v2.1.156
What's changed Fixed an issue when using Opus 4.8 where thinking blocks were modified, leading to API errors.
toolsAI News
261 entries. Last updated .
Curated AI security news, tool releases, and CVEs. Updated daily.
No entries match this filter yet. Pick another category or check back tomorrow.
Anthropic's run-rate revenue hits $47 billion
The most interesting thing about Anthropic's $65B Series H announcement is this line (emphasis mine): Since our Series G in February, adoption has continued to …
research
Anthropic confirms Claude Mythos-class models will roll out to the public
Anthropic has confirmed that it plans to bring Mythos-class models to the general public after delaying the rollout due to security risks to public and private …
news
Claude Opus 4.8: "a modest but tangible improvement"
Anthropic shipped Claude Opus 4.8 today. My favourite thing about it is this note in the release announcement: Users will find Opus 4.8 to be a modest but …
researchllm-anthropic 0.25.1
Release: llm-anthropic 0.25.1 New model: Claude Opus 4.8 ( claude-opus-4.8 ). New -o fast 1 option for fast mode , for organizations with that feature enabled …
research
GreyVibe hackers use ChatGPT, Gemini to power cyberattacks
A likely Russian threat cluster tracked as GreyVibe has been targeting Ukrainian entities with AI-generated lures and a rich set of custom malware tools. [...]
newsv2.1.154
What's changed Opus 4.8 is here! Now defaults to high effort · /effort xhigh for your hardest tasks Introducing dynamic workflows: ask Claude to create a …
tools
Agentic AI Isn't Risky; the Way Orgs Deploy It Is
AI agents aren't black boxes — they're models interacting with software tools. The risk lies in their overlap.
news
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More
Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake …
news
Webinar: Why network incidents take too long to resolve
Many organizations can detect network issues quickly, but investigations and coordination often slow incident resolution. This webinar explores how automation …
news
How Endava builds an agentic organization with Codex
Learn how Endava uses Codex to build an agentic organization, accelerating software delivery and reducing requirements analysis from weeks to hours.
vendor
New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"
State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still …
newsv2.1.153
What's changed Added skipLfs option to github / git plugin marketplace sources to skip Git LFS downloads during clone and update Claude Code now shows a …
toolsAnthropic raises $65B in Series H funding at $965B post-money valuation
Anthropic raises $65B in Series H funding at $965B post-money valuation
vendor
Introducing Claude Opus 4.8
Introducing Claude Opus 4.8
vendor
MUFG aims to become AI-native with OpenAI
MUFG uses ChatGPT Enterprise to build an AI-native organization, improve workflows, and deliver new AI-powered financial services at scale.
vendor
OpenAI’s Frontier Governance Framework
Explore OpenAI’s Frontier Governance Framework and how our AI safety, security, and risk practices align with emerging EU and California regulations.
vendor
GPU mining malware spreads via SEO poisoning, AI chatbots
Threat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign spread through a coordinated SEO poisoning operation …
newsI think Anthropic and OpenAI have found product-market fit
Anthropic are strongly rumored to be about to have their first profitable quarter. Stories are circulating of companies surprised at how expensive their LLM …
research
AI-Assisted Exploit Development Outpaces Scanner Detection
Attackers are using AI to dramatically reduce the time they need to develop a working exploit for a CVE, according to new research.
news
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX …
news
5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are …
news
Cybersecurity Evolution: How We Went From Perimeter Defense to AI-Native Security
The cybersecurity industry of 2006 barely resembled today's billion-dollar behemoth. As part of Dark Reading's 20th anniversary celebration, we trace the …
news
Cisco and OpenAI redefine enterprise engineering with Codex
Cisco and OpenAI are redefining enterprise engineering with Codex, helping Cisco scale AI-native development, accelerate AI Defense work, and automate defect …
vendor
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing …
news
Building self-improving tax agents with Codex
See how OpenAI, Thrive, and Crete built a self-improving tax agent with Codex, automating filings, improving accuracy, and accelerating workflows.
vendorv2.1.152
What's changed /code-review --fix now applies review findings to your working tree after the review, surfacing reuse, simplification, and efficiency …
tools
Election information and safeguards in 2026
Ahead of global elections, we’re helping people access information, supporting cyber defenders, and increasing AI transparency
vendor
Warp’s big bet on building open source with GPT-5.5
Warp uses GPT-5.5 and OpenAI models to coordinate coding agents across local, cloud, and open-source development workflows.
vendorAnthropic opens Milan office to support Italian enterprise, research, and developers
Anthropic opens Milan office to support Italian enterprise, research, and developers
vendorThe pressure
The pressure Daniel Stenberg on the unprecedented level of pressure the curl team are facing right now thanks to the deluge of (credible) AI-assisted security …
research
For Enterprises, Security Remains Agentic AI's Biggest Challenge
Every company needs an agentic AI strategy, but the tools to allow agentic AI frameworks to be safely and securely adopted are just starting to appear.
