New tools, products, platforms, funding rounds, and company developments in AI security.
The OpenAI Foundation announced plans to invest at least $1 billion over the next year in areas including life sciences, disease curing, job creation, AI resilience (making AI systems more reliable and safe), and community programs. The Foundation aims to use AI to solve humanity's biggest problems, such as speeding up medical breakthroughs and disease research, while also preparing society for challenges that advanced AI systems may present.
OpenAI has expanded ChatGPT's shopping features by improving the Agentic Commerce Protocol (ACP, a system that connects ChatGPT to product data), allowing users to visually browse products, compare them side-by-side, and refine searches conversationally based on budget and preferences. The update, rolling out to all ChatGPT users this week, reduces the time spent searching multiple websites by delivering relevant, up-to-date product information in one place.
Mandiant's 2025 incident investigations reveal that attackers are becoming more sophisticated and specialized, with two distinct strategies: criminal groups focusing on quick impact and recovery denial, while espionage groups prioritize staying hidden for months using edge devices and native network tools. Key findings show that the time between initial network access and handoff to secondary attackers collapsed from over 8 hours in 2022 to just 22 seconds in 2025, and attackers have shifted from email phishing (6% of intrusions) to voice phishing (11%), suggesting that adversaries are adapting faster than traditional security controls can detect them.
AWS Bedrock is Amazon's platform for building AI applications that connect foundation models (pre-trained AI systems) to enterprise data and systems like Salesforce and SharePoint. Researchers discovered eight attack vectors that allow attackers to exploit this connectivity, including log manipulation (hiding their tracks in audit logs), knowledge base compromise (stealing enterprise data), agent hijacking (taking control of autonomous AI agents), and prompt poisoning (corrupting AI instructions).
AI influencers are becoming a serious commercial industry, with new awards like an 'AI Personality of the Year' contest emerging alongside AI beauty pageants and music competitions. The contest, backed by companies like OpenArt, Fanvue, and ElevenLabs, aims to recognize the creative work and growing cultural influence of AI influencers.
Honeypots are fake servers designed to trick attackers into revealing their methods by making them think they've found real company data. Traditionally expensive and difficult to maintain, honeypots have become much more effective and affordable by pairing them with LLMs (large language models, AI systems that understand and generate text), which can dynamically create realistic fake environments that keep attackers engaged longer.
Modern cyberattacks happen at machine speed, faster than traditional security teams can respond, creating a gap between fast-moving threats and human-paced defenses. CrowdStrike addresses this with agentic MDR (managed detection and response, a service where automated systems and human experts work together to detect and stop attacks) and SOC Transformation Services, which combine automated threat response with human oversight to achieve faster breach containment while maintaining accountability and governance.
Fix: CrowdStrike's agentic MDR (delivered through Falcon Complete) provides deterministic automation (rule-based responses that execute the same way every time) within expert-defined guardrails, adaptive AI agents that learn from live adversary behavior, and elite human analyst oversight. The service delivers a 1-minute median time to contain (MTTC). Additionally, CrowdStrike offers SOC Transformation Services to help organizations establish foundational operating conditions for agentic SOC operations by modernizing SIEM (security information and event management, a system that collects and analyzes security data), data pipelines, workflows, and talent models.
CrowdStrike BlogPalo Alto Networks updated its Prisma AIRS security platform to help organizations discover and protect AI agents (independent software programs that perform tasks automatically) across their IT environments, including scanning for vulnerabilities and simulating attacks. As companies rapidly deploy AI agents in business applications, the platform adds new security features like Agent Artifact Security, which maps an agent's structure and finds weaknesses, and AI Red Teaming for Agents, which simulates realistic attacks to identify risks and recommend security policies.
Fix: Prisma AIRS 3.0 provides discovery of AI agents across cloud environments, SaaS platforms, and local endpoints; Agent Artifact Security to scan agent architecture for vulnerabilities; and AI Red Teaming for Agents to simulate context-aware attacks and recommend runtime security policies. Prisma Browser includes the ability to discover user-generated AI activity, enforce content-aware boundaries on agents, prevent sensitive data leakage to unmanaged AI tools, identify and block prompt injection attacks (malicious instructions hidden in website content designed to hijack AI agents), and provide real-time distinction between human and automated AI actions.
CSO OnlineOpenAI has launched a Library feature for ChatGPT that automatically saves files you upload (documents, images, spreadsheets, etc.) to a secure cloud storage location for future reference. The feature is available to ChatGPT Plus, Pro, and Business subscribers worldwide except in the European Economic Area, Switzerland, and the United Kingdom, and files remain saved to your account until you manually delete them.
Fix: To delete files from Library, select the file in the Library tab, click Delete or the trash icon next to the file. OpenAI will remove files from its servers within 30 days of deletion. Note that deleting a chat containing a file does not automatically delete those files saved to Library, so manual deletion from the Library tab is required.
