New tools, products, platforms, funding rounds, and company developments in AI security.
Google is adding a new feature to Chrome called 'Skills' that lets you save your favorite Gemini prompts (instructions you give to AI) and reuse them across different webpages with a single click, instead of typing the same prompt repeatedly. This saves time when you want to perform the same AI task, like asking for vegan recipe substitutions, on multiple pages.
A developer claims to have reverse-engineered Google DeepMind's SynthID system, which is a watermarking technology that embeds hidden marks in AI-generated images to prove their origin. The developer says they can strip these watermarks from images or add fake ones, though Google disputes this claim.
This article discusses how AI companies like Anthropic use marketing to promote their capabilities, using Claude as an example of technology that may be overhyped despite being genuinely advanced. The piece cautions readers against getting swept up in marketing claims about AI's power without critical evaluation.
AI is transforming threat detection by processing massive amounts of security data and identifying suspicious patterns faster than humans alone, with 50% of threat detection platforms expected to use agentic AI (AI systems that can take independent actions) by 2028. Organizations are already automating routine tasks like alert review and investigation work, seeing 40-50% efficiency gains for lower-level security operations, while AI agents reduce alert fatigue by clustering similar alerts and prioritizing them based on risk.
A 20-year-old Texas man has been charged with attempted murder and federal felony charges after allegedly throwing a Molotov cocktail (a homemade incendiary weapon) at OpenAI CEO Sam Altman's San Francisco home and attempting to set fire to OpenAI's headquarters. Authorities found the suspect carrying documents that opposed AI development and called for violence against AI executives and investors. OpenAI and law enforcement officials condemned the violence, with OpenAI calling for debate through democratic processes rather than violence.
Daniel Moreno-Gama was arrested and charged with federal crimes after traveling from Texas to California and attacking OpenAI's facilities and CEO Sam Altman's home with a Molotov cocktail (an incendiary weapon made from a bottle of flammable liquid). He also attempted to break into OpenAI's headquarters and stated he intended to burn down the building and kill people inside. His charges include attempted destruction of property using explosives and illegal possession of a firearm.
A 20-year-old Texas man was arrested after throwing an incendiary device (a weapon designed to start fires) at OpenAI CEO Sam Altman's home and attempting to set fire to OpenAI's headquarters in San Francisco. Police found the suspect with an anti-AI document containing threats against Altman, multiple incendiary devices, and other materials, leading federal prosecutors to investigate whether this constitutes an act of domestic terrorism.
AI-generated influencers (fake people created using generative AI, the technology that can create images and text) are appearing in social media posts about Coachella festival, posing as real attendees and posting photos with celebrities. While fake attendance has happened before with real influencers, AI tools have now made it easy enough that AI-generated people are becoming common on social media.
OpenAI is revoking and rotating its macOS code-signing certificates (digital credentials that verify OpenAI apps are legitimate) after a malicious Axios package was executed in one of its GitHub Actions workflows (automated tasks that run on code repositories). Although OpenAI found no evidence the certificates were actually compromised, the company is treating them as potentially exposed and requiring all macOS users to update their OpenAI apps to versions signed with new certificates by May 8, 2026, when the old certificate will be fully blocked.
Goldman Sachs's CEO says he is closely aware of cybersecurity risks from Anthropic's Mythos AI model (an advanced large language model, which is an AI trained on large amounts of text data) and is working with Anthropic to improve cyber protection. The bank has been monitoring rapid advances in AI as part of its efforts to protect itself from hackers.
OpenAI's chief revenue officer sent an internal memo to employees emphasizing the need to build a 'moat' (competitive advantages that make it hard for customers to switch to competitors) around its AI products and focus on enterprise clients, as users currently find it easy to switch between different AI models depending on which one performs best at any given time.
Gemini Robotics-ER 1.6 is an upgraded AI model designed to help robots understand and reason about the physical world, enabling them to complete real-world tasks with better spatial awareness and precision. The model improves on previous versions by enhancing capabilities like pointing (identifying and locating objects), counting, reading instruments (such as gauges), and detecting when tasks are complete. It is now available to developers through the Gemini API (an interface for accessing the model) and Google AI Studio.
