New tools, products, platforms, funding rounds, and company developments in AI security.
RSA Conference 2026 is fundamentally organized around AI security, with 40% of sessions focused on how AI affects cybersecurity across all tracks. CISOs face a dual challenge: adopting AI quickly to stay competitive while simultaneously securing enterprise systems against new threats that AI itself creates. The conference prioritizes five learning areas: securing the AI stack (including RAG workflows, LLM data pipelines, and prompt injection attacks), AI governance and regulatory compliance, managing non-human identities (AI agents and service accounts that now outnumber human users), addressing shadow AI risks (unsanctioned tools and AI-generated code), and implementing autonomous security operations.
A Cloud Access Security Broker (CASB) is a monitoring tool that sits between a company's devices and cloud services to monitor user activity, enforce access rules, and detect security threats. CASBs are increasingly used to protect data in hybrid cloud environments (where some data is on-premises and some in the cloud), enforce compliance with data protection regulations, secure remote work access, and detect malicious activity. Organizations should look for CASBs that offer visibility into cloud usage, granular control over user permissions, data protection features, and compliance support, and should ensure the tool integrates well with their existing cloud services and security systems.
OpenAI is acquiring Astral, a company that builds popular open source Python development tools like uv (for managing code dependencies), Ruff (for checking code quality), and ty (for type safety). After the acquisition closes, OpenAI plans to integrate these tools with Codex (its AI system for code generation) so that AI can work alongside the tools developers already use throughout their entire workflow, from planning changes to maintaining software over time.
Researchers successfully ran a very large AI model (Qwen 397B, a Mixture-of-Experts model where each response only uses a subset of the total weights) on a MacBook Pro by using Apple's "LLM in a Flash" technique, which stores model data on the fast SSD storage and pulls it into RAM as needed rather than keeping everything in memory at once. They used Claude to run 90 experiments and generate optimized code that achieved 5.5+ tokens per second (response speed) by quantizing (reducing precision of) the expert weights to 2-bit while keeping other parts at full precision. The final setup used only 5.5GB of constant memory while streaming the remaining 120GB of compressed model weights from disk on demand.
A story claimed that ChatGPT helped cure an Australian entrepreneur's dog of cancer, generating widespread attention as evidence that AI could revolutionize medicine. However, the article suggests this narrative is more complicated than the promoted version, implying the reality behind the claim differs from what was publicly reported.
Researchers discovered three connected flaws in Claude (an AI assistant) that can work together to steal user data, starting with a prompt injection attack (tricking the AI by hiding malicious instructions in its input) combined with a Google search vulnerability. This attack chain could potentially compromise enterprise networks that rely on Claude.
Nvidia has released DLSS 5, a new 3D guided neural rendering model (an AI system that generates realistic graphics in real-time) that can alter a game's lighting and materials during gameplay. Many gamers have criticized the technology for changing how games look in ways they didn't expect, with complaints that it distorts character appearances and doesn't respect the original artists' creative vision.
Magecart attacks (malicious code injected into e-commerce sites to steal payment data) often hide in third-party resources like images or scripts that never enter a company's code repository, making them invisible to static analysis tools like Claude Code Security. Claude Code Security is designed to scan code you own, so it cannot detect malicious code injected at runtime through compromised external libraries, CDNs (content delivery networks that distribute files globally), or data hidden in binary files like favicons, which means repository-based scanning has a fundamental blind spot for this attack class.
Micron Technology's stock has surged 62% in 2026 due to a severe shortage of memory chips (computer components that store data temporarily) needed for AI graphics processing units (GPUs, specialized chips that power artificial intelligence). The shortage is driven by massive demand from cloud companies like Amazon and Google building AI data centers, and SK Hynix estimates the memory crunch will continue for another four to five years, pushing prices higher across the industry.
The article discusses expert advice on responsible AI tool use, emphasizing that people should use AI as a brainstorming partner and for organizing information, but should not let it replace their own decision-making. A 2025 survey shows that one-third of US adults use ChatGPT, with particularly high adoption among people under 30.
Chinese AI companies saw significant stock gains after Nvidia CEO Jensen Huang praised OpenClaw, an open-source AI agent (a program that can perform tasks independently), as "the next ChatGPT." Companies like MiniMax and Zhipu, which are among China's leading AI developers building large language models (AI systems trained on huge amounts of text to understand and generate language), have integrated OpenClaw into their products and are launching their own versions based on it.
OpenAI has built a monitoring system for coding agents (AI systems that can autonomously write and execute code) used internally to detect misalignment, which occurs when an AI's behavior doesn't match its intended purpose. The system uses GPT-5.4 Thinking to review agent interactions within 30 minutes, flag suspicious actions, and alert teams so they can quickly respond to potential security issues.
Fix: OpenAI's explicit mitigation involves deploying a low-latency internal monitoring system powered by GPT-5.4 Thinking at maximum reasoning effort that reviews agent interactions and automatically alerts for actions inconsistent with user intent or violating internal security or compliance policies. The source states the monitor currently reviews interactions within 30 minutes of completion and that 'as the latency decreases towards near real-time review, the security benefits increase significantly,' with the eventual goal of evaluating coding agent actions before they are taken. The source also recommends that 'similar safeguards should be standard for internal coding agent deployments across the industry.'