newsMicrosoft Copilot Cowork Exfiltrates Files
Microsoft Copilot Cowork Exfiltrates Files The biggest challenge in designing agentic systems continues to be preventing them from enabling attackers to …
researchQuoting Paul Graham
A lot of the emails I get from founders are now written in a hard-hitting journalistic style. I know they're written by AI, because no founder ever wrote this …
research
How Varonis Atlas integrates Claude Compliance API for AI governance
AI governance requires visibility into how AI tools interact with enterprise data. Varonis explains how its Atlas platform uses Claude Compliance API data to …
news
Webinar: Too many tools are slowing network incident response
IT teams often need to jump between monitoring dashboards, infrastructure tools, ticketing systems, and communication platforms during network incidents. This …
news
[THN Webinar] New AI DDoS Attacks Are Smarter. Learn How to Fight Back
Every single day, hackers are finding new ways to crash websites and steal data. But right now, something has changed. Hackers are no longer working alone. They …
news
MFA Prompt Bombing: Why Your Second Factor Isn't Saving You
Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account …
news
CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in …
news
The approval prompt is lying to you: symlink RCE in five AI coding agents
A prompt injection and symlink attack tricks AI coding assistants into RCE through a disguised file copy. We tested five major tools. All were vulnerable. How …
researchQuoting Corey Quinn
I cannot believe I'm saying this, but getting the literal Pope to canonize your product's specific technical limitations as a spiritual treatise is the single …
researchAnthropic appoints KiYoung Choi as Representative Director of Korea ahead of Seoul office opening
Anthropic appoints KiYoung Choi as Representative Director of Korea ahead of Seoul office opening
vendorNotes on Pope Leo XIV's encyclical on AI
Dropped this morning by the Vatican: Magnifica Humanitas of His Holiness Pope Leo XIV on Safeguarding the Human Person in the Time of Artificial Intelligence . …
research
Anthropic’s restricted Claude Mythos model may be coming to Claude Code
Anthropic appears to be preparing for the public rollout of the Mythos model, which was announced in April as a restricted model that poses major security risks …
news
The Alert Firehose Finally Meets Its Match
Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear "Noisy," "Too much data." But ask the teams running NDR that …
newsAnthropic co-founder Chris Olah's remarks on Pope Leo XIV's encyclical "Magnifica humanitas"
Anthropic co-founder Chris Olah's remarks on Pope Leo XIV's encyclical "Magnifica humanitas"
vendor
OpenAI, Grupo Folha and Grupo UOL announce strategic content partnership
OpenAI partners with Grupo Folha and Grupo UOL to bring trusted Brazilian journalism to ChatGPT, expanding access to news with attribution and transparency.
vendor
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most …
newsv2.1.150
What's changed Internal infrastructure improvements (no user-facing changes)
toolsv2.1.149
What's changed /usage now shows a per-category breakdown of what's driving your limits usage — skills, subagents, plugins, and per-MCP-server cost /diff detail …
toolsFTC to Require Cox Media Group, Two Other Firms to Pay Nearly $1 Million to Settle Charges They Deceived Customers About “Active Listening” AI-Powered Marketing Service
FTC to Require Cox Media Group, Two Other Firms to Pay Nearly $1 Million to Settle Charges They Deceived Customers About “Active Listening” AI-Powered Marketing …
researchv2.1.148
What's changed Fixed the Bash tool returning exit code 127 on every command for some users (a regression introduced in 2.1.147)
tools
Project Glasswing: An initial update
Project Glasswing: An initial update
vendor
OpenAI named a Leader in enterprise coding agents by Gartner
OpenAI is named a leader in the 2026 Gartner Magic Quadrant for Enterprise AI Coding Agents, with Codex recognized for innovation and enterprise-scale …
vendor
How Virgin Atlantic ships faster with Codex
How Virgin Atlantic used Codex to ship its revamped mobile app on a fixed holiday travel deadline, reaching near-total unit test coverage and zero P1 defects.
vendorv2.1.147
What's changed Pinned background sessions ( Ctrl+T in claude agents ) now stay alive when idle, are restarted in place to apply Claude Code updates, and are …
tools
How CISOs Should Prep for Agentic-Ready AI BOMs
Finding ways to document both component and execution attributes for AI bill of materials (AI BOM).
news
Datasette Agent
We just announced the first release of Datasette Agent , a new extensible AI assistant for Datasette. I've been working on my LLM Python library for just over …
research
We’re launching the Google DeepMind Accelerator program in Asia Pacific to tackle environmental risks
vendor
AI Agents Are Shifting Identity Security Budget Dynamics
AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research …
news
AdventHealth advances whole-person care with OpenAI
AdventHealth is using ChatGPT for Healthcare to streamline workflows, reduce administrative burden, and return more time to patient care.
vendor
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you …
newsv2.1.146
What's changed Renamed /simplify to /code-review with an optional effort level (e.g. /code-review high ) Auto mode no longer suppresses AskUserQuestion when the …
toolsQuoting SpaceX S-1
We have the ability to use compute resources to support our proprietary AI applications (such as Grok 5, which is currently being trained at COLOSSUS II), while …
research
Cyber Pros Can't Decide If AI Is a Good or a Bad Thing
There is nothing cybersecurity professionals are more excited about, and nothing they fear more, than AI.
newsHow fast is 10 tokens per second really?
