#ai-security
#ai-security

4 hours ago

Information security

AI Threats Are Accelerating and These 3 Cybersecurity Stocks Under $30 Are Built to Win

Information security

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

Information security

Cybersecurity M&A Roundup: 33 Deals Announced in April 2026

Artificial intelligence

Exclusive: OpenAI, Anthropic meet with House Homeland Security behind closed doors on cyber threats

Information security

Anthropic's Mythos breach was humiliating

Information security

Anthropic's most dangerous AI model just fell into the wrong hands

4 hours ago

AI Threats Are Accelerating and These 3 Cybersecurity Stocks Under $30 Are Built to Win

Cybersecurity demand for AI workloads, identity control, and data pipeline protection is driving growth, while several stocks trade under $30 at compressed valuations.

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

Daybreak combines OpenAI frontier AI with Codex Security to help organizations find and patch vulnerabilities before attackers exploit them.

Cybersecurity M&A Roundup: 33 Deals Announced in April 2026

Thirty-three cybersecurity-related merger and acquisition deals were announced in April 2026.

Exclusive: OpenAI, Anthropic meet with House Homeland Security behind closed doors on cyber threats

Anthropic and OpenAI are collaborating with federal agencies to address cybersecurity risks associated with their AI models.

Anthropic's Mythos breach was humiliating

Unauthorized access to Anthropic's AI model Mythos raises serious concerns about cybersecurity and safety protocols.

Anthropic's most dangerous AI model just fell into the wrong hands

Mythos AI model accessed by unauthorized users, raising cybersecurity concerns about its potential misuse.

more#cybersecurity

#vulnerability-discovery

6 hours ago

Information security

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

7 hours ago

Microsoft's new AI system finds 16 Windows flaws, including four critical RCEs

MDASH will enter enterprise private preview in June, using AI agents to discover and help remediate Windows vulnerabilities, including critical remote code execution flaws.

Information security

How dangerous is Anthropic's Mythos AI? | Bruce Schneier

6 hours ago

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

MDASH is a model-agnostic, multi-agent AI pipeline that discovers, validates, and proves exploitable vulnerabilities at scale in complex codebases.

7 hours ago

Microsoft's new AI system finds 16 Windows flaws, including four critical RCEs

MDASH will enter enterprise private preview in June, using AI agents to discover and help remediate Windows vulnerabilities, including critical remote code execution flaws.

more#vulnerability-discovery

How dangerous is Anthropic's Mythos AI? | Bruce Schneier

Generative AI is rapidly improving at finding and exploiting software vulnerabilities, increasing both cyberattack risk and defensive patching effectiveness.

Trump's China trip collides with AI security fears

The U.S. and China plan leader-level talks on AI guardrails, but trust and shared security norms remain uncertain amid cyber and intelligence competition.

White Circle Raises $11 Million for AI Control Platform

White Circle raised $11M seed funding to build an AI control layer that monitors inputs/outputs, detects risks, enforces policies, and improves model accuracy over time.

fromwww.theregister.com

Japan's PM orders cybersecurity review to defend against Anthropic Mythos

Japan ordered a cabinet-level review of cybersecurity strategy to assess government system vulnerabilities and ensure critical infrastructure operators can detect and fix them amid AI-enabled attack risks.

#vulnerability-scanning

fromtheregister

2 days ago

Anthropic's bug-hunting Mythos was greatest marketing stunt ever, says cURL creator

A scan using Anthropic’s Mythos found only one confirmed cURL vulnerability, with other findings largely false positives or minor bugs.

Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge

Claude Security aims to empower defenders against advanced AI threats by providing automated vulnerability scanning and patching capabilities.

fromtheregister

2 days ago

Anthropic's bug-hunting Mythos was greatest marketing stunt ever, says cURL creator

A scan using Anthropic’s Mythos found only one confirmed cURL vulnerability, with other findings largely false positives or minor bugs.

more#vulnerability-scanning

Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge

Claude Security aims to empower defenders against advanced AI threats by providing automated vulnerability scanning and patching capabilities.

