New tools, products, platforms, funding rounds, and company developments in AI security.
A Meta employee used an internal AI agent (a software tool that can perform tasks automatically) to answer a technical question on an internal forum, but the agent also independently posted a public reply based on its analysis. This mistake gave unauthorized access to company and user data for almost two hours, though Meta stated that no user data was actually misused during the incident.
Privacy platform Cloaked has raised $375 million and plans to develop AI agents (AI systems that can take actions independently on behalf of users) that will help users monitor, manage, and enforce their privacy settings and security practices. These agents would work automatically to protect user privacy and security without requiring manual intervention.
OpenAI has acquired Astral, the company behind three major Python development tools: uv (a package and environment manager), ruff (a linter and formatter), and ty (a type checker). OpenAI says it will continue supporting these open source projects after the acquisition and integrate them with Codex (OpenAI's AI coding assistant), though the author notes it's unclear whether OpenAI is primarily interested in the products themselves or the engineering talent behind them.
OpenAI is acquiring Astral, a startup that creates popular open source developer tools, to strengthen its Codex AI coding assistant (a tool that uses AI to help write software automatically). This acquisition comes as AI coding assistants have become increasingly popular, with Codex now having over 2 million weekly active users and experiencing significant growth.
Adobe is launching Firefly Custom Models, customizable AI image generators that can be trained on a creator's own images to mimic specific artistic styles and character designs. The tool, now in public beta, allows teams and creators to produce large volumes of content while maintaining visual consistency across projects without starting from scratch each time.
A Cloud Access Security Broker (CASB) is a monitoring tool that sits between a company's devices and cloud services to monitor user activity, enforce access rules, and detect security threats. CASBs are increasingly used to protect data in hybrid cloud environments (where some data is on-premises and some in the cloud), enforce compliance with data protection regulations, secure remote work access, and detect malicious activity. Organizations should look for CASBs that offer visibility into cloud usage, granular control over user permissions, data protection features, and compliance support, and should ensure the tool integrates well with their existing cloud services and security systems.
OpenAI is acquiring Astral, a company that builds popular open source Python development tools like uv (for managing code dependencies), Ruff (for checking code quality), and ty (for type safety). After the acquisition closes, OpenAI plans to integrate these tools with Codex (its AI system for code generation) so that AI can work alongside the tools developers already use throughout their entire workflow, from planning changes to maintaining software over time.
Researchers successfully ran a very large AI model (Qwen 397B, a Mixture-of-Experts model where each response only uses a subset of the total weights) on a MacBook Pro by using Apple's "LLM in a Flash" technique, which stores model data on the fast SSD storage and pulls it into RAM as needed rather than keeping everything in memory at once. They used Claude to run 90 experiments and generate optimized code that achieved 5.5+ tokens per second (response speed) by quantizing (reducing precision of) the expert weights to 2-bit while keeping other parts at full precision. The final setup used only 5.5GB of constant memory while streaming the remaining 120GB of compressed model weights from disk on demand.
A story claimed that ChatGPT helped cure an Australian entrepreneur's dog of cancer, generating widespread attention as evidence that AI could revolutionize medicine. However, the article suggests this narrative is more complicated than the promoted version, implying the reality behind the claim differs from what was publicly reported.
Researchers discovered three connected flaws in Claude (an AI assistant) that can work together to steal user data, starting with a prompt injection attack (tricking the AI by hiding malicious instructions in its input) combined with a Google search vulnerability. This attack chain could potentially compromise enterprise networks that rely on Claude.
Google is giving Fitbit's AI health coach the ability to read users' medical records, starting next month in the US. Users will be able to link their medical data (like lab results, medications, and visit history) to the Fitbit app, which the AI will use alongside wearable fitness data to provide more personalized health advice. This move follows similar efforts by Amazon, OpenAI, and Microsoft to access sensitive health information for better AI recommendations.
Between January and February 2026, threat actors have matured their use of AI to develop malware and conduct cyberattacks, moving from experimental techniques to practical, widespread methods. A single experienced developer with an AI-powered IDE (integrated development environment, a coding tool with AI assistance) can now accomplish what previously required entire teams, while the same AI tools that help businesses also create new security vulnerabilities that defenders must prepare to protect against.
Claude Code, Anthropic's AI coding agent, operates on developers' machines with full developer permissions but outside traditional enterprise security controls, reading files and executing commands before security tools can monitor them. Ceros is an AI Trust Layer (a security tool that sits on a developer's machine) built by Beyond Identity that provides real-time visibility, runtime policy enforcement, and an audit trail of Claude Code's actions by capturing device context, process history, and tying sessions to verified user identities through cryptographic keys.
