aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Industry News

New tools, products, platforms, funding rounds, and company developments in AI security.

to
Export CSV
2890 items

You’re about to feel the AI money squeeze

infonews
industry
Apr 23, 2026

Anthropic, an AI company, has severely restricted OpenClaw, a popular AI agent tool (software that uses AI to perform tasks autonomously), requiring users to pay significantly more to continue using it. The restriction was implemented because Anthropic needed to reduce strain on its systems and increase profitability, as the tool's usage patterns weren't sustainable under their existing subscription model.

The Verge (AI)

Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos

infonews
securityindustry

Google gets agent-ready for the Mythos age

infonews
securityindustry

Google drafts AI agents secure systems against AI hackers

infonews
securityindustry

Trailmark turns code into graphs

infonews
securityresearch

Microsoft launches ‘vibe working’ in Word, Excel, and PowerPoint

infonews
industry
Apr 23, 2026

Microsoft is releasing Agent Mode (previously called 'vibe working') in Office applications like Word, Excel, and PowerPoint, which is a more advanced version of Copilot (an AI assistant) that can actively perform tasks in documents rather than just answer questions. Previously, the AI models weren't powerful enough to let Copilot directly control applications, so it could only provide passive help like answering user questions.

Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?

highnews
securityresearch

GPT-5.5 System Card

infonews
safety
Apr 23, 2026

GPT-5.5 is a new AI model from OpenAI designed to handle complex work tasks like coding, research, and document creation with less user guidance than previous models. OpenAI conducted extensive safety testing including red-teaming (simulated attacks by security experts to find vulnerabilities) and feedback from nearly 200 early partners before release, and deployed it with what they describe as their strongest safeguards to date.

Introducing GPT-5.5

infonews
industry
Apr 23, 2026

OpenAI released GPT-5.5, a more intelligent AI model that can handle complex, multi-step tasks like coding, research, and data analysis with less human guidance than previous versions. The model matches the speed of its predecessor while performing at a higher level and using fewer tokens (individual pieces of text that the AI processes). OpenAI says it tested GPT-5.5 with safety experts and external reviewers before release to reduce misuse risks.

Can AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent System

infonews
securityresearch

Microsoft taps Anthropic’s Mythos to strengthen secure software development

infonews
securityindustry

Anthropic looks to hire six-figure role for negotiating data center deals to fuel Europe AI expansion

infonews
industry
Apr 23, 2026

Anthropic is hiring for a senior role to negotiate data center deals in Europe to support its AI expansion, as the company secures major infrastructure commitments like a $100+ billion spending plan with Amazon Web Services and capacity deals with Broadcom. The company is specifically targeting data center capacity in major European hubs (Frankfurt, London, Amsterdam, Paris, Dublin) and regions like the Nordics, where cheap energy makes AI infrastructure more affordable. This move reflects a broader industry trend, with Microsoft, OpenAI, and other AI companies also expanding their European data center operations.

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

infonews
securityindustry

GPT-5.5 Bio Bug Bounty

infonews
securitysafety

IBM CEO Krishna says Iran, other uncertainty is weighing on company's outlook

infonews
securityindustry

OpenAI now lets teams make custom bots that can do work on their own

infonews
industry
Apr 22, 2026

OpenAI has released workspace agents (AI systems that can independently perform tasks) for users on Business, Enterprise, Edu, and Teachers plans within ChatGPT. These agents can handle business tasks like gathering product feedback and drafting emails, building on growing interest in autonomous AI agents across the industry.

AI-powered defense for an AI-accelerated threat landscape

infonews
securitypolicy

Anthropic’s Mythos rollout has missed America’s cybersecurity agency

infonews
industry
Apr 22, 2026

Anthropic released Mythos Preview, an AI model designed to find and fix security vulnerabilities (weaknesses in software that attackers could exploit), and several US federal agencies are using it. However, CISA (the Cybersecurity and Infrastructure Security Agency, which is America's main government cybersecurity coordinator) reportedly does not have access to the tool, while other agencies like the Commerce Department and NSA do.