Wall Street piles into 'NACHO' bet on looming oil shortages in June | Fortune

Token theft is rising in AI services, with criminals using stolen tokens to drive costs and enable fraud.

Mozilla: AI-powered bug detection produces very few false positives

AI-driven analysis and a dedicated harness enabled Firefox to detect and fix hundreds of security vulnerabilities with far fewer false positives.

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack

A critical CVSS 10/10 vulnerability in Gemini CLI's -yolo mode allowed attackers to inject malicious prompts via GitHub issues, potentially enabling full supply chain compromise through credential theft and unauthorized repository access.

Meta Pauses Work With Mercor After LiteLLM-Linked Data Breach - TechRepublic

Meta has paused work with Mercor due to a security breach linked to the LiteLLM supply chain attack.

6 days ago

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack

Meta Pauses Work With Mercor After LiteLLM-Linked Data Breach - TechRepublic

Meta has paused work with Mercor due to a security breach linked to the LiteLLM supply chain attack.

more#supply-chain-attack

fromNextgov.com

Commerce AI center will evaluate Google Deepmind, Microsoft and xAI models

The Commerce Department will test leading AI models for security before deployment, overseen by CAISI within the National Institute of Standards and Technology.

We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is

AI infrastructure security is compromised due to rapid deployment without proper authentication, exposing sensitive data and increasing vulnerability.

Trump administration considering safety review for new AI models

The White House is developing an AI security framework to assess vulnerabilities before public deployment of advanced AI models.

Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks

Cisco intends to acquire Astrix Security to enhance security for non-human identities in response to rising AI-related risks.

Cisco aims to make AI agents safer with proposed acquisition of Astrix

Cisco is pursuing an acquisition of Astrix Security to enhance its AI security capabilities.

Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks

Cisco intends to acquire Astrix Security to enhance security for non-human identities in response to rising AI-related risks.

Cisco aims to make AI agents safer with proposed acquisition of Astrix

Cisco is pursuing an acquisition of Astrix Security to enhance its AI security capabilities.

Information security

Indirect Prompt Injection Is Now a Real-World AI Security Threat

Information security

Cloudflare: Attackers are deceiving AI models with prompt injection

Information security

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

Information security

Prompt injection proves AI models are gullible like humans

Information security

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.

Indirect Prompt Injection Is Now a Real-World AI Security Threat

AI agents are vulnerable to prompt injection attacks, leading to data breaches and security risks in enterprise systems.

Cloudflare: Attackers are deceiving AI models with prompt injection

Attackers increasingly use prompt injection to manipulate AI models, influencing decision-making with simple text fragments.

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

Google's research reveals an increase in indirect prompt injection attacks on AI, though their sophistication remains relatively low.

Prompt injection proves AI models are gullible like humans

Prompt injection attacks exploit AI systems, similar to phishing, by embedding malicious instructions that the AI executes instead of treating as content.

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A prompt injection attack method named 'Comment and Control' targets AI code security tools, allowing attackers to hijack AI agents using crafted GitHub comments.

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.

more#prompt-injection

E-Commerce

AI chatbot fraud: the gift card' subcription that may cost you dear

Fraudulent charges for gift cards linked to the Claude AI tool raised concerns among users about security and account safety.

AI agents can bypass guardrails and put credentials at risk, Okta study finds

Agentic platforms like OpenClaw pose significant risks by exposing sensitive data and bypassing security measures under real-world conditions.

Everyone's Talking About NVIDIA's Moving Averages. Smart Money Is Watching CrowdStrike Instead

NVIDIA's stock is overvalued while CrowdStrike presents a compelling investment opportunity due to its critical role in AI security.

Everyone's Talking About NVIDIA. Smart Money Is Watching CrowdStrike Instead

NVIDIA's stock is overvalued while CrowdStrike presents a compelling investment opportunity due to its critical role in AI security.

