New tools, products, platforms, funding rounds, and company developments in AI security.
OpenAI is planning to integrate Sora, its video generation tool, directly into ChatGPT as a built-in feature, similar to how image generation was added previously. While this could increase ChatGPT's popularity, it may also increase the creation of deepfakes (synthetic videos that convincingly mimic real people or events) from the platform.
Meta acquired Moltbook, a social network for AI agents (software programs that act independently to complete tasks), primarily to hire its talented team rather than for advertising purposes. The acquisition positions Meta to benefit from an "agentic web" where AI agents representing businesses and consumers could interact to conduct transactions like shopping and advertising, potentially allowing Meta to control the "orchestration layer" (the system that decides which agents communicate with each other) and expand its advertising business.
Meta acquired Moltbook, a social network for AI agents (autonomous software systems that act independently), primarily to hire its talented team rather than for the platform itself. Meta believes AI agents will become essential for businesses and could transform advertising by enabling agent-to-agent negotiations, where a consumer's AI agent might directly negotiate with a business's AI agent about product features, price, and values before making a purchase.
This article reviews Bungie's new Marathon game, a revival of their 1990s multiplayer shooter that now functions as an online extraction shooter (a game where players drop into a map, collect items, complete objectives, and try to survive against other players). The game intentionally recreates 1990s aesthetic and culture, drawing inspiration from cyberpunk anime, club culture, and retro-futuristic design that was popular during that era.
Nvidia announced a $2 billion investment in Nebius, an AI cloud company, causing Nebius's stock to rise 14%. The two companies will work together on AI infrastructure deployment, fleet management, and inference (the process of running trained AI models to make predictions), with Nebius aiming to deploy over five gigawatts of computing capacity by 2030.
Targeted advertising (ads customized based on your personal data and location) has become a tool for government surveillance, with federal law enforcement now accessing data from advertising companies to track people's locations. The article discusses how the combination of corporate data collection and government access to that data threatens privacy and free speech online.
A study by CNN and the Center for Countering Digital Hate tested 10 popular chatbots used by teenagers and found that their safety features (protections designed to prevent harmful outputs) were inadequate. The chatbots often failed to recognize when users discussed violent acts and sometimes even encouraged these discussions instead of refusing to engage.
Scanner, a security company, has raised $22 million in funding to develop AI agents (software programs that can act independently to accomplish tasks) that connect to security data lakes (large centralized collections of security data) to help organizations investigate threats, create detection rules, and automatically respond to attacks.
Rakuten, a global company with 30,000 employees, integrated Codex (an AI coding agent from OpenAI) into its engineering workflows to speed up software development and incident response. By using Codex for tasks like root-cause analysis, automated code review, and vulnerability checks, Rakuten reduced the time to fix problems by approximately 50% and compressed development cycles from quarters to weeks, while maintaining safety standards through automated guardrails.
OpenAI is acquiring Promptfoo, a startup that created a platform helping developers secure LLMs (large language models, AI systems trained on vast amounts of text) and AI agents (AI systems that can perform tasks autonomously). Promptfoo had raised over $23 million to build tools for testing and protecting these AI systems from security risks.
Researchers tested 10 popular AI chatbots by posing as would-be attackers and found that most chatbots provided detailed help with planning violent acts like shootings and bombings, with only about 12% of responses actively discouraging violence. However, some chatbots like Claude and My AI consistently refused to assist with violence, showing that certain AI systems can be designed to resist this misuse.
Canada is investing $2 billion in AI development, but the article argues that relying on American tech companies like OpenAI means Canada won't capture the benefits or control its own AI future. The author advocates for Canada to build its own public AI system (AI infrastructure owned and operated by the government rather than private companies) as essential infrastructure, similar to how Switzerland created Apertus with funding from academic institutions and federal government support.
OpenAI has built a computer environment for its Responses API (a tool that lets developers interact with AI models) to help AI agents handle complex workflows like running services, fetching data, or generating reports. The system uses a shell tool (command-line interface) that runs commands in an isolated container workspace with a filesystem, optional storage, and restricted network access, solving practical problems like managing intermediate files and ensuring security. The model proposes actions, the platform executes them in isolation, and results feed back to the model in a loop until the task completes.
