New tools, products, platforms, funding rounds, and company developments in AI security.
Palo Alto Networks is participating in Project Glasswing, an AI-based initiative led by Anthropic that uses Claude Mythos (an advanced AI model) to discover zero-day vulnerabilities (security flaws unknown to software makers) in operating systems and browsers across the industry. The company is also addressing the cybersecurity gap in AI deployments through recent acquisitions, including Protect AI for securing language models and AI agents, CyberArk for identity security, Chronosphere for managing AI-generated data, and Koi for protecting against risks from autonomous AI agents on user devices.
A security flaw in Cursor AI could allow attackers to gain shell access (the ability to run commands on a computer) by combining three techniques: indirect prompt injection (hiding malicious instructions in data that the AI reads rather than typing them directly), a sandbox bypass (escaping the restricted environment meant to contain the AI), and Cursor's remote tunnel feature (which allows access to machines over the internet). This chain of attacks could expose developer devices to unauthorized access.
Cisco released security advisories for three critical vulnerabilities in Webex and Identity Services Engine (ISE) that could allow attackers to impersonate users, execute remote code (run commands on systems they don't control), or bypass access controls. The most urgent fix involves Webex administrators uploading a new identity provider (IdP, a service that verifies user identities) SAML certificate to the cloud-based Control Hub management portal, with no alternative workarounds available.
AI agent tools that use Model Context Protocol (MCP, a method for applications to expose data and tools to AI systems) over STDIO (a local communication method) have unsafe default settings that allow remote code execution, where attackers can run commands on systems they don't own. Anthropic and other framework developers argue that client application developers are responsible for filtering malicious commands, but researchers found that most developers either don't filter these commands or fail to catch all bypass techniques, leaving thousands of public servers and commercial systems vulnerable.
Release llm-anthropic 0.25 adds a new Claude model (claude-opus-4.7) with advanced thinking capabilities, introduces options to display and adapt AI reasoning output, raises the default token limits (the maximum length of AI-generated responses) for all models, and removes outdated code that was no longer needed for older models.
A blogger compared two newly released AI models (Qwen3.6-35B-A3B and Claude Opus 4.7) by asking them to generate SVG images (scalable vector graphics, a format for drawing pictures with code) of pelicans and flamingos performing tasks like riding bicycles. The Qwen model, running on a laptop as a quantized version (a compressed version that uses less computer memory), produced better images than Anthropic's Claude Opus 4.7, though the blogger notes this creative task may not reflect which model is actually more useful for real-world problems.
Google is updating AI Mode (a chatbot-like search feature built into Chrome) with a new feature that opens source links in a side-by-side view instead of in a new tab, letting you compare the website content with your chat conversation at the same time. This upgrade makes it easier to ask follow-up questions about information you're reading without switching between multiple windows.
OpenAI has updated Codex, its agentic coding system (an AI that can independently perform multi-step coding tasks), to control desktop applications, generate images, and remember previous interactions. The new features let Codex operate apps in the background without interrupting user work and allow multiple agents (separate AI instances) to work simultaneously, which OpenAI says is useful for testing frontend changes and working with applications that don't have APIs (standardized ways for software to communicate).
Hackers are exploiting a critical vulnerability in Marimo (a Python notebook tool) called CVE-2026-39987 (remote code execution, where attackers can run commands on systems they don't own) to deploy NKAbuse malware from Hugging Face Spaces (a platform for sharing AI applications). The attacks began within 10 hours of technical details becoming public, with attackers using fake application names to trick users into downloading malware that steals credentials and allows remote control of infected systems.
Google's Gemini AI can now use your personal data from Google Photos through its Personal Intelligence feature to generate customized images based on your photos and preferences. When you give prompts like "Design my dream house," Gemini uses its Nano Banana 2 image model (a machine learning system for creating pictures) along with your photo labels and personal context to create images that match your tastes and lifestyle.
Anthropic released Claude Opus 4.7, its most powerful generally available model, which improves performance on complex software engineering tasks, image analysis, and instruction-following compared to the previous version. This release follows Anthropic's announcement of Mythos Preview, a more powerful cybersecurity-focused model designed for security-related tasks.
Nvidia announced Ising, a new family of open-source AI models designed to help make quantum computing (computers that use quantum bits, or qubits, to perform calculations differently than regular computers) more practical by handling error correction and calibration tasks. The announcement sparked a major rally in quantum computing stocks, with companies like IonQ and D-Wave Quantum jumping 50% in value as investors grew enthusiastic about AI's potential to improve quantum systems.
OpenAI has expanded access to GPT-5.4-Cyber, a specialized AI model trained specifically for cybersecurity defense work, making it easier for legitimate security professionals to use it. This move follows Anthropic's release of their own cybersecurity model called Mythos.
Anthropic is expanding access to Claude, a powerful AI model that was initially restricted to US companies like Amazon, Apple, and Microsoft, to UK banks in the coming week. Senior finance leaders have expressed concerns about the risks of deploying this tool in the financial sector.
