New tools, products, platforms, funding rounds, and company developments in AI security.
Claude, an AI assistant, discovered a critical remote code execution (RCE, where an attacker can run commands on a system they don't own) vulnerability in Apache ActiveMQ that had gone undetected for 13 years. The bug allows attackers to trick ActiveMQ's management API into loading a malicious file from the internet and executing arbitrary commands, especially if default login credentials are still in use. Claude identified the complete exploit chain in about 10 minutes, a task that would have taken a human researcher roughly a week.
Fix: CVE-2026-34197 has been addressed in newer ActiveMQ Classic releases (version 6.2.3 and 5.19.4). Users must upgrade to these patched versions to be protected.
CSO OnlineMicrosoft is removing Copilot buttons (shortcuts to access its AI assistant) from several Windows 11 apps, including Notepad and Snipping Tool, replacing them with alternative menus like "writing tools." The underlying AI features remain available, but the company is reducing the number of ways users can directly access Copilot across its applications.
CMMC 2.0 (Cybersecurity Maturity Model Certification 2.0) requires federal contractors to prove they protect controlled unclassified information (CUI, sensitive government data) through documented safeguards that work consistently under assessment, shifting from simple self-attestation to verified accountability. A major challenge is that organizations struggle to identify all systems and data subject to CMMC requirements, and manual processes for administrative controls (like access reviews and training records) create inconsistencies and scattered evidence across email and spreadsheets. The source argues that automation through workflow engines can standardize and consistently execute compliance controls while generating verifiable evidence automatically.
Alibaba is investing $290 million in ShengShu, a startup developing world models (AI systems trained on videos and physical scenarios rather than just text) to better understand and replicate the real world. This shift reflects growing recognition that large language models (LLMs, which are AI trained mainly on text data) have limitations, and companies are now focusing on AI that can work with robots and other systems that need to understand physical reality.
OpenAI sent a memo to investors criticizing Anthropic, its main rival in the AI market, saying Anthropic is limited by compute constraints (the computing power needed to train and run AI models). OpenAI claims it will have significantly more computing capacity than Anthropic by 2030, giving it a competitive advantage in developing more capable AI models and lowering costs. Both companies are competing intensely in the large language model (LLM, an AI trained on vast amounts of text to generate human-like responses) market and preparing for potential public stock offerings.
OpenAI has released features that let you customize how ChatGPT behaves by using custom instructions (settings that tell ChatGPT about your role and preferred communication style) and memory (which stores information you want ChatGPT to remember across conversations). These personalization tools help ChatGPT work more like a reliable teammate by building context over time, so you don't have to repeat the same information every time you chat.
ChatGPT can help finance teams reduce overhead by organizing messy data, drafting reports, and standardizing recurring tasks like variance analysis and forecasting. Rather than replacing financial judgment, it speeds up formatting, rewriting, and workflow setup by structuring problems, improving clarity in communication, and creating consistent templates that teams can reuse across cycles.
ChatGPT allows you to upload various file types (CSV, XLSX, PDF, DOCX, images, and more) directly into conversations to analyze, edit, and generate content without switching applications. You can ask the AI to summarize reports, visualize data, rewrite documents, or extract information, and some versions support apps that let ChatGPT access third-party tools for additional context.
This article describes how ChatGPT can help with brainstorming by quickly generating ideas, organizing them into clear themes, and turning rough directions into executable plans. The AI acts as a thought partner to overcome common brainstorming obstacles (too few or too many unstructured ideas) by expanding options, adding structure through frameworks, and helping test plans for weaknesses.
This document explains how to use ChatGPT for workplace writing tasks like drafting emails, reports, and announcements. ChatGPT works best when you give it clear goals, raw material (like notes or bullet points), specific constraints (such as word limits or tone), and iterate with targeted feedback rather than asking for completely new drafts each time.
