New tools, products, platforms, funding rounds, and company developments in AI security.
1Password has acquired Apono, an Israeli company specializing in just-in-time access governance (a system that grants temporary, narrowly scoped permissions that are automatically removed after a task completes), for an estimated $250 million to $300 million. Apono's technology allows organizations to manage access for humans, machines, and AI agents by evaluating each permission request against policy before granting it, and for AI agents specifically, it monitors behavioral drift (unexpected changes in how the AI is acting) to detect misuse. This acquisition helps 1Password extend its identity security platform to provide more comprehensive access control across enterprise tools and cloud services.
Google's Vertex AI SDK for Python had a design flaw that could allow attackers to hijack and poison AI models through bucket squatting (creating cloud storage buckets with names matching those expected by other projects). An attacker who knew a victim's project ID and region could create a bucket with the same name, trick the SDK into uploading models there, replace the model with malicious code, and achieve RCE (remote code execution, where an attacker runs commands on a system they don't control) when the poisoned model was loaded using Python's pickle deserialization (a process that can execute hidden code in specially formatted data).
A 2026 analysis of 22,000 data breaches found that organizations cannot patch vulnerabilities fast enough to prevent attacks, with critical flaws taking a median of 43 days to fix and even top performers only remediating 30-40% of known exploited vulnerabilities (documented security gaps that attackers actively abuse) within a week. Ransomware now appears in 48% of breaches, with most victims choosing not to pay, but attackers are deliberately causing severe operational disruption to force faster decisions and maximize damage. Third-party breaches (incidents involving vendors or suppliers) have jumped 60% and now account for 48% of all breaches, requiring organizations to practice incident response scenarios they typically ignore.
China is promoting a different approach to AI safety and governance than the U.S., announcing plans for a global AI cooperation organization and emphasizing free or cheap AI models accessible to developing countries. Meanwhile, the U.S. and its Group of Seven allies are pursuing a more restrictive strategy, planning to limit access to advanced AI models to only "trusted partners" and keeping them subscription-only. The two countries previously agreed to work on AI guardrails (safety rules and limits), but details remain unclear.
Databricks is experiencing rapid revenue growth of over 80% as businesses use its data analytics tools, but profit margins are shrinking because AI agents (software programs that can perform tasks autonomously) are generating many more queries and consuming more resources. The company is addressing cost concerns by offering tools like Unity AI Gateway that help customers monitor their spending on AI tokens (units of text that language models process), allowing them to use expensive advanced models for important tasks while switching to cheaper open-source models for routine work.
Security experts have publicly objected to US export restrictions placed on Anthropic's Claude Fable 5 and Mythos 5 AI models, calling for the government to lift these bans. The criticism comes from an open letter signed by dozens of security professionals who believe these restrictions should be reversed.
A flaw in Google's Vertex AI SDK for Python allowed attackers to hijack machine learning model uploads through bucket squatting (creating a Cloud Storage bucket with a name the victim's SDK would predictably generate). Attackers could replace the uploaded model with malicious code that executes when the model loads, potentially stealing credentials and accessing other data in Google's infrastructure. The attack required only the victim's public project ID and no access to their account.
Anthropic, an AI company that has publicly advocated for government regulation of AI safety, received an export control directive from the Trump administration ordering it to suspend access to its latest Claude models (Fable 5 and Mythos 5) to foreign nationals, citing national security concerns. The directive was reportedly prompted by concerns that Amazon researchers had used prompts to get Fable 5 to generate information that could help with cyberattacks, and Anthropic disagreed with the suspension, calling it a 'misunderstanding' and characterizing it as not adhering to transparent, fair processes.
Tenet Security is a new startup that detects and stops dangerous behavior from AI agents (autonomous software systems that can make decisions and take actions on their own) in real time. The company uses a patent-pending technology with a lightweight runtime sensor that monitors operating system behavior, network calls, and the agent's reasoning, then predicts and blocks harmful actions before they happen. Tenet addresses a growing security gap where traditional tools cannot detect when malicious actors manipulate AI agents (a threat called 'agentjacking') or when agents malfunction on their own.
Fix: Google modified the affected workflow so that staging buckets are now validated before use, preventing attackers from registering bucket names that could be mistaken for resources belonging to other projects. The fixes were deployed in SDK versions 1.144.0 and 1.148.0, and users must upgrade to either of the patched versions.
CSO OnlineAI systems are now widely used in business for tasks like writing, coding, and automating workflows, but existing safety review processes weren't designed for this real-world deployment. An AI system can pass tests in controlled environments yet still fail or behave unpredictably when used in actual production (real work scenarios with actual data and users).
The US government disclosed 3,611 active or planned uses of AI across federal agencies, a 70% increase from the previous administration, including controversial applications like using AI to assess prisoner misconduct risk before violations occur and monitoring veterans' crisis calls to predict suicide risk. While some AI uses in government could theoretically be implemented responsibly, the disclosure provides minimal details about how these systems actually work, and public consultation is largely absent, making it difficult for citizens to understand or scrutinize these programs.