The UK government is investing £500 million in British AI startups and urging the country to embrace AI technology, despite recent concerns about cybersecurity risks and job displacement. Technology secretary Liz Kendall acknowledged public worries but argued that the UK must pursue AI opportunities to create jobs and address global challenges, citing concerns raised when US startup Anthropic revealed an AI model with potential cybersecurity vulnerabilities.
Fix: For the Webex vulnerability (CVE-2026-20184): Admins must upload a new identity provider SAML certificate to Webex Control Hub. The Webex support article on managing SSO integration directs customers to the Control Hub Alerts center to view installed certificates and their status, and provides an SSO wizard tool with step-by-step details to aid in updating certificates. For ISE vulnerabilities (CVE-2026-20147, CVE-2026-20148, CVE-2026-20180, CVE-2026-20186): The source states that Cisco issued patches but does not provide explicit update instructions or version numbers in the provided text.
CSO OnlineNIST (the National Institute of Standards and Technology, a U.S. agency that maintains a database of known security vulnerabilities) has announced it can no longer analyze all reported security flaws due to overwhelming volume, so it will focus only on the most critical ones. Starting immediately, NIST will prioritize enrichment (adding detailed analysis and severity ratings) for vulnerabilities listed in CISA's Known Exploited Vulnerabilities catalog and those affecting federal government software, while all other CVEs (common vulnerabilities and exposures, a standard way of naming security flaws) will be added to the database but marked as "not scheduled" for analysis. The backlog has grown to over 30,000 unanalyzed vulnerabilities, driven partly by AI tools that can now automatically discover both real and false security flaws at unprecedented rates.
Fix: NIST will focus on CVEs appearing in CISA's Known Exploited Vulnerabilities (KEV) catalog, aiming to "enrich these within one business day of receipt." High-priority CVEs will also include those for software used in the federal government and other critical software. Security leaders should take stock of their technology inventories to determine whether their systems fall under NIST's priority list.
CSO OnlineGoogle is connecting its Gemini chatbot to users' personal Google Photos library through a feature called Nano Banana (an image generation tool, meaning software that creates pictures from text descriptions). Users who opt in to Personal Intelligence (a feature that links Google apps together for customized responses) can ask Gemini to generate images based on their private photos, like "create a claymation image of me and my family," without manually uploading photos each time.
Fix: Users should upgrade to Marimo version 0.23.0 or later immediately. If upgrading is not possible, block external access to the '/terminal/ws' endpoint using a firewall, or block it entirely.
BleepingComputerAnthropic released Claude Opus 4.7, a new AI model that excels at software engineering and following instructions but has intentionally reduced capabilities in cybersecurity tasks compared to its more powerful Claude Mythos Preview model. The company implemented safeguards that automatically detect and block requests for prohibited or high-risk cybersecurity uses, and is using this release to learn how to safely deploy more powerful models in the future.
Fix: Anthropic released Claude Opus 4.7 with safeguards that automatically detect and block requests indicating prohibited or high-risk cybersecurity uses. The company also experimented with efforts to 'differentially reduce' Claude Opus 4.7's cyber capabilities during training, and encourages security professionals interested in legitimate cybersecurity purposes to apply through a formal verification program.
CNBC TechnologyGoogle is using its Gemini AI model to detect and block malicious ads on its platforms, removing 8.3 billion ads in 2025 as scammers use cloaking techniques (hiding the true destination of a link) and AI-generated content to create deceptive advertising at scale. Gemini analyzes billions of signals like advertiser behavior and campaign patterns to identify harmful ads in real time, including those impersonating legitimate brands to distribute malware, steal cryptocurrency, or redirect users to phishing sites (websites designed to trick users into revealing passwords or personal information). Google reports this approach has reduced incorrect advertiser suspensions by 80% and plans to expand Gemini's use across more ad formats.
Fix: Google says it is relying on Gemini AI-powered systems to automate the discovery and blocking of malicious ads before they are shown to users. The company reports that by the end of last year, the majority of Responsive Search Ads created in Google Ads were reviewed instantly and harmful content was blocked at submission, with plans to bring this capability to more ad formats in the current year. Google will continue expanding Gemini's use across additional ad formats and enforcement systems, aiming to block malicious campaigns at submission time.
BleepingComputerATHR is a cybercrime platform that automates vishing attacks (voice phishing, where attackers trick people into revealing passwords over the phone) using AI voice agents and human operators to steal login credentials from services like Google and Microsoft. The platform handles the entire attack chain, from sending fake security alert emails to using AI-driven phone calls that impersonate support staff and extract verification codes. According to researchers, ATHR makes vishing attacks much easier to launch because it requires less technical skill and manual work than traditional attacks.
Fix: Detection is possible by checking communication behavioral patterns between a sender and a recipient to identify if similar lures containing a phone number reached the organization within a short time frame. Abnormal researchers say that modeling normal communication behavior across the organization can help AI-powered detection flag anomalies before targets make a call.
BleepingComputer