ChatGPT is a conversational AI assistant built on large language models (AI systems trained on vast amounts of text to recognize patterns and generate responses) that helps users think, write, and solve problems by accepting prompts, which are questions or instructions you give it. To use ChatGPT effectively, start with simple tasks like drafting, brainstorming, or summarizing, then gradually move toward more structured setups using tools like Projects or custom GPTs for tasks you do repeatedly.
This document provides prompt templates that help healthcare providers use AI to assist with clinical tasks like diagnostic workup planning, differential diagnosis generation, treatment planning, clinical documentation, and patient counseling. The templates are designed to guide AI systems to produce structured, clinically relevant outputs for various medical scenarios and specialties.
This is a marketing document from OpenAI describing how ChatGPT can help customer success teams (people who manage client relationships and ensure clients get value from software) reduce administrative work by organizing scattered customer information into structured outputs like plans, summaries, and follow-up messages. The document outlines use cases such as onboarding, account health monitoring, meeting preparation, and renewals, emphasizing that ChatGPT works best when teams use it both for research (understanding account situations) and content creation (communicating plans clearly).
ChatGPT can analyze data files (like CSV or Excel spreadsheets) by letting you upload them and ask questions in plain language, helping you explore raw data and find insights without building formulas or dashboards manually. The tool is most useful early in analysis, when you're discovering patterns and anomalies, and it can generate visualizations and summaries to share with others. To get reliable results, you should frame your decision clearly, provide context about your data, ask for structured approaches rather than just answers, and verify key numbers before acting on the findings.
ChatGPT Projects are dedicated spaces that let you organize chats, files, instructions, and background information for ongoing work in one place, so you don't have to repeat context or search through old conversations. Projects are most useful for work that continues over time, like research, writing with multiple drafts, or shared collaboration, while quick single tasks may not need a project. On some plans, you can invite other people to collaborate and use project-only memory to keep one area of work separate from others.
ChatGPT can generate original images from text descriptions, allowing users to quickly create and iterate on visual concepts. To get good results, write clear prompts (1-3 sentences) that specify the image's purpose, main subject, setting, and visual style, using direct language like 'soft natural light from the left' rather than vague phrases. The best way to improve images is through small, targeted revisions focusing on one element at a time, with clear spatial language and specific instructions for text or layout details.
This document is not about an AI/LLM security issue, vulnerability, or technical problem. Instead, it is a list of business process skills (reusable AI-assisted workflows) organized by department, such as marketing campaign builders, sales call summarizers, and financial report drafters. Each skill is designed to automate routine business tasks by converting input data into standardized outputs.
AI browser extensions are a major security blind spot in enterprises because they operate inside browsers with direct access to user data, passwords, and cookies while bypassing traditional security monitoring tools like DLP (data loss prevention, which blocks sensitive information from leaving a network) and SaaS logs. The report shows AI extensions are significantly riskier than regular extensions: they are 60% more likely to have CVEs (known software vulnerabilities), 3 times more likely to access cookies, and 6 times more likely to increase their permissions over time, yet 99% of enterprise users have at least one extension installed with little organizational visibility into which ones exist or what they can access.
N/A -- The provided content does not contain substantive information about a specific AI or LLM security issue. It appears to be metadata and navigation elements from Bruce Schneier's security blog, listing essay titles and tags rather than discussing an actual technical problem or vulnerability.
Fix: Use automated workflows and workflow engines to execute CMMC-related controls. Specifically, "Workflow engines can schedule tasks, route them to responsible owners, enforce approvals and capture outcomes in standardized formats" so that "evidence collection becomes a byproduct of normal operations instead of a separate, reactive effort." Automation enables recurring access reviews to run on a schedule rather than manual reminders, and standardizes control application across teams and regions so deviations are visible in logs.
CSO OnlineUS Treasury Secretary Scott Bessent summoned major American bank leaders to a meeting in Washington to discuss cybersecurity risks from Anthropic's new Claude Mythos AI model. Federal Reserve Chair Jerome Powell attended the meeting, which was called after Anthropic released the model and warned it poses unprecedented cybersecurity threats.