Stuart Russell, a leading AI safety researcher, warns that unrestricted development of unsafe AI systems poses serious risks to society. He highlights concerns about recursive self-improvement (RSI, where an AI system teaches itself to become smarter, creating a cycle of increasing capability), which Anthropic recently reported observing in early development stages.
OpenAI's GPT-5.4 AI system, connected to Maria (an autonomous chemistry lab), successfully improved a difficult chemical reaction called Chan-Lam coupling used in drug discovery. The AI independently designed and ran experiments, analyzed results, and proposed improvements that increased reaction yields from 16.6% to 25.2%, a finding that human chemists confirmed in the lab.
Cybersecurity researchers discovered 15 malicious plugins on the JetBrains Marketplace (a platform where developers download tools for their coding environment) that pretend to be AI coding assistants but secretly steal API keys (authentication credentials that allow access to paid AI services like OpenAI and DeepSeek). The stolen keys are sent to an attacker's server, and some keys are resold to other criminals in what appears to be an illegal monetization scheme. Additionally, two malicious Chrome extensions disguised as ad blockers are capturing users' conversations with various AI chatbots.
Organizations are finding that traditional risk management frameworks don't work well for AI systems because AI has unique failure modes and ethical complexities. A new generation of AI-specific frameworks, like ISO/IEC 42001 and NIST AI Risk Management Framework, has emerged to help organizations identify where AI can fail, implement safeguards, and demonstrate responsible AI use to regulators and customers. These frameworks are complementary tools that focus on different areas, such as governance, security controls, and regulatory compliance, so organizations should choose based on their specific gaps.
Fix: The source recommends that organizations conduct tabletop exercises (simulated incident response drills) that reflect real ransomware and third-party breach scenarios. Specifically, it states: 'Organizations that rehearse only the payment question are practicing the opening scene and skipping the rest of the play' and should instead practice 'sustaining operations without primary systems, coordinating with legal counsel and law enforcement, managing customer and investor communications under regulatory deadlines, deciding what to disclose and when.' For third-party breaches, the source advises: 'Tabletop exercises should simulate that friction. Participants should practice asking precise questions: What data of ours did you hold? What is the confirmed scope? What logs exist? How are you notifying other affected customers?' It also emphasizes practicing communication discipline with customers by 'communicating what you know and what y[ou do not know]' to build trust while avoiding premature attribution.
CSO OnlineAI company leaders from OpenAI, Anthropic, Google, and other major firms are attending the G7 summit in France to discuss frontier AI risks (advanced capabilities that pose potential dangers), infrastructure, and child safety. The meeting signals the growing geopolitical power of AI companies, as world governments now need their cooperation to make credible commitments on AI policy, especially after the U.S. imposed export controls on some AI models for national security reasons.
Microsoft claims that Defender for Office 365 catches most malicious emails before delivery and that adding extra email security tools provides minimal additional benefit (less than 0.05% improvement). However, security experts warn that these statistics can be misleading because even a single missed dangerous email can cause a serious incident, and Microsoft's metrics don't reveal how severe the threats that slip through actually are.
Anthropic shut down access to its Fable 5 and Mythos 5 AI models to comply with U.S. export control directives citing national security concerns, forcing all customers to lose access immediately. This incident highlighted a key risk for companies relying on closed-source AI models (proprietary systems run by companies rather than made publicly available), driving increased interest in open-source alternatives (AI models whose code is publicly available and can be downloaded and run on a company's own servers) that companies can control themselves.
Fix: Unity AI Gateway can notify people as they get close to using up their AI budgets. Companies are shifting from "tokenmaxxing" (using as many tokens as possible) to "value-maxxing" (optimizing efficiency), using frontier models for critical tasks and simple open-source models for mundane tasks.
CNBC TechnologyThis is a subscriber-only eBook collection from MIT Technology Review featuring six stories about how military organizations are using AI models to help make decisions. The stories were originally published between April 2025 and April 2026 and have been updated to reflect recent developments in military AI applications.
Cybersecurity researchers discovered a prompt (a text input) that bypasses ChatGPT's safety guardrails (built-in restrictions designed to prevent harmful outputs) and causes the AI to generate disturbing images. The episode explores what this vulnerability reveals about how AI systems are trained and how bad actors could potentially exploit these weaknesses.
Fix: Update the google-cloud-aiplatform SDK to version 1.148.0 or later, which adds bucket ownership verification to block bucket squatting. Additionally, explicitly set the staging_bucket parameter to a Cloud Storage location you control when uploading models, and check the SDK version wherever it runs (notebooks, CI/CD jobs, training pipelines, and production services).
The Hacker News