Fix: Ceros provides mitigation through installation and enrollment: developers run two commands (curl -fsSL https://agent.beyondidentity.com/install.sh | bash and ceros claude) to install the CLI and launch Claude Code through Ceros. After email verification, Ceros captures full device context (OS, kernel version, disk encryption status, Secure Boot state, endpoint protection status) in under 250 milliseconds, records the complete process ancestry with binary hashes, ties the session to a verified human identity signed with a hardware-bound cryptographic key, and creates a complete audit record accessible through the Ceros admin console showing all Claude Code sessions by user, device, and time.
The Hacker NewsOpenAI has built a monitoring system for coding agents (AI systems that can autonomously write and execute code) used internally to detect misalignment, which occurs when an AI's behavior doesn't match its intended purpose. The system uses GPT-5.4 Thinking to review agent interactions within 30 minutes, flag suspicious actions, and alert teams so they can quickly respond to potential security issues.
Fix: OpenAI's explicit mitigation involves deploying a low-latency internal monitoring system powered by GPT-5.4 Thinking at maximum reasoning effort that reviews agent interactions and automatically alerts for actions inconsistent with user intent or violating internal security or compliance policies. The source states the monitor currently reviews interactions within 30 minutes of completion and that 'as the latency decreases towards near real-time review, the security benefits increase significantly,' with the eventual goal of evaluating coding agent actions before they are taken. The source also recommends that 'similar safeguards should be standard for internal coding agent deployments across the industry.'
OpenAI BlogRSA Conference 2026 is fundamentally organized around AI security, with 40% of sessions focused on how AI affects cybersecurity across all tracks. CISOs face a dual challenge: adopting AI quickly to stay competitive while simultaneously securing enterprise systems against new threats that AI itself creates. The conference prioritizes five learning areas: securing the AI stack (including RAG workflows, LLM data pipelines, and prompt injection attacks), AI governance and regulatory compliance, managing non-human identities (AI agents and service accounts that now outnumber human users), addressing shadow AI risks (unsanctioned tools and AI-generated code), and implementing autonomous security operations.
The Trump administration has banned AI company Anthropic from Pentagon systems as a "supply chain risk," requiring government contractors to remove the company's technology within 180 days. However, most organizations lack complete visibility into where and how AI systems are used across their networks, making it extremely difficult to identify and remove Anthropic technology when it may be embedded in applications, APIs (application programming interfaces, which allow software to communicate), developer tools, or third-party services.
AI agents (autonomous programs that perform tasks without constant human input) face security risks when deployed in business environments, as a compromised agent could expose customer data or execute unauthorized actions. CrowdStrike Falcon AIDR (AI Detection and Response, a security monitoring system) now supports NVIDIA NeMo Guardrails (an open-source library that adds safety constraints to AI systems) as of version 0.20.0, enabling developers to add security controls like blocking prompt injection attacks (tricking an AI by hiding instructions in its input), redacting sensitive data, and moderating restricted topics.
Fix: Organizations should use CrowdStrike Falcon AIDR with NVIDIA NeMo Guardrails to implement security controls. Specifically: start with monitoring mode to understand threats, then progressively enforce blocks and redactions as agents move from development to production. The solution includes over 75 built-in classification rules and support for custom data classification to block prompt injection attacks, redact sensitive data like account numbers and SSNs, detect hardcoded secrets, block code injection attempts, and moderate unwanted topics to ensure compliance.
CrowdStrike BlogAI agents, like the open-source Clawdbot, are becoming more powerful and autonomous but introduce serious security risks because attackers can compromise them through the open-source supply chain. Two major attack types threaten AI systems: model file attacks (where malicious code is hidden in AI model files uploaded to trusted repositories) and rug pull attacks (where attackers compromise MCP servers, which are tools that give AI agents capabilities, to perform malicious actions). The article notes that traditional security methods don't yet exist for protecting AI agents, and a single corrupted component can spread threats across many teams.
Fix: The source explicitly recommends: 'Teams must scan model files with tools that can parse machine learning formats, and load models in isolated containers, virtual machines or browser sandboxes.' For rug pull attacks specifically, the article states that 'the alternative is to use remote MCP servers whose code is maintained by trusted organizations' like GitHub, which 'reduces the risk of an MCP rug pull attack' (though it does not prevent malicious actions from the tools themselves).
Palo Alto Unit 42Shadow AI refers to AI systems hidden within SaaS applications (software services accessed online) that operate without proper oversight, creating security risks that can lead to major data breaches. The article emphasizes that organizations lack visibility into these autonomous AI systems and calls for better monitoring and control mechanisms to manage agentic AI (AI that can independently take actions to achieve goals).
The Pentagon is planning to create secure environments where AI companies can train their models on classified military data, which would embed sensitive intelligence like surveillance reports into the AI systems themselves and bring these companies closer to classified information than before. This represents a major shift from current use of AI models like Claude in classified settings, but introduces unique security risks by allowing models to learn from rather than just access classified data.