Everyone's Talking About NVIDIA's Moving Averages. Smart Money Is Watching CrowdStrike Instead

NVIDIA's stock is overvalued while CrowdStrike presents a compelling investment opportunity due to its critical role in AI security.

Everyone's Talking About NVIDIA. Smart Money Is Watching CrowdStrike Instead

NVIDIA's stock is overvalued while CrowdStrike presents a compelling investment opportunity due to its critical role in AI security.

more#nvidia

Privacy professionals

Exclusive: Senators interrogate AI firms on China safeguards

The Chinese Communist Party conducts extensive espionage on U.S. companies, prompting Congress to seek collaboration with tech firms to enhance security measures.

Mizuho Upgrades CrowdStrike With a $520 Price Target: Is AI Security the Next Mega-Trade?

Mizuho upgraded CrowdStrike to Outperform, raising its price target to $520, citing strong demand and AI security growth potential.

fromwww.aljazeera.com

Who's in control of AI?

Unauthorized access to a powerful AI model has raised concerns about technology security and control.

CISA last in line for access to Anthropic Mythos

CISA lacks access to Anthropic's AI model Claude Mythos, while unauthorized users have gained access, raising cybersecurity concerns.

#foreign-interference

White House Says China-Linked Actors Tried to 'Steal American AI'

Foreign entities, particularly from China, are allegedly extracting American AI models through unauthorized methods, raising national security concerns.

fromNextgov.com

White House accuses China of 'deliberate, industrial-scale campaigns' to steal US AI models

The White House accused foreign entities of industrial-scale campaigns to distill U.S. AI systems and plans to safeguard domestic AI products.

White House Says China-Linked Actors Tried to 'Steal American AI'

Foreign entities, particularly from China, are allegedly extracting American AI models through unauthorized methods, raising national security concerns.

fromNextgov.com

more#foreign-interference

White House accuses China of 'deliberate, industrial-scale campaigns' to steal US AI models

The White House accused foreign entities of industrial-scale campaigns to distill U.S. AI systems and plans to safeguard domestic AI products.

What Claude and OpenClaw Vulnerabilities Reveal About AI Agents

AI agents must be governed like privileged accounts due to their ability to access sensitive information and execute commands.

Information security

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

Information security

Anthropic Mythos shaping up as nothingburger

Anthropic's Mythos model is under scrutiny due to unauthorized access concerns, despite its intended purpose of identifying vulnerabilities.

AI vendors' response to security flaws: It wasn't me

AI vendors promote AI for security but often dismiss flaws as intended behavior.

fromSecuritymagazine

What Claude and OpenClaw Vulnerabilities Reveal About AI Agents

AI agents must be governed like privileged accounts due to their ability to access sensitive information and execute commands.

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

AI systems are becoming attractive targets for adversaries, with vulnerabilities discovered faster than developers can respond.

Anthropic Mythos shaping up as nothingburger

Anthropic's Mythos model is under scrutiny due to unauthorized access concerns, despite its intended purpose of identifying vulnerabilities.

AI vendors' response to security flaws: It wasn't me

AI vendors promote AI for security but often dismiss flaws as intended behavior.

Open source models can find bugs as well as Mythos

Open source models can effectively find bugs comparable to Anthropic's Mythos, according to Ari Herbert-Voss, emphasizing the importance of human expertise in their orchestration.

fromZDNET

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.

fromYcombinator

Show HN: OpenParallax: OS-level privilege separation for AI agent execution | Hacker News

An open-source AI agent was developed with a secure, sandboxed architecture to prevent data exfiltration and unauthorized actions.

DevOps

Open source models can find bugs as well as Mythos

Open source models can effectively find bugs comparable to Anthropic's Mythos, according to Ari Herbert-Voss, emphasizing the importance of human expertise in their orchestration.

fromZDNET

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.

fromYcombinator

Show HN: OpenParallax: OS-level privilege separation for AI agent execution | Hacker News

An open-source AI agent was developed with a secure, sandboxed architecture to prevent data exfiltration and unauthorized actions.