How fast is 10 tokens per second really? Neat little HTML app by Mike Veerman ( source code here ) which simulates LLM token output speeds from 5/second to …
research
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) …
newsGoogle I/O, Gemini Spark, Antigravity
It's hard to find much to write about Google I/O this year because I have a policy of not writing about anything that I can't try out myself, and a lot of the …
research
Agent AI is Coming. Are You Ready?
New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, …
news
Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem
AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here's why your current stack can't see them, and …
news
What It'll Take to Make AI BOMs Usable in a Modern Security Program
Five ways CISOs can prepare for consuming AI Bill of Materials and influence the direction of how they're generated.
newsv2.1.145
What's changed Added claude agents --json to list live Claude sessions as JSON for scripting (tmux-resurrect, status bars, session pickers) Added agent_id and …
tools
The next phase of OpenAI’s Education for Countries
OpenAI advances Education for Countries, expanding AI adoption in schools with new partnerships, teacher training, and tools to improve global learning …
vendor
An OpenAI model has disproved a central conjecture in discrete geometry
An OpenAI model solved the 80-year-old unit distance problem, disproving a major conjecture in discrete geometry and marking a milestone in AI-driven …
vendor
How Ramp engineers accelerate code review with Codex
How Ramp engineers use Codex with GPT-5.5 to review code and ship improvements, allowing them to get substantive feedback in minutes instead of hours.
vendorllm-gemini 0.32
Release: llm-gemini 0.32 New model gemini-3.5-flash for Gemini 3.5 Flash . See also my notes on Gemini 3.5 Flash , and the pelican I drew using this upgrade to …
research
Gemini 3.5 Flash: more expensive, but Google plan to use it for everything
Today at Google I/O, Google released Gemini 3.5 Flash . This one skipped the -preview modifier and went straight to general availability, and Google appear to …
research
Max-severity flaw in ChromaDB for AI apps allows server hijacking
A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed …
news
What Will Make AI BOMs Real?
A brief overview of the forces at play that will get more organizations on board with creating and consuming AI bill of materials (BOMs).
newsdatasette-llm-accountant 0.1a4
Release: datasette-llm-accountant 0.1a4 Fixed bug tracking chains of responses. Refs datasette-llm#7 Tags: llm , datasette
researchllm-gemini 0.32a0
Release: llm-gemini 0.32a0 Compatible with llm>=0.32a0 alpha - adds the ability to stream reasoning tokens. Tags: gemini , llm
research
Introducing OpenAI for Singapore
OpenAI for Singapore launches a multi-year AI partnership to expand deployment, build local talent, and support businesses and public services with AI.
vendordatasette-llm 0.1a8
Release: datasette-llm 0.1a8 Fix for bug where llm_prompt_context() hook did not fully collect chains of responses. #7
research
Looking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber Evolution
Dark Reading editors reflect on two decades of dramatic change — from perimeter defense to assume-breach strategies — and warn that while AI, cloud, and …
news
Webinar: The hidden bottlenecks in network incident response
IT teams are increasingly overwhelmed by alerts from disconnected systems, forcing responders to manually coordinate investigations during network incidents. …
news
Advancing content provenance for a safer, more transparent AI ecosystem
OpenAI advances AI content provenance with Content Credentials, SynthID, and a verification tool to help people identify and trust AI-generated media.
vendorv2.1.144
What's changed Added /resume support for background sessions — sessions started via claude --bg or agent view now appear alongside interactive ones, marked with …
toolsKPMG integrates Claude across its core business and workforce of more than 276,000 in strategic alliance
KPMG integrates Claude across its core business and workforce of more than 276,000 in strategic alliance
vendorWidening the conversation on frontier AI
Widening the conversation on frontier AI
vendor
Is 2026 the Year AI Bills of Materials Get Real?
Understanding AI BOMs and where they fit into risk management for artificial intelligence.
news
'Claw Chain' Vulnerabilities Threaten OpenClaw Deployments
The now patched vulnerabilities in the rapidly growing AI agent framework allow attackers to steal credentials, escalate privileges, and maintain persistence.
news
5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
Many employees already use shadow AI tools at work without security review. Adaptive Security breaks down how teams can build practical AI governance without …
news
Fast-tracking genetic leads to reverse cellular aging
Biologists use Co-Scientist to find novel factors that successfully rejuvenate human cells.
vendor
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model …
news
The Boring Stuff is Dangerous Now
AI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed …
news
OpenAI and Dell partner to bring Codex to hybrid and on-premise enterprise environments
OpenAI and Dell partner to bring Codex to hybrid and on-premise environments, helping enterprises deploy AI coding agents securely across data and workflows.
vendor
OWASP ASI02: tool misuse and exploitation — the definitive security guide
The definitive security guide for platform engineers, AI builders, and risk managersOWASP Agentic Security Initiative (ASI) Top 10 | — ASI02: Tool Misuse & …
researchAnthropic acquires Stainless
Anthropic acquires Stainless
vendor
Simulate real-world places with Project Genie and Street View
We’re expanding access to Google AI Ultra subscribers globally and introducing a new capability powered by Street View.