Google Meet will take AI notes for in-person meetings too

infonews
industry
Apr 22, 2026

Google's Gemini AI can now generate summaries and transcripts not just for Google Meet video calls, but also for in-person meetings, Zoom calls, and Microsoft Teams meetings. The feature, which was previously only available to early testers on Android devices, now works for both scheduled and impromptu meetings, and can be transitioned to a video call if remote participants need to join.

What is Mythos AI and why could it be a threat to global cybersecurity?

infonews
security
Apr 22, 2026

Anthropic, the company behind Claude chatbot, has decided not to release its new AI model called Mythos to the public due to cybersecurity risks. The company is investigating a report that unauthorized people may have gained access to Mythos, raising concerns about whether tech companies can adequately protect their most powerful AI systems from being misused.

Previous62 / 145Next
Apr 23, 2026

A Chinese cybersecurity company called 360 Digital Security Group claims to have discovered 1,000 vulnerabilities (weaknesses in software that attackers can exploit) using AI tools, including some vulnerabilities found at the Tianfu Cup hacking contest. The article compares these claims to myths about Claude (an AI system), suggesting skepticism about the actual capabilities being reported.

SecurityWeek
Apr 23, 2026

Google announced new AI agents and security tools designed to help security teams keep pace with the increasing number of vulnerabilities and cyber threats. The company introduced three new agents embedded in Google Security Operations (for threat hunting, detection engineering, and gathering external intelligence), expanded the Wiz security platform to monitor AI development across multiple clouds, and created tools like AI-BOM (AI bill of materials, an inventory of all AI components used in an organization) and Agent Gateway to secure interactions between AI agents. These moves represent a shift toward automated, agent-based defense rather than relying solely on human analysts.

Fix: Google's announced solutions include: three new AI agents in Google Security Operations for threat hunting and detection engineering (in preview); a threat intelligence enrichment agent (entering preview); expanded Wiz integration supporting AWS, Azure, Databricks, and agent studios like Gemini Enterprise Agent Platform; inline scanning of AI-generated code; AI-BOM for inventorying AI components to address shadow AI; Agent Identity and Agent Gateway for governance and policy enforcement; and deeper Model Armor integrations to mitigate prompt injection (tricking an AI by hiding instructions in its input) and data leakage risks.

CSO Online
Apr 23, 2026

Google announced new AI agents and security tools designed to help security teams defend against AI-based attacks, particularly in response to threats like Anthropic Mythos. The company introduced three new agents within Google Security Operations to automate threat detection and response, expanded the Wiz platform to provide visibility across multiple cloud environments and AI development tools, and created new security measures like AI-BOM (a system that catalogs all AI components used in an organization) and Agent Gateway to govern how AI agents interact with each other and enforce security policies.

Fix: Google's explicit mitigations include: (1) Three new AI agents in Google Security Operations for threat hunting, detection engineering, and third-party context enrichment, now in or entering preview; (2) Wiz expansion supporting AWS, Azure, Databricks, AWS Agentcore, Gemini Enterprise Agent Platform, Microsoft Azure Copilot Studio, and Salesforce Agentforce with inline scanning of AI-generated code and AI-BOM inventory; (3) Agent Identity and Agent Gateway for governance and policy enforcement; (4) Deeper integrations for Model Armor to mitigate prompt injection (tricking an AI by hiding instructions in its input) and data leakage; (5) Reworked bot and fraud detection through Google Cloud Fraud Defense to distinguish between humans, bots, and AI agents.

CSO Online
Apr 23, 2026

Trailmark is an open-source library that converts source code into a queryable call graph (a visual map of how functions and classes connect to each other) that AI systems like Claude can analyze directly. Rather than examining code as flat lists of findings, Trailmark lets AI reason about code structure as a graph, making it better at identifying security risks like whether untrusted input can reach vulnerable code.