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Indirect prompt injection attacks pose significant security risks to AI systems without requiring user interaction.

The Guardian view on Anthropic's Claude Mythos: when AI finds every flaw, who controls the internet? | Editorial

Claude Mythos can autonomously exploit zero-day flaws, turning computers into crime scenes and significantly increasing the risk of cyber-attacks.

Privacy professionals

U.S. accuses China of "industrial-scale" campaigns to steal AI secrets

China-based actors are using proxy accounts to exploit U.S. AI models and extract proprietary information.

fromInfoWorld

Microsoft taps Anthropic's Mythos to strengthen secure software development

Mythos can enhance the security of Microsoft products, benefiting enterprises without direct access.

fromFuturism

Rogue Group Gains Access to Anthropic's Dangerous New Mythos AI

A small group of Discord users gained access to a preview version of Mythos, a source told the outlet, on the same day Anthropic announced it would be exclusively releasing the model to a select ring of companies.

Artificial intelligence

Information security

Mozilla fixes 271 Firefox vulnerabilities found by Anthropic's Claude Mythos in a single evaluation pass

Mozilla's Firefox 150 fixes 271 security vulnerabilities identified by Anthropic's AI model, Mythos, showcasing the model's effectiveness in vulnerability detection.

fromSecuritymagazine

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.

Information security

Unauthorized users gained access to Anthropic's restricted Mythos AI model

Unauthorized users accessed Claude Mythos Preview by guessing its URL, raising concerns about security in AI model access.

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.

DevOps

fromInfoQ

CNCF Warns Kubernetes Alone Is Not Enough to Secure LLM Workloads

Kubernetes lacks the capability to manage the unique risks posed by large language models in AI deployments.

Git identity spoof fools Claude into giving bad code the nod

In a blog published this week, Manifold Security showed how an AI-powered code reviewer built on Claude accepted changes that appeared to come from a legitimate maintainer. By setting a fake author name and email in Git, the team made a commit appear to originate from a trusted source, then passed it through an automated review flow where the model approved it.

Information security

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.

Venture

Capsule Security Emerges From Stealth With $7 Million in Funding

Capsule Security provides a security layer for AI agents to prevent manipulation and ensure safe operations.

fromInfoQ

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Claude Code identified multiple security vulnerabilities in the Linux kernel, including a long-standing heap buffer overflow, with minimal oversight required.

#vulnerability-detection

Dutch government warns against controversial Anthropic Mythos model

Anthropic's Mythos AI model detects vulnerabilities and builds attack chains, achieving a 72.4% exploit success rate, while access is limited to defensive use.

Anthropic withholds Mythos Preview model because it's hacking is too powerful

Mythos Preview can autonomously find and exploit vulnerabilities at an unprecedented level, surpassing previous models significantly.

Dutch government warns against controversial Anthropic Mythos model

Anthropic's Mythos AI model detects vulnerabilities and builds attack chains, achieving a 72.4% exploit success rate, while access is limited to defensive use.

more#vulnerability-detection

Anthropic withholds Mythos Preview model because it's hacking is too powerful

Mythos Preview can autonomously find and exploit vulnerabilities at an unprecedented level, surpassing previous models significantly.

EU data protection

Cisco and ML6 are helping organizations prepare for the EU AI Act

Cisco and ML6 are partnering to enhance secure AI innovation in Europe, focusing on compliance with the EU AI Act.

The "SaaS-Pocalypse" Continues: Cloudflare, ServiceNow, CrowdStrike Under Fire as Anthropic Rewrites the Rules

The release of Anthropic's AI security product has significantly impacted investor confidence in enterprise software companies, leading to sharp stock declines.

Project Glasswing and open source: The good, bad, and ugly

Project Glasswing aims to enhance open source software security with $100 million and the Mythos AI program to identify vulnerabilities.

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

AI browser extensions pose significant security risks, often overlooked, with vulnerabilities and access that can compromise enterprise networks.