vendor
Introducing Gemini Omni
vendor
Introducing Google Antigravity 2.0
vendor
Gemini for Science: AI experiments and tools for a new era of discovery
A collection of science tools and experiments to expand the scale and precision of scientific exploration.
vendor
Making it easier to understand how content was created and edited
We're expanding our tools to help you understand how content was created and edited across the web.
vendor
Strengthening Singapore’s AI Future: A New National Partnership
Google DeepMind and Singapore partner to apply frontier AI to address complex challenges across health, education, and sustainability and more.
vendor
Finding the molecular switches behind new infectious diseases
Clare Bryant uses Co-Scientist to identify genetic triggers in emerging infectious diseases.
vendor
Opening new paths in aging research
Calico Life Sciences uses Co-Scientist to connect scattered findings and generate new leads in aging research.
vendor
Accelerating discovery of liver disease mechanisms
Filippo Menolascina uses Co-Scientist to identify new liver disease treatments and explain why existing drugs only help certain patients.
vendor
Uniting biological toolkits for a new approach to ALS
Co-Scientist unites Boston Children’s Hospital and MIT’s labs to explore new RNA-based treatments for ALS.
vendor
Uncovering repurposed medicines to fight liver fibrosis
Stanford geneticist uses Co-Scientist to help find new treatments for chronic liver disease and liver fibrosis.
vendor
How WeatherNext helped the National Hurricane Center better predict Hurricane Melissa’s historic landfall in Jamaica
Learn how our WeatherNext AI model help forecasters give communities unprecedented time to prepare ahead of the historic Hurricane Melissa.
vendor
OpenAI and Malta partner to bring ChatGPT Plus to all citizens
OpenAI and Malta partner to expand AI access, offering ChatGPT Plus and training to help citizens build practical AI skills and use AI responsibly.
vendor
Gemini 3.5: frontier intelligence with action
Gemini 3.5 is built to help you execute complex, agentic workflows.
vendorv2.1.143
What's changed Added plugin dependency enforcement: claude plugin disable now refuses when another enabled plugin depends on the target (with a copy-pasteable …
tools
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but …
newsQR code generator
Tool: QR code generator Claude helped me build this tool for creating QR codes, for both text/URLs and for connecting to WiFi networks. Tags: vibe-coding , …
researchdatasette-llm-limits 0.1a0
Release: datasette-llm-limits 0.1a0 This plugin works in conjunction with datasette-llm and datasette-llm-accountant to let you configure a per-user (or global) …
research
How sales teams use Codex
See how sales teams can use Codex to create pipeline briefs, meeting prep packets, forecast reviews, account plans, and stalled-deal diagnoses from real work …
vendor
How business operations teams use Codex
See how business operations teams can use Codex to create initiative briefs, strategy updates, leadership decision packets, progress updates, and more from real …
vendor
How data science teams use Codex
See how data science teams can use Codex to build root-cause briefs, impact readouts, KPI memos, scoped analyses, and dashboard specs from real work inputs.
vendor
Databricks brings GPT-5.5 to enterprise agent workflows
Databricks uses GPT-5.5 for enterprise agent workflows after the model set a new state of the art on the OfficeQA Pro benchmark.
vendor
A new personal finance experience in ChatGPT
Preview a new personal finance experience in ChatGPT for Pro users in the U.S. Securely connect your financial accounts and get AI-powered insights and guidance …
vendorv2.1.142
What's changed Added new claude agents flags: --add-dir , --settings , --mcp-config , --plugin-dir , --permission-mode , --model , --effort , and …
tools
TeamPCP hackers advertise Mistral AI code repos for sale
The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. [...]
news
Sea's View on the Future of Agentic Software Development with Codex
Sea Limited's CPO explains why the company is deploying Codex across engineering teams to accelerate AI-native software development in Asia.
vendor
OpenAI confirms security breach in TanStack supply chain attack
OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company …
news
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain …
news
Work with Codex from anywhere
Use Codex anywhere with the ChatGPT mobile app. Monitor, steer, and approve coding tasks in real time across devices and remote environments.
vendor
AI Drives Cybersecurity Investments, Widening 'Valley of Death'
In a role reversal, investment dollars in security startups exceeded the value of mergers and acquisitions in 1Q26 by more than $1 billion, a rare occurrence.
news
How AI Hallucinations Are Creating Real Security Risks
AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet …
newsdatasette-ip-rate-limit 0.1a0
Release: datasette-ip-rate-limit 0.1a0 The datasette.io site was being hammered by poorly-behaved crawlers, so I had Codex (GPT-5.5 xhigh) build a configurable …
researchAnthropic forms $200 million partnership with the Gates Foundation
Anthropic forms $200 million partnership with the Gates Foundation
vendor
Helping ChatGPT better recognize context in sensitive conversations
Learn how new ChatGPT safety updates improve context awareness in sensitive conversations, helping detect risk over time and respond more safely.
vendorPwC is deploying Claude to build technology, execute deals, and reinvent enterprise functions for clients
PwC is deploying Claude to build technology, execute deals, and reinvent enterprise functions for clients
vendorWelcome to the Datasette blog
Welcome to the Datasette blog We have a bunch of neat Datasette announcements in the pipeline so we decided it was time the project grew an official blog. I …
researchv2.1.141
What's changed Added terminalSequence field to hook JSON output so hooks can emit desktop notifications, window titles, and bells without a controlling terminal …
toolsQuoting Boris Mann
“11 AI agents” is meaningless as a phrase. If I said “I have 11 spreadsheets” or “I have 11 browser tabs” to do my work, it means about the same thing. — Boris …
research
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, …
news
LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly
In the latest evolution of automated cyberattacks, two threat campaigns heavily leveraged AI agents to support attacks against entities in Mexico and Brazil.
news
AI risk management insurance is tightening. Cyber insurance history shows exactly where it ends up.
