New tools, products, platforms, funding rounds, and company developments in AI security.
OpenAI's Instant Checkout feature, which let users buy products directly in ChatGPT, struggled with technical problems and is being replaced with dedicated retailer apps that redirect users to the retailers' own websites. The main issues were that onboarding merchants was difficult, the AI often had outdated or inaccurate product information (because it relied on web scraping, automatically collecting data from websites), and the overall shopping experience fell short of what users needed.
Fix: OpenAI is moving Instant Checkout to a new Apps format within ChatGPT where purchases can happen more seamlessly, and is prioritizing better search and product discovery features in the chatbot. The company is now working with retailers to create dedicated apps that reroute users to the retailer's own website to complete purchases, giving those companies more control of the customer experience and transaction process.
CNBC TechnologyThe Trump administration released a national policy framework for AI that aims to create uniform federal safety and security rules while preventing individual states from creating their own AI regulations. The framework covers six areas including child safety online, AI data center standards, intellectual property rights, and preventing AI from being used to censor political speech, with the administration seeking to turn it into law this year.
This brief news roundup mentions several cybersecurity topics including vulnerabilities discovered in KVM devices (virtualization software that lets one computer run multiple operating systems), issues with Claude AI, and activity by The Gentlemen ransomware group (malicious software that encrypts files and demands payment). However, the source provides no detailed information about what these vulnerabilities are or how they affect users.
Google Search is now using AI to generate its own headlines in search results instead of showing the original headlines from websites. This changes Google's traditional approach of displaying exact content from websites, and in some cases the AI-generated headlines alter the meaning of the original stories.
Atlassian laid off 1,600 workers (about 10% of its workforce) with little warning, including staff who were building AI features into the company's products. The company cited the need to become more agile, invest further in AI, and break even, as its market value had dropped significantly from US$77 billion in 2021 to about US$13 billion by early 2025. Affected employees report feeling blindsided by the redundancies, which came despite strong performance and without clear explanations, and they struggled with unclear communication about severance packages and next steps.
Amazon is developing a smartphone codenamed 'Transformer' focused on its Alexa AI assistant, though Alexa won't necessarily be the main operating system. The project is being led by J Allard's team within Amazon's ZeroOne group, and they are exploring both full smartphone and stripped-down 'dumbphone' designs.
This technology news roundup covers OpenAI's plan to build an autonomous AI researcher (a fully automated agent-based system that can solve complex problems independently), with an AI research intern prototype expected by September 2026 and a full multi-agent system by 2028. The article also covers various AI-related developments including regulatory actions, security concerns, energy challenges, and corporate investments in AI technology across multiple sectors.
Law enforcement agencies in North America and Germany shut down two major botnets called 'Aisuru' and 'Kimwolf' that were used to conduct DDoS attacks (distributed denial-of-service, where attackers overwhelm websites or apps by flooding them with fake requests). The criminal network targeted poorly secured internet-connected devices like routers and cameras, with 'Aisuru' responsible for one of the largest known DDoS attacks at 31.4 terabits per second.
Resident Evil is a horror video game franchise created by Capcom that debuted in 1995 and has become one of the most successful game series ever, selling over 180 million copies worldwide across 11 main games plus numerous spinoffs, remakes, and adaptations in other media. The franchise succeeded by focusing on player vulnerability rather than power, which contrasted with the arcade-style action games popular at the time, and its characters and monsters have become iconic elements that influenced broader video game design. The article examines how the series has managed to remain relevant and frightening to players for three decades despite rapid changes in the gaming industry.
OpenAI is combining its web browser, ChatGPT app, and Codex app (a tool for writing and understanding code) into a single desktop application to simplify the user experience and reduce fragmentation across its products. The company is refocusing its efforts on high-productivity use cases and avoiding distractions as it prepares for a potential IPO.
OpenAI is building a desktop 'superapp' that combines its ChatGPT chat application, Codex AI coding tool, and Atlas AI-powered browser into a single application. The company is making this change to reduce product fragmentation (having too many separate tools) that has slowed development and made it harder to meet quality standards.
Oasis Security has raised $120 million in funding to develop agentic access management, a security approach for controlling what AI agents (autonomous programs that can take actions on their own) are allowed to do. The company plans to use this funding to improve its products, expand support across different AI frameworks (the underlying libraries and tools used to build AI systems), and grow its sales team.