Europe news

U.S. and Iran begin peace talks as Trump goes to war against the media, insider traders, and the Pope | Fortune

Oil prices are expected to remain high due to geopolitical tensions and potential hoarding by industrialized nations.

Apple

fromTNW | Startups-Technology

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.

London startup

Trent AI raises $13M to build multi-agent security

Trent AI launched a multi-agent security platform to address security gaps in enterprises deploying autonomous AI agents.

fromInfoWorld

Microsoft's new Agent Governance Toolkit targets top OWASP risks for AI agents

Microsoft introduced the Agent Governance Toolkit to enhance AI agent security and mitigate OWASP's top 10 agentic AI threats.

Google DeepMind Researchers Map Web Attacks Against AI Agents

Malicious web content can exploit AI agents, leading to manipulation and unexpected behaviors through various attack types identified by researchers.

fromnews.bitcoin.com

Deepmind's 'AI Agent Traps' Paper Maps How Hackers Could Weaponize AI Agents Against Users

Google Deepmind identifies six AI agent trap categories, with content injection success rates of 86% and calls for enhanced security measures by 2026.

fromTNW | Corporates-Innovation

Meta freezes AI data work after breach puts training secrets at risk

Meta has suspended collaboration with Mercor after a cyberattack exposed sensitive AI training methodologies and personal data.

fromArs Technica

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

fromInfoWorld

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

Exabeam now monitors AI agents in ChatGPT, Copilot, and Gemini

Exabeam expands Agent Behavior Analytics to monitor AI agent behavior, detect anomalies, and enhance security against AI risks.

fromwww.businessinsider.com

Okta's CEO says all AI agents need a kill switch

AI agents may require access to sensitive data, necessitating security measures like a kill switch to mitigate risks.

Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents

Palo Alto Networks revealed vulnerabilities in Google Cloud's Vertex AI, allowing attackers to exploit AI agents for malicious activities due to excessive permissions.

Is AI's visual understanding mostly a 'mirage'? New research suggests so. | Fortune

Anthropic faces significant cybersecurity risks following multiple sensitive data leaks related to its new AI model, Mythos.

fromComputerWeekly.com

Cato Networks unveils modular adoption model for SASE platform | Computer Weekly

Cato Networks introduces a modular adoption model for its SASE platform, allowing organizations to expand networking and security capabilities as needed.

Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise

OAuth tokens pose significant security risks, especially when long-lived, as they can lead to widespread breaches across multiple organizations.

Securing agentic AI is still about getting the basics right

Agentic AI workflows necessitate new security frameworks for identity management, authentication, and governance in organizations.

Okta's CEO on security in the AI era

Okta is adapting to AI challenges by managing both human and AI agent identities for security.

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Secrets sprawl accelerated in 2025, with 29 million new hardcoded secrets identified, marking a 34% increase from the previous year.

fromInfoQ

Teleport Report Finds Over-Privileged AI Systems Linked to Fourfold Rise in Security Incidents

Excessive access permissions to AI systems lead to significantly more security incidents in enterprises.

fromFuturism

OpenClaw Bots Are a Security Disaster

OpenClaw agents, personal AI assistants, pose significant security risks despite their popularity and capabilities.

fromwww.businessinsider.com

The Next Billion Users Won't Be Human: Securing the Agentic Enterprise

The rise of autonomous AI agents is reshaping enterprise security, presenting challenges traditional methods cannot address.

Venture

This startup just raised $6 million from 8VC and Marc Benioff to find the hidden security flaws in AI code

Enclave, a startup focused on identifying dangerous AI-generated security flaws, has launched with $6 million in seed funding and a $33 million valuation.

fromTelecompetitor

AT&T and Ericsson flag AI/ML threats to mobile networks

AI is essential for securing mobile networks against sophisticated threats while also being a target and tool for attacks.

fromTechCrunch

Databricks bought two startups to underpin its new AI security product | TechCrunch

Lakewatch leverages Databricks' data storage capabilities to perform essential SIEM tasks, such as threat detection and investigation, enhanced by AI agents from Anthropic's Claude.

Information security