Major insurers are adding AI-related exclusions to their policies. Cyber insurance tells us what comes next, and what enterprises should prepare before their …
research
Building a safe, effective sandbox to enable Codex on Windows
Learn how OpenAI built a secure sandbox for Codex on Windows, enabling safe, efficient coding agents with controlled file access and network restrictions.
vendor
CSP Allow-list Experiment
Tool: CSP Allow-list Experiment An experiment that shows that you can load an app in a CSP-protected sandboxed iframe (see previous note ) and have a custom …
research
Our response to the TanStack npm supply chain attack
OpenAI details its response to the TanStack “Mini Shai-Hulud” supply chain attack, outlines protections taken to secure systems and signing certificates, and …
vendorIntroducing Claude for Small Business
Introducing Claude for Small Business
vendorv2.1.140
What's changed Improved Agent tool subagent_type matching to accept case- and separator-insensitive values (e.g. "Code Reviewer" resolves to code-reviewer ) …
tools
Webinar: Fixing the gaps in network incident response
IT teams often struggle to quickly coordinate responses across disparate systems during network incidents. This upcoming webinar explores how automation and …
newsllm 0.32a2
Release: llm 0.32a2 A bunch of useful stuff in this LLM alpha, but the most important detail is this one: Most reasoning-capable OpenAI models now use the …
research
How finance teams use Codex
See how finance teams can use Codex to build MBRs, reporting packs, variance bridges, model checks, and planning scenarios from real work inputs.
vendor
Co-Scientist: A multi-agent AI partner to accelerate research
Introducing Co-Scientist, a collaborative AI partner built with Gemini to help researchers accelerate scientific breakthroughs.
vendor
Hugging Face Packages Weaponized With a Single File Tweak
A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model's outputs and exfiltrate data.
news
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TeamPCP, the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, …
news
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting …
news
Why Agentic AI Is Security's Next Blind Spot
Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most …
news
OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to …
news
How NVIDIA engineers and researchers build with Codex
Teams use Codex with GPT-5.5 to ship production systems and turn research ideas into runnable experiments.
vendor
What Parameter Golf taught us about AI-assisted research
Parameter Golf brought together 1,000+ participants and 2,000+ submissions to explore AI-assisted machine learning research, coding agents, quantization, and …
vendor
AutoScout24 scales engineering with AI-powered workflows
Learn how AutoScout24 Group uses Codex and ChatGPT to speed development cycles, improve code quality, and expand AI adoption.
vendorQuoting James Shore
Your AI coding agent, the one you use to write code, needs to reduce your maintenance costs. Not by a little bit, either. You write code twice as quick now? …
researchYour AI Use Is Breaking My Brain
Your AI Use Is Breaking My Brain Excellent, angry piece by Jason Koebler on how AI writing online is becoming impossible to avoid, filtering it is mentally …
researchUsing LLM in the shebang line of a script
TIL: Using LLM in the shebang line of a script Kim_Bruning on Hacker News : But seriously, you can put a shebang on an english text file now (if you're …
researchv2.1.139
What's changed Added agent view (Research Preview): a single list of every Claude Code session — running, blocked on you, or done. Run claude agents to get …
tools
Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence …
news
How ChatGPT adoption broadened in early 2026
ChatGPT adoption surged in Q1 2026, with fastest growth among users over 35 and more balanced gender usage, signaling broader mainstream AI adoption.
vendor
Google: Hackers used AI to develop zero-day exploit for web admin tool
Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web administration tool was likely generated …
news
Hackers Use AI for Exploit Development, Attack Automation
Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestrate complex attacks.
news
OpenAI Campus Network: Student club interest form
Join the OpenAI Campus Network—connect student clubs worldwide, access AI tools, host events, and build an AI-powered campus community.
vendor
How enterprises are scaling AI
How enterprises scale AI: from early experiments to compounding impact through trust, governance, workflow design, and quality at scale.
