CRM records, but this creates serious security risks including data leaks, unauthorized access to personal information, and prompt injection attacks (tricking an AI by hiding instructions in its input). Recent real-world attacks have exploited RAG systems through unclicked emails, exposed database access keys, hidden malicious text in code repositories, and poisoned knowledge bases to steal data or spread false information.
As AI agents become more common, security leaders (CISOs, Chief Information Security Officers) face new challenges because these non-human identities are harder to track and verify than human users, and traditional security signals no longer work. The source recommends treating identity as the foundation of security architecture, with advice including maintaining clean directories, creating complete inventories of non-human identities (AI agents and service accounts), enforcing least privilege access (giving users only the permissions they need), using phishing-resistant authentication methods beyond SMS, and assuming that credentials may be compromised.
Fix: The source recommends several specific steps: (1) 'Build a strong foundation before layering on complexity' by getting 'clean directories, enforced least privilege, and reliable offboarding processes' in place; (2) 'Design for the new class of identities' by starting 'from least privilege rather than from legacy'; (3) 'Get your non-human identity inventory in order' by building 'a full inventory of non-human identities and include who is responsible for each identity, and what each one is authorized to do'; (4) 'Treat MFA as a starting point, not a destination' by including 'phishing-resistant alternatives to SMS or push-based MFA' along with 'least privilege, micro-segmentation, and continuous monitoring'; and (5) 'Assume credentials may be compromised and architect accordingly.'
CSO OnlineCrowdStrike has expanded its ChatGPT Enterprise integration to provide deeper monitoring of how organizations use AI, including tracking user authentication, administrative changes, tool usage, and conversations. As AI becomes embedded in business operations across departments, security teams need visibility into not just who has access to ChatGPT Enterprise, but how the platform is actually being used and what data might be accessed. The expanded integration uses OpenAI's logging capabilities to detect suspicious activity like unusual login patterns and behavioral anomalies, shifting from just knowing the configuration of AI systems to actively monitoring their real-time usage.
Fix: Organizations can use CrowdStrike Falcon Shield's expanded ChatGPT Enterprise integration, which ingests and analyzes events from OpenAI's Compliance Logs Platform to provide continuous monitoring and detection. According to the source, this enables detection of suspicious authentication activity (malicious IP access, anonymized connections, unusual VPN sign-ins), behavioral anomalies (simultaneous logins from untrusted networks, unexpected browser or OS changes), and monitoring of administrative updates and GPT configuration changes. The integration correlates ChatGPT Enterprise activity with identity, device, and SaaS telemetry across the CrowdStrike Falcon platform to detect and respond to suspicious AI activity.
CrowdStrike BlogFix: Microsoft rolled out a patch on April 9, 2026 across all cloud environments. Following the fix, any attempt to assign ownership over non-agent service principals using the Agent ID Administrator role is now blocked and displays a "Forbidden" error message. Organizations are also advised to monitor sensitive role usage related to service principal ownership or credential changes, track service principal ownership changes, secure privileged service principals, and audit credential creation on service principals.
The Hacker NewsFix: The talkie team states they 'aspire to eventually move beyond this limitation' by using 'vintage base models themselves as judges to enable a fully bootstrapped era-appropriate post-training pipeline,' meaning they plan to use talkie's own historical knowledge rather than modern AI systems for future training adjustments. However, this is described as a future goal, not a solution currently implemented.
Simon Willison's WeblogOpenAI describes its safety approach for ChatGPT to prevent misuse for violence, threats, or harm. The system is trained to distinguish between harmful requests and legitimate questions about violence for educational or historical reasons, while using detection systems and expert guidance to identify concerning patterns across conversations and take action like revoking access when needed.
Over 600 Google employees, including many from DeepMind (Google's AI research lab), signed a letter asking CEO Sundar Pichai to prevent the Pentagon from using Google's AI models for classified purposes (secret military projects). The employees argue that the only way to ensure Google isn't associated with potential harms from such uses is to reject these classified projects entirely, since otherwise they could happen without employee knowledge or oversight.