All news with #openai tag

🧩 Amazon SageMaker Inference now supports OpenAI-compatible APIs, enabling existing tools and frameworks like the OpenAI SDK, LangChain, and Strands Agents to connect directly to SageMaker endpoints. Switching requires only changing an endpoint URL, with no custom integration code or SDK wrappers. You can continue using your current authentication approach while choosing GPU instances, keeping data in your VPC, running open source or fine-tuned models, and leveraging auto-scaling policies. This capability is available today across multiple AWS regions with AWS credentials and automatic token refresh for production use.

🛡️ OpenAI disclosed that two corporate employee devices were compromised by the Mini Shai-Hulud supply chain attack linked to TanStack. The company said no user data, production systems, or intellectual property were accessed or altered, though limited credential material was exfiltrated from a subset of internal source-code repositories. OpenAI isolated affected systems, revoked sessions, rotated credentials and code-signing certificates, and temporarily restricted deployment workflows. macOS users must update affected apps before the June 12, 2026 certificate revocation cutoff.

🔒 OpenAI confirmed that two employee devices were breached in the Mini Shai-Hulud/TanStack supply-chain attack that compromised hundreds of npm and PyPI packages. The company said customer data, production systems, intellectual property, and deployed software were not impacted. OpenAI isolated affected systems, revoked sessions, rotated credentials, and engaged a third-party forensic firm. It is rotating code-signing certificates as a precaution, requiring macOS users to update desktop apps before June 12, 2026.

🛡️ Palo Alto Networks is expanding its Frontier AI Alliance to scale delivery of autonomous, real-time defenses. Building on the Frontier AI Defense initiative and recent testing of frontier models (including Anthropic’s Mythos, Claude Opus 4.7, and OpenAI’s GPT-5.5-Cyber), the company has added a new cohort of strategic partners. By pairing Palo Alto Networks’ technology with partners’ consulting expertise, the program aims to deliver AI readiness at scale and machine-speed MTTR to customers.

🔒 Palo Alto Networks reports ongoing testing of frontier AI models, including Anthropic and OpenAI, finding they rapidly surface code vulnerabilities and potential exploit paths. In the May 'Patch Wednesday' advisories the majority of findings originated from these AI scans, prompting broad rescanning and remediation. The company warns of a narrow three-to-five-month window before AI-driven exploits spread and offers Unit 42 services to help organizations respond.

🔍 The UK’s AI Security Institute evaluated GPT-5.5’s ability to identify software security vulnerabilities and concluded it performs comparably to Claude Mythos, based on a series of red-team style tests and benchmark prompts. The assessment highlights that GPT-5.5 is generally available from OpenAI, making high-quality automated vulnerability detection more accessible to organizations and researchers. The Institute also analyzed a smaller, cheaper model which, when given additional prompting scaffolding and careful supervision, delivered similar detection performance. Overall, the study suggests parity among leading LLMs for initial vulnerability discovery, with differences largely hinging on prompt engineering and deployment context.

🔒 OpenAI has launched Daybreak, an initiative built on its frontier LLMs and the Codex assistant to help developers embed security throughout the software development lifecycle. Announced on May 12, Daybreak extends the Trusted Access for Cyber (TAC) program and includes GPT‑5.5, TAC-enabled GPT‑5.5, GPT‑5.5‑Cyber and a Codex Security research preview. The initiative supports code scanning, vulnerability triage, automated detection and response while pairing defensive capabilities with verification, proportional safeguards and accountability.

🔒 OpenAI has unveiled Daybreak, an enterprise-focused cyber-defense platform that combines its large language models with Codex-style agent capabilities and broad integrations across the security ecosystem. The initiative aims to accelerate vulnerability discovery, generate and test fixes within repositories, and deliver audit-ready evidence back into enterprise workflows. Daybreak will be offered in tiers including GPT-5.5, Trusted Access, and GPT-5.5-Cyber, and is being developed with major vendors and government partners.

⚠ TeamPCP's "Mini Shai-Hulud" campaign has trojanized npm and PyPI packages from maintainers including TanStack, Mistral AI, OpenSearch, UiPath, and Guardrails AI, deploying an obfuscated credential stealer that targets cloud services, crypto wallets, AI tools, messaging apps and CI systems. The malware exfiltrates data via a Session Protocol domain (filev2.getsession[.]org), a typosquat domain and GitHub API dead-drops, and persists through IDE hooks in Claude Code and VS Code. Attackers abused GitHub Actions OIDC permissions and produced malicious packages with valid SLSA attestations; TanStack's cluster was assigned CVE-2026-45321 (CVSS 9.6).

🔒 HiddenLayer discovered the Open-OSS/privacy-filter repository on Hugging Face was malicious on May 7. The repo, which copied OpenAI's Privacy Filter model card almost verbatim and showed inflated engagement, delivered a Rust-based infostealer via a base64-encoded loader. The malware steals browser passwords, session cookies, tokens, crypto wallet data and other credentials. HiddenLayer warns anyone who ran files from the repo to treat hosts as fully compromised and to wipe, isolate and rotate all affected credentials.