Trail of Bits Blog
The Verge (AI)
Apr 23, 2026

Anthropic's Project Glasswing uses an AI model called Mythos that is extraordinarily effective at finding software vulnerabilities, discovering bugs that humans missed for decades and even chaining multiple bugs together into working exploits. However, the critical problem is that fewer than 1% of vulnerabilities Mythos finds are actually patched, revealing a massive gap between how fast AI can discover security flaws (machine speed) and how fast human teams can fix them (calendar speed, typically four days per cycle).

The Hacker News
OpenAI Blog
OpenAI Blog
Apr 23, 2026

Researchers at Palo Alto Networks built an autonomous multi-agent AI system called Zealot to test whether AI could independently perform cloud attacks. The system successfully chained together multiple exploitation techniques (SSRF, credential theft, and data theft) against a test Google Cloud environment, demonstrating that AI acts as a force multiplier for known cloud misconfigurations rather than creating entirely new vulnerabilities.

Palo Alto Unit 42
Apr 23, 2026

Microsoft is integrating Anthropic's Mythos, an advanced AI model, into its Security Development Lifecycle to help find software vulnerabilities (security flaws in code) and strengthen code earlier in development. While this move signals that AI is becoming central to how major software companies build secure products, analysts note that powerful AI models like Mythos could also make it faster for attackers to find and exploit vulnerabilities, raising concerns about the dual-use nature of these tools.

CSO Online
CNBC Technology
Apr 22, 2026

Claude Mythos, an AI model from Anthropic, discovered 271 vulnerabilities in Firefox 148, more than ten times what previous AI tools found, demonstrating AI's growing ability to uncover security bugs at scale. All 271 flaws were fixed in Firefox 150's release. While the AI isn't finding entirely new types of bugs, it's closing gaps in vulnerability detection that fuzzing (automated testing that uncovers bugs in source code) and human teams had previously missed, potentially shifting the balance in favor of defenders.

Fix: All 271 vulnerabilities discovered in Firefox 148 have been fixed in Firefox 150.

CSO Online
Apr 22, 2026

OpenAI is running a bug bounty program called the Bio Bug Bounty for GPT-5.5, inviting security researchers to find universal jailbreaks (methods to bypass safety restrictions with a single prompt) that can defeat five biology safety questions. The program offers $25,000 for the first successful universal jailbreak and smaller awards for partial results, with applications open from April 23 to June 22, 2026 and testing running through July 27, 2026.

OpenAI Blog
Apr 22, 2026

IBM CEO Arvind Krishna stated that geopolitical uncertainty, particularly the Iran conflict, is causing the company to provide cautious financial guidance despite beating first-quarter earnings expectations. He also expressed concerns about potential economic slowdowns affecting consumer spending and European growth, though he noted IBM's Middle East business performed well. Additionally, Krishna discussed how new AI models like Anthropic's Mythos, which can find security vulnerabilities at unprecedented speed, will likely be replicated by competitors and pose significant cybersecurity concerns that have caught the attention of U.S. government officials.

CNBC Technology
The Verge (AI)
Apr 22, 2026

AI models can now autonomously discover vulnerabilities and create working exploits, which compresses the time between when a weakness is found and when it's attacked. However, the same AI capabilities that help attackers can also help defenders by accelerating vulnerability discovery and reducing response time. Microsoft is partnering with AI model providers and using tools like advanced models to identify security issues faster and deploy fixes through their existing update processes.

Fix: Microsoft states it will incorporate advanced AI models directly into its Security Development Lifecycle (SDL) to identify vulnerabilities and develop mitigations and updates. Mitigations are handled through the Microsoft Security Response Center (MSRC) processes, including Update Tuesday (the regular monthly security update distribution) and out-of-band updates when needed. For customers using Microsoft PaaS and SaaS cloud services, mitigations and updates are applied automatically. For customers deploying on their own infrastructure, staying current on all security updates is described as a fundamental requirement. Microsoft will also deploy detections to Microsoft Defender when updates are released and share details through the Microsoft Active Protections Program (MAPP) to help partners mitigate risk.

Microsoft Security Blog
The Verge (AI)
The Verge (AI)
The Guardian Technology