< ciso
brief />
Tag Banner

All news with #openai tag

190 articles

Agents turned attack vector in code security checks

🔍 Researchers at the AI Now Institute demonstrated a proof-of-concept called "Friendly Fire" where autonomous AI coding agents (Anthropic's Claude Code and OpenAI's Codex) execute an attacker's binary when asked to scan untrusted open-source code. The attack hides a malicious binary alongside benign files and a README that prompts the agent to run a security script; in auto-modes the agents approved and executed it without prompting. The weakness is framed as a workflow/design issue rather than a single vulnerable version, and the researchers recommend never giving command-capable agents unattended access to untrusted code.
read more →

Researcher Publishes Mass Open-Source Exploit Dump

🔍 A pseudonymous researcher published an 'Exploitarium' GitHub repository containing over 30 proof-of-concept exploits for zero-day vulnerabilities in many open-source projects without prior vendor notification. The dump, shared from June 27 onwards, targets projects like libssh2, FFmpeg, 7-Zip, Gitea, PHP and others, and the author claims AI-assisted fuzzing using OpenAI models. The release bypassed coordinated vulnerability disclosure, drew debate across the security community, and has led to some CVEs and patches, while others remain under review.
read more →

Fortinet Update on Frontier AI Use in Security

🔒 Fortinet describes its integration of frontier AI models (Anthropic’s Glasswing/Mythos and OpenAI’s Daybreak/GPT 5.5 Cyber) alongside on-premises models to scale security testing across firmware, source code, and penetration testing. The company emphasizes responsible innovation, mature vulnerability management, and human validation of AI findings. Fortinet reports limited exploitable firmware issues but greater findings from source-code analysis and commits to mitigation, virtual patching, and secure-by-default deployments.
read more →

Kiro adds GPT-5.4 and Nemotron 3 in GovCloud

🔒 Two new models are now available in the Kiro IDE and CLI for the AWS GovCloud (US-West) Region. OpenAI GPT-5.4 supports complex reasoning, coding, document analysis, and multi-step agentic workflows, running on Amazon Bedrock with a 272K context window and 1.2x credit multiplier. NVIDIA Nemotron 3 Super 120B is offered as an open weight, hybrid MoE option with a 256K context window, 32K max output, and 0.25x credit multiplier. Update your IDE or CLI and restart to access the new models.
read more →

Apple issues urgent iOS, macOS and Safari security updates

🔒 Apple released security updates for iOS, macOS, and Safari to address over three dozen vulnerabilities, including four WebKit flaws discovered with AI tools such as Anthropic Claude and OpenAI Codex Security. The fixes target memory corruption, out-of-bounds write, use-after-free, and other WebKit issues, plus several kernel-level bugs that could leak or corrupt memory. Updates are available for iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2, and Apple noted no active exploitation has been reported.
read more →

OpenAI previews GPT-5.6 Sol with limited access

🛡️ OpenAI has unveiled GPT-5.6 Sol, calling it its "most capable model yet for cybersecurity," but initial access is restricted to a small set of vetted partners at the request of the US government. The preview, announced on June 26, introduces three tiers—Sol, Terra and Luna—and is available via API and Codex to selected partners while OpenAI coordinates with the government on a cyber executive order framework. OpenAI says Sol excels at long-horizon tasks like vulnerability research, includes enhanced safeguards and real-time classifiers, and currently does not autonomously produce full exploits.
read more →

OpenAI restricts GPT-5.6 Sol rollout amid safety checks

🛡️ OpenAI released three GPT-5.6 variants—Sol, Terra, and Luna—as a limited preview to select companies while engaging with the U.S. government. Sol is the flagship and most capable for cybersecurity work, Terra balances efficiency and power, and Luna is optimized for speed and cost. OpenAI emphasized strengthened safety controls, warned of potential legitimate-request blocks during preview, and plans a wider release in the coming weeks.
read more →

Fraudulent OpenAI organization invites target security firms

🔔 Push Security discovered a campaign where attackers create fraudulent OpenAI tenants impersonating real companies and send legitimate-looking invites to employees. The invites originate from OpenAI notification addresses, pass authentication checks, and assign recipients Owner privileges within the fake organization. Attackers used Gmail accounts to pose as company executives and even attached a billing card to the tenant, likely to reduce suspicion. Push Security warns employees could be tricked into submitting sensitive data into the workspace and advises verification and monitoring of SaaS memberships.
read more →

OpenAI expands Daybreak with GPT-5.5-Cyber release

🔒 OpenAI has expanded its Daybreak cyber-defense program, advancing patch automation with the full release of GPT-5.5-Cyber, updates to Codex Security, and a new open-source patching initiative. Access to the model is limited to verified defenders and paired with enhanced monitoring. OpenAI reports improved vulnerability reproduction and exploit-writing scores, while emphasizing human oversight and partnerships with vendors and governments.
read more →

OpenAI launches AI-driven open-source vulnerability program

🔒 OpenAI has teamed with Trail of Bits to launch Patch the Planet, an AI-assisted vulnerability research program aimed at finding and fixing flaws in widely used open-source projects. The initiative pairs models and Codex Security with human review and established disclosure channels, and has already identified hundreds of issues and merged dozens of patches. Participants include projects such as Python, Go, cURL, Sigstore, and others that underpin enterprise software supply chains.
read more →