OpenAI BlogThe Trump administration has banned AI company Anthropic from Pentagon systems as a "supply chain risk," requiring government contractors to remove the company's technology within 180 days. However, most organizations lack complete visibility into where and how AI systems are used across their networks, making it extremely difficult to identify and remove Anthropic technology when it may be embedded in applications, APIs (application programming interfaces, which allow software to communicate), developer tools, or third-party services.
AI agents (autonomous programs that perform tasks without constant human input) face security risks when deployed in business environments, as a compromised agent could expose customer data or execute unauthorized actions. CrowdStrike Falcon AIDR (AI Detection and Response, a security monitoring system) now supports NVIDIA NeMo Guardrails (an open-source library that adds safety constraints to AI systems) as of version 0.20.0, enabling developers to add security controls like blocking prompt injection attacks (tricking an AI by hiding instructions in its input), redacting sensitive data, and moderating restricted topics.
Fix: Organizations should use CrowdStrike Falcon AIDR with NVIDIA NeMo Guardrails to implement security controls. Specifically: start with monitoring mode to understand threats, then progressively enforce blocks and redactions as agents move from development to production. The solution includes over 75 built-in classification rules and support for custom data classification to block prompt injection attacks, redact sensitive data like account numbers and SSNs, detect hardcoded secrets, block code injection attempts, and moderate unwanted topics to ensure compliance.
CrowdStrike BlogAI agents, like the open-source Clawdbot, are becoming more powerful and autonomous but introduce serious security risks because attackers can compromise them through the open-source supply chain. Two major attack types threaten AI systems: model file attacks (where malicious code is hidden in AI model files uploaded to trusted repositories) and rug pull attacks (where attackers compromise MCP servers, which are tools that give AI agents capabilities, to perform malicious actions). The article notes that traditional security methods don't yet exist for protecting AI agents, and a single corrupted component can spread threats across many teams.
Fix: The source explicitly recommends: 'Teams must scan model files with tools that can parse machine learning formats, and load models in isolated containers, virtual machines or browser sandboxes.' For rug pull attacks specifically, the article states that 'the alternative is to use remote MCP servers whose code is maintained by trusted organizations' like GitHub, which 'reduces the risk of an MCP rug pull attack' (though it does not prevent malicious actions from the tools themselves).
Palo Alto Unit 42Shadow AI refers to AI systems hidden within SaaS applications (software services accessed online) that operate without proper oversight, creating security risks that can lead to major data breaches. The article emphasizes that organizations lack visibility into these autonomous AI systems and calls for better monitoring and control mechanisms to manage agentic AI (AI that can independently take actions to achieve goals).
The Pentagon is planning to create secure environments where AI companies can train their models on classified military data, which would embed sensitive intelligence like surveillance reports into the AI systems themselves and bring these companies closer to classified information than before. This represents a major shift from current use of AI models like Claude in classified settings, but introduces unique security risks by allowing models to learn from rather than just access classified data.
Reco, a SaaS security platform, launched "Reco AI Agent Security" on March 18 to address "agent sprawl," the problem of autonomous AI agents (like Copilot and ChatGPT integrations) accessing sensitive data and taking actions across multiple systems without human oversight. The new tool gives security teams visibility and control over these AI agents by using behavior-based detection (analyzing API call patterns and workflow signatures) instead of traditional connection-based methods, identifying risks like agents with excessive permissions or misconfigured access to customer data.
Fix: Reco AI Agent Security is explicitly designed as the mitigation. According to the source, the offering provides: (1) AI agent discovery through multi-layered detection that analyzes API call patterns and service account activity to identify autonomous behavior; (2) risk analysis by correlating activity across applications and recognizing workflow signatures of automation tools like n8n, Zapier, and Make; and (3) governance and control over all AI agents operating in the SaaS ecosystem. The platform tracks OAuth connections, analyzes decision-making patterns that indicate autonomous action, and monitors cross-application activity to identify agents that traditional SSPM tools miss.
CSO OnlineSynthetic identity fraud, where criminals create fake people using AI-generated documents and deepfakes (realistic fake videos or audio), is becoming a major threat in estate and identity verification work. Traditional security checks that look at device fingerprints or typing patterns are no longer reliable because AI can now imitate these signals. The text explains that the real challenge by 2026 will be distinguishing legitimate people from manufactured personas, especially in high-stakes situations involving inheritance and family claims.
Fix: The source suggests moving from asking "Who is this?" to a more forensic approach: "How did this identity—and its digital footprint—come to exist?" This shift means prioritizing provenance (where the identity originated), issuer verification (confirming documents are real), and cross-channel consistency (checking if the person's presence makes sense across multiple systems) over accepting surface-level plausibility. However, the text does not provide specific technical implementations or detailed steps for executing this approach.
CSO OnlineCISOs (Chief Information Security Officers, the top security leaders at companies) are updating their data protection strategies because employees are rapidly sharing company data with AI tools, including public models like ChatGPT, creating new security risks. A CISO at a law firm added a new protection layer that classifies data based on whether it can be safely used with AI and invested in new monitoring tools, while also regularly evaluating new technologies to ensure controls keep pace with AI innovations.
Fix: The source describes one organization's approach: add a protection layer that classifies and tags data based on whether it could be used with AI and in what circumstances, invest in new tools to support that layer, monitor the vendor landscape for emerging capabilities, and evaluate new technologies being deployed to determine whether new controls are needed for them. However, no specific technical solutions, patches, or vendor recommendations are explicitly named in the source text.
CSO Online