Google will no longer accept AI-generated bug reports for its open-source software vulnerability reward program because many contain hallucinations (false or made-up details about how vulnerabilities work) and report bugs with low security impact. To address the problem of overwhelming AI-generated submissions across the open-source community, Google and other major AI companies (Anthropic, AWS, Microsoft, and OpenAI) are contributing $12.5 million to the Linux Foundation to fund tools that help open-source maintainers filter and process these reports.
Fix: Google now requires higher-quality proof, such as OSS-Fuzz reproduction (automated testing that demonstrates the bug) or a merged patch (code fix already accepted into a project), for certain tiers of bug reports to filter out low-quality submissions. The $12.5 million in funding managed by Alpha-Omega and the Open Source Security Foundation (OSSF) will be used to provide AI tools to help maintainers triage and process the volume of AI-generated security reports they receive.
CSO OnlineCTI-REALM is Microsoft's open-source benchmark that evaluates AI agents on their ability to perform end-to-end detection engineering, which means taking cyber threat intelligence reports and turning them into validated detection rules (KQL queries and Sigma rules) that can actually catch attacks in real environments. Unlike existing benchmarks that only test whether AI can answer trivia about threats, CTI-REALM tests whether AI agents can do what security analysts actually do: read threat reports, explore system data, write and refine queries, and produce working detection logic scored against real attack telemetry across Linux, Azure Kubernetes Service, and Azure cloud platforms.
Agentic AI (AI systems that can take independent actions to accomplish goals) is rapidly spreading through organizations, with 80% of Fortune 500 companies already using agents, but these systems can become security risks if compromised into acting against their owners. Microsoft is addressing this challenge by introducing Agent 365, a control system that gives IT and security teams the ability to observe, control, and protect agents across their organization, along with new security tools in Microsoft Defender, Entra (identity management), and Purview (data governance).
Fix: Agent 365 will be generally available on May 1 and serves as 'the control plane for agents,' providing 'visibility and tools needed to observe, secure, and govern agents at scale.' It includes new capabilities in Microsoft Defender, Entra, and Purview to 'secure agent access, prevent data oversharing, and defend against emerging threats.' Additionally, Security Dashboard for AI (now generally available) provides 'unified visibility into AI-related risk across the organization,' and Entra Internet Access Shadow AI Detection (generally available March 31) 'uses the network layer to identify previously unknown AI applications and surface unmanaged AI usage.'
Microsoft Security BlogOpenAI is shifting its research focus toward building an AI researcher, a fully automated agent-based system (software that can act independently to complete tasks) capable of tackling complex problems in math, physics, biology, and other fields without human intervention. The company plans to release an autonomous AI research intern by September 2024, with a more advanced multi-agent system (multiple AI agents working together) by 2028. OpenAI's chief scientist says the goal is to create systems that can work for extended periods with minimal human guidance, eventually enabling "a whole research lab in a data center."
A survey by Anthropic of about 81,000 people across 159 countries found that people in Sub-Saharan Africa and Asia are more optimistic about AI than those in Western Europe and North America, with most respondents hoping AI will help them earn money and be more productive at work. However, independent workers like entrepreneurs have benefited far more from AI than salaried employees, and concerns about job displacement affect about 22% of respondents as agentic AI (AI systems that can perform complex tasks with minimal human direction) becomes more capable.
Cybercriminals are using AI to launch more effective attacks, including personalized phishing emails, deepfakes, and malware that mimics normal user behavior to evade traditional security tools. Traditional detection methods like signature-based detection (identifying threats by their known code patterns) and rule-based systems (using preset thresholds for suspicious activity) fail against these AI-enabled attacks because the malware constantly changes and the criminal behavior blends in with legitimate activity. The source emphasizes that organizations need to shift from rule-based monitoring to behavioral analytics using dynamic, identity-based risk modeling that can detect inconsistencies in real time.
A Meta employee asked an AI agent for help with an engineering problem on an internal forum, and the AI's suggested solution caused a large amount of sensitive user and company data to be exposed to engineers for two hours. This incident demonstrates a risk where AI systems can inadvertently guide people toward actions that create security problems, even when the person following the guidance has good intentions.
A researcher at the RSAC 2026 Conference argued that MCP (the Model Context Protocol, a system that lets AI models access external tools and data) introduces security risks into LLM (large language model) environments that are built into its fundamental design and cannot be easily fixed with patches. The core problems are architectural rather than simple bugs that updates could resolve.