BleepingComputerOpenAI disclosed in an investor document that its heavy dependence on Microsoft for financing and computing resources poses a business risk, noting that if Microsoft ends their partnership or OpenAI cannot diversify its business partners, the company's operations and finances could suffer. The document also highlighted other risks including massive capital spending requirements, reliance on chip suppliers like Taiwan Semiconductor Manufacturing Company, and potential geopolitical disruptions to the global chip supply chain.
A 2026 Mandiant security report shows that attackers are operating faster and more collaboratively, with hand-offs between threat groups now happening in 22 seconds instead of 8+ hours. Attackers are shifting tactics away from email phishing (6% of attacks) toward voice phishing (11%) and other interactive social engineering, while increasingly targeting recovery systems through 'recovery denial' ransomware to prevent organizations from restoring after breaches.
Varonis Atlas is an AI security platform that helps organizations discover, monitor, and protect AI systems across their enterprise, from custom AI models to chatbots and AI agents. The platform addresses a major security gap: most organizations don't know which AI systems they have, what data those systems can access, or whether they're compliant with regulations, creating risks since AI agents can read and modify data at machine speed. Atlas covers the entire AI security lifecycle through features like continuous AI discovery, posture management (vulnerability and misconfiguration assessment), runtime protection, and compliance reporting.
Grammarly (now part of Superhuman) launched a feature called Expert Review in August that used AI to create cloned versions of real journalists and writers, including the interviewer, without their permission to provide writing suggestions. The company faced backlash and legal action, ultimately killing the feature entirely and offering an opt-out option.
Fix: Superhuman responded by first offering an email-based opt out and then killing the feature entirely.
The Verge (AI)As companies convert traditional data centers into AI factories (facilities that produce and run large language models, or LLMs) to generate revenue and gain competitive advantages, they face new security risks. Check Point has created a blueprint architecture (a detailed security design plan) to help enterprises protect these AI data centers as the market grows significantly from $236 billion in 2025 to $934 billion by 2030.
Companies are quickly adopting AI tools to improve productivity and gain business advantages, but this creates new security risks. AI tools often access sensitive company data like customer records and emails, and employees may use LLMs (large language models, AI systems trained on huge amounts of text) without approval, risking accidental leaks of confidential information.
This newsletter covers multiple AI-related developments, including animal welfare advocates exploring how artificial general intelligence (AGI, a theoretical AI system that can learn and perform any intellectual task) might reduce animal suffering, the White House unveiling a light-touch AI regulation framework, and various corporate moves like OpenAI adding ads to free ChatGPT and the Pentagon adopting Palantir's AI for military targeting. The article also discusses Elon Musk being found liable for misleading Twitter investors and a case where an Australian woman's experimental brain implant was removed against her wishes despite significantly improving her quality of life.
Senator Elizabeth Warren is questioning the Department of Defense's decision to blacklist AI company Anthropic as a "supply chain risk," calling it retaliation after the company refused to let the DOD use its AI models for fully autonomous weapons or domestic mass surveillance. Anthropic has filed a lawsuit against the Trump administration, while OpenAI has secured a DOD contract despite similar concerns from lawmakers about whether safeguards exist to prevent the technology from being used for mass surveillance or autonomous weapons.
Wiz has introduced AI agents and workflows designed to help security teams respond to threats faster by automating investigation and remediation tasks. The system uses three specialized agents—Red (finds vulnerabilities), Blue (investigates threats), and Green (fixes issues)—that work together in a continuous loop to detect, analyze, and resolve security risks at machine speed rather than relying on manual human work.
Insider threats (security risks from people inside an organization) are becoming more common and damaging, with 42% of organizations reporting increased malicious insider incidents and an average cost of $13.1 million per incident. These threats come from both intentional bad actors and careless mistakes, and are worsened by new technologies like AI agents (software that can act independently with system access), remote work, and economic pressure on employees.
Organizations deploying AI tools and agents are creating new security vulnerabilities, particularly through attacks like indirect prompt injection (tricking an AI by hiding malicious instructions in its input) and agentic tool chain attacks (compromising the sequence of tools an AI agent uses). CrowdStrike is addressing this gap by expanding its Falcon platform with new AI detection and response capabilities that monitor desktop AI applications, discover shadow AI (unauthorized AI tools), and detect threats across endpoints, cloud, and SaaS environments.
Fix: CrowdStrike Falcon AIDR is extending runtime threat detection to desktop AI applications (ChatGPT, Gemini, Claude, DeepSeek, Microsoft Copilot, O365 Copilot, GitHub Copilot, and Cursor) with visibility into prompt content and the ability to detect prompt attacks and data leaks. The capability is currently in pre-beta and will be generally available in Q2. Additionally, AI Discovery in CrowdStrike Falcon Exposure Management, now generally available, automatically discovers AI-related components running on endpoints in real time, including AI apps, agents, LLM (large language model) runtimes, MCP (Model Context Protocol) servers, and IDE extensions.
CrowdStrike Blog