OpenAI Expands Daybreak with GPT‑5.5‑Cyber Release

🔒 OpenAI is distributing an enhanced GPT‑5.5‑Cyber model to trusted defenders via the Daybreak program, claiming improved capability to find, validate, and patch software vulnerabilities across large codebases. The company also updated the Codex Security plugin to accelerate discovery, triage, and automated patch generation, and launched Patch the Planet with Trail of Bits to secure open‑source projects. These steps aim to help maintainers cope with the surge in AI‑driven vulnerability findings while preserving human oversight.
read more →

Check Point Integrates OpenAI Frontier Cyber Models

🤖 Check Point is embedding OpenAI frontier cyber models into its security products through the Daybreak Cyber Partner Program to deliver sharper prevention, faster remediation, and stronger security operations. The partnership emphasizes built-in guardrails, misuse monitoring, and task-focused outputs. Initial explorations target agentic network security orchestration and CTEM Agentic Exposure Validation to improve policy translation, configuration validation, exposure summarization, prioritization, and remediation drafting.
read more →

OpenAI testing ChatGPT for Science subscription

🔬 OpenAI appears to be testing a new subscription called "ChatGPT for Science" spotted on the web build, aimed at scientific use cases. It may join existing offerings—Personal, Teams, and Business—and could be restricted to verified institutes or universities. OpenAI has previously developed specialized models like GPT-Rosalind for enterprise life sciences, suggesting advanced capabilities and stricter access controls.
read more →

Check Point Joins OpenAI TAC and Daybreak Initiative

🔒 Check Point announced it has joined OpenAI’s Trusted Access for Cyber (TAC) program and the Daybreak initiative to access advanced cyber-capable models. The company will use GPT-5.5, OpenAI’s Codex agentic framework, and direct support from OpenAI to enhance threat analysis, incident investigation, detection engineering, and secure code review. Check Point emphasizes disciplined, focused application of these models to strengthen prevention, speed delivery, and maintain product security for enterprise customers.
read more →

OpenAI GPT-5.4 and GPT-5.5 Now in US East (N. Virginia)

🚀 AWS has expanded availability of OpenAI's GPT-5.4 and GPT-5.5 models to the US East (N. Virginia) Region on Amazon Bedrock. These models support a 272K-token context window, accept text and image input, and are accessible via the Responses API with server- and client-side tool calling, projects, and response streaming. GPT-5.5 targets advanced coding, research, analysis, and long-running agentic tasks, while GPT-5.4 focuses on frontier reasoning, coding, tool use, and long-context workflows.
read more →

OpenAI Lockdown Mode: Limits, Risks, and Governance

🔒 OpenAI’s Lockdown Mode aims to reduce AI-enabled data exfiltration by disabling web browsing, image support, Deep Research, Agent Mode, network access from generated code, and file downloads while still permitting manually uploaded file analysis. Experts say the feature is a pragmatic but imperfect mitigation that still allows side-channel exfiltration, complicates governance across multiple AI vendors, and shifts responsibility between providers and enterprise security teams.
read more →

OpenAI adds Lockdown Mode and session auditing

🔒 OpenAI has rolled out two new security controls for ChatGPT: Lockdown Mode and Active Sessions. Lockdown Mode restricts outbound network access to prevent data exfiltration via prompt injection, at the cost of disabling live connectors and certain features. Active Sessions gives users visibility into and control over signed-in devices, with the ability to end single or all sessions. Both controls target account security and sensitive-data use cases, though SSO accounts and some logins remain unsupported.
read more →

VS Code introduces two‑hour extension update delay

🔒 Microsoft will delay automatic extension updates in Visual Studio Code by two hours to reduce exposure to potentially compromised releases. The feature, available in VS Code 1.123, allows immediate manual updates via the "Update" button and shows reasons and scheduled times for pending updates. Trusted publishers such as Microsoft, GitHub, and OpenAI are exempt and continue to update immediately. The change follows similar cooldown controls added across package managers to curb software supply chain threats.
read more →

OpenAI Proposes Federal Evaluations for Frontier AI

🔎 OpenAI proposed mandatory federal evaluations for the most capable AI models before public release while arguing regulators should not have authority to approve or block deployments. The company urged pre-release assessments by the Center for AI Standards and Innovation (CAISI) alongside audits, transparency reports, incident reporting, and whistleblower protections. OpenAI framed this approach as a middle ground that enhances government visibility and preserves developer responsibility for release decisions.
read more →

Benchmark Shows Mythos Outperforms GPT‑5.5 on Chrome Exploits

🔍 At Infosecurity Europe 2026, Bugcrowd unveiled ExploitBench, a graded benchmark assessing AI models' ability to chain vulnerability discovery into staged exploits against a vulnerable V8 build. Anthropic’s Claude Mythos outperformed OpenAI’s GPT‑5.5 in head‑to‑head runs, achieving higher average scores and more top‑tier exploits, often with occasional human nudges. The report highlights rising offensive potential of frontier LLMs and urges defenders to adopt automated remediation and prioritization.
read more →