vendor
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
A malicious Hugging Face repository managed to take a spot in the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model to deliver …
news
Top GenAI security resources — May 2026
Our May 2026 top includes practical insights on frontier Anthropic's Mythos model, new research bypassing GPT-5.4's safety, LLM-specific CIS lifecycle …
research
OpenAI launches DeployCo to help businesses build around intelligence
OpenAI launches DeployCo, a new enterprise deployment company built to help organizations bring frontier AI into production and turn it into measurable business …
vendor
Hackers abuse Google ads, Claude.ai chats to push Mac malware
Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign. Users searching for "Claude mac download" may come …
news
Fake OpenAI repository on Hugging Face pushes infostealer malware
A malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's "Privacy Filter" project to deliver information-stealing …
newsv2.1.138
What's changed Internal fixes
toolsQuoting Luke Curley
WebRTC is designed to degrade and drop my prompt during poor network conditions. wtf my dude WebRTC aggressively drops audio packets to keep latency low. If …
researchv2.1.137
What's changed [VSCode] Fixed extension failing to activate on Windows
tools
Using Claude Code: The Unreasonable Effectiveness of HTML
Using Claude Code: The Unreasonable Effectiveness of HTML Thought-provoking piece by Thariq Shihipar (on the Claude Code team at Anthropic) advocating for HTML …
researchv2.1.136
What's changed Added CLAUDE_CODE_ENABLE_FEEDBACK_SURVEY_FOR_OTEL to re-enable the session quality survey for enterprises capturing responses through …
toolsv1.27.1
What's Changed [v1.x] fix: catch PydanticUserError when generating output schema (pydantic 2.13 compat) by @maxisbey in #2435 [v1.x] fix(auth): coerce …
tools
Why More Analysts Won’t Solve Your SOC’s Alert Problem
Attackers move faster than overwhelmed SOC teams can realistically investigate alerts. Prophet Security breaks down how AI can help analysts investigate alerts …
news
Running Codex safely at OpenAI
How OpenAI runs Codex securely with sandboxing, approvals, network policies, and agent-native telemetry to support safe and compliant coding agent adoption.
vendorv2.1.133
What's changed Added worktree.baseRef setting ( fresh | head ) to choose whether --worktree , EnterWorktree , and agent-isolation worktrees branch from …
tools
New TCLBanker malware self-spreads over WhatsApp and Outlook
A new trojan named TCLBanker, which targets 59 banking, fintech, and cryptocurrency platforms, uses a trojanized MSI installer for Logitech AI Prompt Builder to …
newsllm-gemini 0.31
Release: llm-gemini 0.31 gemini-3.1-flash-lite is no longer a preview . Here's my write-up of the Gemini 3.1 Flash-Lite Preview model back in March. I don't …
research
Behind the Scenes Hardening Firefox with Claude Mythos Preview
Behind the Scenes Hardening Firefox with Claude Mythos Preview Fascinating, in-depth details on how Mozilla used their access to the Claude Mythos preview to …
research
Notes on the xAI/Anthropic data center deal
There weren't a lot of big new announcements from Anthropic at yesterday's Code w/ Claude event, but the biggest by far was the deal they've struck with …
research
The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls
Your security controls aren't failing, they're missing where most of today's work actually happens. Keep Aware shows how browser activity like copy/paste and AI …
news
One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches
The hardest part of cybersecurity isn't the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, …
news
TrustFall: coding agent security flaw enables one-click RCE in Claude, Cursor, Gemini CLI and GitHub Copilot
A regression in the Claude Code trust dialog and a settings-scope inconsistency let a cloned repo run unsandboxed code with one keypress, and on CI runners with …
research
Scaling Trusted Access for Cyber with GPT-5.5 and GPT-5.5-Cyber
OpenAI expands Trusted Access for Cyber with GPT-5.5 and GPT-5.5-Cyber, helping verified defenders accelerate vulnerability research and protect critical …
vendor
'TrustFall' Convention Exposes Claude Code Execution Risk
Malicious repositories can trigger code execution in Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI with minimal or no user interaction, thanks to skimpy …
news
World's First AI-Driven Cyberattack Couldn't Breach OT Systems
The most sophisticated AI-integrated campaign to date hit a brick wall in the form of a SCADA login screen.
news
Parloa builds service agents customers want to talk to
Parloa leverages OpenAI models to power scalable, voice-driven AI customer service agents, enabling enterprises to design, simulate, and deploy reliable, …
vendor
Fake Claude AI website delivers new 'Beagle' Windows malware
A fake version for the Claude AI website offers a malicious Claude-Pro Relay download that pushes a previously undocumented backdoor for Windows named Beagle. …
news
Advancing voice intelligence with new models in the API
Explore new realtime voice models in the OpenAI API that can reason, translate, and transcribe speech, enabling more natural and intelligent voice experiences.
vendorGitHub Repo Stats
Tool: GitHub Repo Stats One of the things I always look for when evaluating a new GitHub repository is the number of commits it has... but that number isn't …
research
Testing ads in ChatGPT
OpenAI begins testing ads in ChatGPT to support free access, with clear labeling, answer independence, strong privacy protections, and user control.
vendor
Introducing Trusted Contact in ChatGPT
Introducing Trusted Contact in ChatGPT, an optional safety feature that notifies someone you trust if serious self-harm concerns are detected.
vendor
Simplex rethinks software development with Codex
Simplex boosts software development with ChatGPT Enterprise and Codex, reducing design, build, and testing time while scaling AI-driven workflows.
vendorv2.1.132
What's changed Added CLAUDE_CODE_SESSION_ID environment variable to the Bash tool subprocess environment, matching the session_id passed to hooks Added …
toolsLive blog: Code w/ Claude 2026
I'm at Anthropic's Code w/ Claude event today. Here's my live blog of the morning keynote sessions. Tags: ai , generative-ai , llms , anthropic , claude , …
researchVibe coding and agentic engineering are getting closer than I'd like
I recently talked with Joseph Ruscio about AI coding tools for Heavybit's High Leverage podcast: Ep. #9, The AI Coding Paradigm Shift with Simon Willison . Here …
research
Your AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?
Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their …
news
AlphaEvolve: How our Gemini-powered coding agent is scaling impact across fields
Explore how AlphaEvolve's Gemini-powered algorithms are driving impact across business, infrastructure, and science.
vendor
Top MCP security resources — May 2026
May 2026 top MCP security resources include a breakdown of fundamental transport flaw exposing 200,000 servers, a reference MCP architecture, and tools to …
research
How ChatGPT learns about the world while protecting privacy
Learn how ChatGPT safeguards your privacy, reduces personal data in training, and gives you control over whether your conversations improve AI models.
vendorv2.1.131
What's changed Fixed VS Code extension failing to activate on Windows due to a hardcoded build path in the bundled SDK ( createRequire polyfill bug) Fixed …
toolsv2.1.129
What's changed Added --plugin-url <url> flag to fetch a plugin .zip archive from a URL for the current session Added CLAUDE_CODE_FORCE_SYNC_OUTPUT=1 env var to …
toolsHigher usage limits for Claude and a compute deal with SpaceX
Higher usage limits for Claude and a compute deal with SpaceX
vendor
Introducing ChatGPT Futures: Class of 2026
Meet the ChatGPT Futures Class of 2026—26 student innovators using AI to build, research, and drive real-world impact. Discover how this generation is …
vendor
How frontier enterprises are building an AI advantage
OpenAI’s B2B Signals research shows how frontier enterprises deepen AI adoption, scale Codex-powered agentic workflows, and build durable competitive advantage.
vendor
Uber uses OpenAI to help people earn smarter and book faster
Uber uses OpenAI to power AI assistants and voice features that help drivers earn smarter and riders book faster across a global real-time marketplace.
vendor
Singular Bank helps bankers move fast with ChatGPT and Codex
Singular Bank built Singularity, an internal assistant using ChatGPT and Codex to help bankers save 60–90 minutes daily on meeting prep, portfolio analysis, and …
vendorOur AI started a cafe in Stockholm
Our AI started a cafe in Stockholm Andon Labs previously started an AI-run retail store in San Francisco. Now they're running a similar experiment in Stockholm, …
research
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth …
news
We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is
While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that …
news
Unlocking large scale AI training networks with MRC (Multipath Reliable Connection)
OpenAI introduces MRC (Multipath Reliable Connection), a new supercomputer networking protocol released via OCP to improve resilience and performance in …
vendor
GPT-5.5 Instant: smarter, clearer, and more personalized
GPT-5.5 Instant updates ChatGPT’s default model with smarter, more accurate answers, reduced hallucinations, and improved personalization controls.
vendor
GPT-5.5 Instant System Card
vendordatasette-llm 0.1a7
Release: datasette-llm 0.1a7 Mechanism for configuring default options for specific models. Part of Datasette's evolving support mechanism for plugins that use …
researchllm-echo 0.5a0
Release: llm-echo 0.5a0 New -o thinking 1 option to help test against LLM 0.32a0 and higher. This plugin provides a fake model called "echo" for LLM which …
researchQuoting John Gruber
So it’s well known that Y Combinator owns some stake in OpenAI. But how big is that stake? This seems like devilishly difficult information to obtain. I asked …
researchAgents for financial services
Agents for financial services
vendor
New ways to buy ChatGPT ads
OpenAI expands ChatGPT ads with a beta self-serve Ads Manager, CPC bidding, and enhanced measurement tools—built to protect privacy and keep conversations …
vendor
Advancing youth safety and wellbeing in EMEA
Explore OpenAI’s European Youth Safety Blueprint and EMEA Youth & Wellbeing Grants, advancing safe, responsible AI for teens, families, and educators.
vendorv2.1.128
What's changed Bare /color (no args) now picks a random session color /mcp now shows the tool count for connected servers and flags servers that connected with …
toolsApril 2026 newsletter
I just sent out the April edition of my sponsors-only monthly newsletter . If you are a sponsor (or if you start a sponsorship now) you can access it here . In …
research
OpenAI and PwC collaborate to reimagine the office of the CFO
OpenAI and PwC are partnering to help enterprises use AI agents to automate finance workflows, improve forecasting, strengthen controls, and modernize the CFO …
vendor
Top Agentic AI security resources — May 2026
Explore this month's top of 29 critical resources to understand active in-the-wild exploits, learn why top vendors are quietly patching their AI agents, and …
researchTRE Python binding — ReDoS robustness demo
Research: TRE Python binding — ReDoS robustness demo If it's good enough for antirez to add to Redis I figured Ville Laurikari's TRE regular expression engine …
research
⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into …
news
Copirate 365 at DEF CON: Plundering in the Depths of Microsoft Copilot (CVE-2026-24299)
This is a writeup of my DEF CON Singapore talk that walks through vulnerabilities and exploits in M365 Copilot and Consumer Copilot. I disclosed these to …
research
2026: The Year of AI-Assisted Attacks
On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the …
newsBuilding a new enterprise AI services company with Blackstone, Hellman & Friedman, and Goldman Sachs
Building a new enterprise AI services company with Blackstone, Hellman & Friedman, and Goldman Sachs
vendor
How OpenAI delivers low-latency voice AI at scale
How OpenAI rebuilt its WebRTC stack to power real-time Voice AI with low latency, global scale, and seamless conversational turn-taking.