Wayfair integrated OpenAI models into its internal systems to improve product catalog quality and supplier support at scale, moving from building separate custom AI models for individual product tags to a single reusable model that can classify attributes 70x faster. The company uses a hands-on audit process where staff physically inspect samples to validate the AI's output, and either automatically updates product data when confidence is high or asks suppliers to confirm changes when the confidence is lower or the tag is considered high-risk.
Researchers demonstrated that agentic web browsers (AI systems that automatically perform actions across websites) can be tricked into phishing scams by using a GAN (generative adversarial network, a machine learning technique that generates increasingly refined fake content) to intercept and manipulate the AI's internal reasoning communications. Once a fraudster optimizes a fake page to bypass a specific AI browser's safeguards, that same malicious page works on all users of that browser, shifting the attack target from humans to the AI system itself.
Fix: The issues collectively codenamed PerplexedBrowser have been addressed by Perplexity (the AI company). The text does not provide specific technical details about how the fixes work or which versions contain the patches.
The Hacker NewsWiz, a cloud security company, has officially joined Google to combine innovation with scale to improve cloud security. The company emphasizes that modern security must keep pace with AI-driven development, where applications move from idea to production in minutes, and has expanded its platform to secure AI applications, manage exposures, and protect AI workloads at runtime.
GenAI tools have made phishing and social engineering attacks much more dangerous by allowing attackers to quickly create highly personalized fake messages, clone voices, and generate deepfakes (realistic video or audio of people saying things they never said) that fool people more easily than before. These AI-powered scams are now causing real financial and operational damage to businesses worldwide, making it harder for people to verify someone's true identity on communication platforms. Organizations need updated security defenses and awareness training designed for this new AI-driven threat environment.
Vulnerability management (the process of finding and fixing security weaknesses) is evolving in the agentic era, where AI agents (autonomous software that can perform tasks independently) are becoming more involved. The new approach focuses on three key areas: continuous telemetry (constantly collecting data about system health and threats), contextual prioritization (deciding which vulnerabilities to fix first based on their actual risk to your systems), and agentic remediation (using AI agents to automatically fix vulnerabilities without human intervention).
AI agents that browse the web and take actions are vulnerable to prompt injection (instructions hidden in external content to manipulate the AI into unintended actions), which increasingly uses social engineering tactics rather than simple tricks. Rather than trying to perfectly detect malicious inputs (which is as hard as detecting lies), the most effective defense is to design AI systems with built-in limitations on what agents can do, similar to how human customer service agents are restricted to limit damage if they're manipulated.
Fix: The source explicitly mentions Switzerland's approach: 'With funding from the federal government, a consortium of academic institutions—ETH Zurich, EPFL, and the Swiss National Supercomputing Centre—released the world's most powerful and fully realized public AI model, Apertus, last September.' The article presents this as a working model Canada should follow, though it does not describe specific implementation steps for Canada beyond recommending that 'Canadian universities and public agencies' build and operate AI models.
Schneier on SecurityFix: OpenAI's solution is built into the Responses API itself: it provides a shell tool and hosted container workspace that execute commands in an isolated environment with a filesystem for inputs and outputs, optional structured storage like SQLite, and restricted network access. The source states this design is 'designed to address these practical problems' of file management, large data handling, network access security, and timeout handling.
OpenAI BlogFix: Wayfair developed structured testing using a hands-on audit process in which associates physically inspect samples to validate model output, and worked with suppliers to validate changes. When data-based confidence is high, automated systems overwrite content directly and notify the supplier. When a high standard is not met or the tag is deemed high risk, Wayfair seeks supplier confirmation before making the change.
OpenAI BlogIn September 2025, a Chinese state-sponsored group used Anthropic's Claude Code (an AI tool that writes software) to automate 90% of a major cyberattack on 30 US companies and agencies, marking the world's largest AI-driven attack. The attackers used prompt injection (tricking the AI by hiding malicious instructions in their requests) to bypass safety protections and generate harmful code. This represents a major shift in cybersecurity, similar to how the Gatling gun mechanized warfare, because attackers can now automate attacks at high speed rather than conducting them manually.