Microsoft is testing ways to integrate OpenClaw-style features into Copilot, its AI assistant, to make Microsoft 365 Copilot run autonomously (without human intervention) around the clock and complete tasks for users. OpenClaw is an open-source platform that allows users to create AI-powered agents (software programs that act independently to complete goals) that run locally on a user's device. Microsoft's corporate vice president confirmed the company is exploring these technologies for enterprise use.
Anthropic's new Mythos model is an AI designed for cybersecurity that can identify and exploit technical vulnerabilities better than most humans, but European regulators have been largely denied early access to it. The company limited initial access through Project Glasswing to a few US tech companies like Apple, Microsoft, and Amazon for security reasons, while most EU countries were excluded. European officials worry that private companies controlling access to such powerful technology raises concerns about national security and who should have influence over these systems.
AI models like Mythos are making cyberattacks faster and more dangerous by shortening the time between when security flaws are discovered and when attackers exploit them. Security leaders (CISOs, chief information security officers) need to prepare urgently for this new threat environment where attacks happen at high speed.
AI is moving from experimentation to production deployment in cybersecurity, and security leaders must treat it as a fundamental shift in how security operations work, not just an added tool. Attackers are using AI to conduct faster intrusions (some occurring in under 30 seconds), which exceeds the speed of human-only security responses, making AI deployment urgent for defenders. There is currently a limited window where defenders and attackers have roughly equal access to AI technology, but advantage will go to those who operationalize it most effectively and quickly.
OpenAI is expanding its Trusted Access for Cyber (TAC) program to provide AI tools to thousands of cybersecurity defenders and teams protecting critical software. The company has created GPT-5.4-Cyber, a specialized version of its AI model designed specifically for defensive cybersecurity work, and is implementing cyber-specific safeguards (built-in restrictions to prevent misuse) in model deployments. This effort aims to help defenders find and fix security vulnerabilities faster while preventing attackers from misusing the same AI capabilities.
Fix: The source explicitly mentions the following measures: cyber-specific safeguards included in model deployments starting in 2025; the Preparedness Framework (strengthened in 2023); identity verification and KYC (know-your-customer, a process to confirm who someone is) to control access to advanced capabilities; Codex Security tool to identify and fix vulnerabilities at scale; iterative deployment with continuous updates to models and safety systems based on learning about capabilities and risks; and improvements in resilience to jailbreaks (techniques that try to bypass AI safety restrictions) and other adversarial attacks.
OpenAI BlogAnthropic's Mythos is an AI system that can autonomously find and exploit vulnerabilities (security flaws in software) much faster than before, completing tasks in hours that previously took weeks or months. Security experts warn this represents a fundamental shift in cybersecurity, not an isolated incident, and that defenders must close the gap between how quickly vulnerabilities are discovered and how quickly organizations can patch and respond.
Fix: The AI Security Institute recommends that organizations strengthen security fundamentals by: regularly applying security updates, implementing robust access controls, securing security configuration, and maintaining comprehensive logging. The source also emphasizes that investment in cyber defense is vital now, before future AI models become even more capable.
CSO OnlineSecurity experts are warning that Anthropic's Claude Mythos introduction could trigger an "AI vulnerability storm," where many security weaknesses in AI systems are discovered and exploited rapidly. The Cloud Security Alliance is advising security leaders (called CISOs) to prepare for a surge in attacks targeting these newly-exposed vulnerabilities.
Fix: OpenAI is revoking and rotating the code-signing certificate. The company is working with Apple to ensure no future software can be notarized (verified as legitimate) with the previous certificate. The old certificate will be fully revoked on May 8, 2026, after which attempts to launch applications signed with it will be blocked by macOS protections. OpenAI advises users to update via in-app features or official download pages and to avoid installing software from links sent via email, ads, or third-party sites.
BleepingComputerAnthropic released Claude Mythos Preview, a new AI model with advanced cyberattack capabilities, and is withholding it from the public while running Project Glasswing to find and patch vulnerabilities before attackers exploit them. The model can write effective exploits (turning vulnerabilities into working attacks without human help) and find complex vulnerabilities by chaining together multiple bugs, representing a significant increase in AI-assisted cyberattack sophistication. While defenders currently have an advantage in finding vulnerabilities for patching purposes, this gap is expected to shrink as more powerful models become available.