vendorQuoting Anthropic
We used an automatic classifier which judged sycophancy by looking at whether Claude showed a willingness to push back, maintain positions when challenged, give …
research
Sightings
/elsewhere/sightings/ I have a new camera (a Canon R6 Mark II) so I'm taking a lot more photos of birds. I share my best wildlife photos on iNaturalist , and …
research
76% of All Crypto Stolen in 2026 Is Now in North Korea
North Korean threat actors are pulling off historic cryptocurrency heists on a yearly, sometimes weekly basis now. AI might be helping them.
newsiNaturalist Sightings
Tool: iNaturalist Sightings I wanted to see my iNaturalist observations - across two separate accounts - grouped by when they occurred. I'm camping this weekend …
research
If AI's So Smart, Why Does It Keep Deleting Production Databases?
The issue isn't artificial intelligence, but rather an industry adding AI agent integrations into production environments before proper security testing.
newsv2.1.126
What's changed The /model picker now lists models from your gateway's /v1/models endpoint when ANTHROPIC_BASE_URL points at an Anthropic-compatible gateway …
toolsCodex CLI 0.128.0 adds /goal
Codex CLI 0.128.0 adds /goal The latest version of OpenAI's Codex CLI coding agent adds their own version of the Ralph loop : you can now set a /goal and Codex …
researchOur evaluation of OpenAI's GPT-5.5 cyber capabilities
Our evaluation of OpenAI's GPT-5.5 cyber capabilities The UK's AI Security Institute previously evaluated Claude Mythos : now they've evaluated GPT-5.5 for …
researchQuoting Andrew Kelley
It's a common misconception that we can't tell who is using LLM and who is not. I'm sure we didn't catch 100% of LLM-assisted PRs over the past few months, but …
research
Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug
The proof-of-concept exploit code runs only 10 lines long, but luckily, a patch is already available.
news
Anthropic's Mythos Has Landed: Here's What Comes Next for Cyber
In this latest installment of the Reporters' Notebook video series, we discuss how the new AI model threatens to completely upend cybersecurity, and what …
news
New Bluekit phishing service includes an AI assistant, 40 templates
A new phishing kit named Bluekit offers more than 40 templates targeting popular services and includes basic AI features for generating campaign drafts. [...]
news
Enabling a new model for healthcare with AI co-clinician
Researching the path to AI-augmented care and development of an AI co-clinician.
vendor
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" …
news
AI-driven exploitation is here: what Mythos proved and what comes next
Anthropic's Mythos completed a 32-step network attack autonomously in hours. Here's why this capability isn't exclusive to Mythos, and why AI systems your teams …
researchThe Zig project's rationale for their firm anti-AI contribution policy
Zig has one of the most stringent anti-LLM policies of any major open source project: No LLMs for issues. No LLMs for pull requests. No LLMs for comments on the …
research
Claude Mythos Fears Startle Japan's Financial Services Sector
Global financial institutions are panicked over Anthropic's new superhacker AI model. Cyber experts aren't quite as worried.
news
Introducing Advanced Account Security
Introducing Advanced Account Security: phishing-resistant login, stronger recovery, and enhanced protections to safeguard sensitive data and prevent account …
vendorllm 0.32a1
Release: llm 0.32a1 Fixed a bug in 0.32a0 where tool-calling conversations were not correctly reinflated from SQLite. #1426 Tags: llm
research
Reverse Engineering With AI Unearths High-Severity GitHub Bug
Wiz used an AI reverse-engineering tool to pinpoint a vulnerability that previously would have been too costly and time-consuming to undertake.
news
Where the goblins came from
How goblin outputs spread in AI models: timeline, root cause, and fixes behind personality-driven quirks in GPT-5 behavior.
vendor
AI Finds 38 Security Flaws in Electronic Health Record Platform
Flaws in OpenEMR's platform — used by more than 100,000 healthcare providers — enabled database compromise, remote code execution, and data theft.
news
LLM 0.32a0 is a major backwards-compatible refactor
I just released LLM 0.32a0 , an alpha release of my LLM Python library and CLI tool for accessing LLMs, with some consequential changes that I've been working …
researchllm 0.32a0
Release: llm 0.32a0 See the annotated release notes . Tags: llm
research
Building the compute infrastructure for the Intelligence Age
OpenAI scales Stargate to build the compute infrastructure powering AGI, adding new data center capacity to meet growing AI demand.
vendor
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus …
news
Learning from the Vercel breach: Shadow AI & OAuth sprawl
A single third-party OAuth integration can become a direct path into your environment. Push explains how the Vercel breach shows a compromised OAuth app can …
news
Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks
In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly into …
news