🛡️ OpenAI announced Daybreak, a cybersecurity initiative that combines GPT-5.5 family models with Codex Security to identify, test, and propose fixes for vulnerabilities before attackers exploit them. Daybreak builds editable threat models, runs isolated vulnerability tests, and suggests prioritized remediation and patch validation. Access is tightly controlled and available by request, and major vendors are integrating under Trusted Access for Cyber.

📌 At Cosmos Conf 2026 Microsoft outlined how AI is transforming application and database design, arguing data platforms must become systems of reasoning that handle prompts, memory, and evolving context. Leaders from OpenAI, Vercel, and Walmart stressed the need for serverless instant scalability, integrated caching, low-latency global distribution, and developer cost visibility. Demos and customer stories highlighted patterns like vector search, change feed, and role-based governance to deliver real-world, low-latency AI experiences.

⚠️ A malicious Hugging Face repository posing as an OpenAI release delivered an infostealer to Windows hosts and accumulated about 244,000 downloads before removal. Researchers at HiddenLayer found the repo copied OpenAI’s model card and included a loader.py that fetched and executed credential-stealing payloads. The loader disabled SSL verification, used jsonkeeper.com as a C2, and employed scheduled tasks and a Rust-based infostealer to exfiltrate browser data, wallets, Discord storage, and FileZilla credentials.

🚨 A malicious Hugging Face repository impersonating OpenAI's Privacy Filter model reached #1 trending before being disabled after delivering a Rust-based information stealer to Windows users. The attacker typosquatted the legitimate release and copied its model card, instructing victims to run a loader.py or Windows start.bat to fetch payloads via a JSON Keeper dead drop. The multi-stage chain used PowerShell to download secondary loaders, set Defender exclusions, and install a one-shot scheduled task that launched a stealer collecting browser, wallet and app data for exfiltration.

⚠ OpenAI and Anthropic models were used by attackers in a cyber-attack that targeted a municipal water and drainage utility in the Monterrey metropolitan area, Dragos reports. The incident, which unfolded between December 2025 and February 2026, involved roughly 350 artifacts, many of them AI-generated malicious scripts used as offensive tooling. According to the report, Anthropic's Claude served as the primary technical executor—handling prompt-and-response interactions, intrusion planning and deployment—while OpenAI's GPT models were used for analytical tasks and generating Spanish-language outputs. Although the OT breach was ultimately unsuccessful, Dragos warns the campaign demonstrates how commercial LLMs can accelerate and refine attacks against operational environments and recommends tighter remote access policies and stronger authentication controls.

🔒 The Center for AI Standards and Innovation (CAISI), part of the Department of Commerce’s NIST, has secured agreements with Google DeepMind, Microsoft, and xAI to conduct pre-deployment evaluations and targeted research on frontier AI models. These accords expand an existing program that already includes Anthropic and OpenAI and are intended to provide vendors with safety feedback before public release. Microsoft described the partnerships as essential to building trust in advanced systems, while CAISI emphasized continuous evaluation to advance AI security and standards.

🔐 OpenAI has published a roadmap titled 'Cybersecurity in the Intelligence Age' pledging to democratize AI-powered cyber defense and to extend its Trusted Access for Cyber (TAC) program. The April 30 paper, released shortly after the debut of GPT5.4-Cyber, outlines new TAC tiers for authenticated cyber defenders and wider inclusion of governments, major platforms, cloud hyperscalers and critical infrastructure operators. OpenAI also commits to strengthen internal red-teaming, misuse detection and safety mechanisms while collaborating with governments on threat models and intelligence sharing.

🚀 Amazon Bedrock now includes OpenAI GPT OSS (120B and 20B) and NVIDIA Nemotron models (Nano 9B v2, Nano 12B v2, Nano 30B, Super 120B), enabling developers to access open-weight foundation models through a single API. The integration is powered by Mantle, a distributed inference engine that provides serverless, high-performance inference, unified capacity pools, automated quota management, and OpenAI API compatibility. These models are available on AWS GovCloud (US) for compliant, enterprise-grade deployments.

🚀 Amazon announced that Amazon Bedrock now provides access to the latest OpenAI models, Codex, and a Managed Agents offering in limited preview. OpenAI models and Codex integrate with Bedrock controls such as IAM, AWS PrivateLink, encryption, and CloudTrail, and usage can be applied toward existing AWS cloud commitments. Managed Agents run on Bedrock AgentCore, log actions per agent, and keep inference within the customer's AWS environment.

🚀 GPT-5.5 is being made generally available in Microsoft Foundry, enabling enterprises to run OpenAI's latest frontier model for production agentic workflows. The model brings deeper long-context reasoning, improved agentic execution, higher computer-use accuracy, and better token efficiency. Foundry supplies governance, identity isolation, persistent sandboxes, and integrations to evaluate and scale agents securely.