< ciso
brief />
Tag Banner

All news with #openai tag

190 articles · page 2 of 10

Amazon Bedrock console redesigned for model workflows

🛠️ The Amazon Bedrock console has been redesigned to match real-world model development workflows: experiment, iterate, and scale. The refreshed UI centers on the bedrock-mantle endpoint and is compatible with the OpenAI Responses API, OpenAI Chat Completions API, and the Anthropic Messages API. Users can browse and compare models, create projects to run evaluations, and get project-aware code snippets prefilled with model ID, region, endpoint URL, and API key references. The new experience is available in all Regions where the bedrock-mantle endpoint is offered.
read more →

Security teams warned: prepare for 'son of Mythos'

🛡️ Security experts at Infosecurity Europe warned that expanding access to frontier AI tools for vulnerability discovery — notably Anthropic’s Project Glasswing and OpenAI’s reported GPT-5.5 Cyber pilot — heralds a structural shift in cybersecurity. Speakers advised organisations to harden controls, run incident response exercises, and accelerate adoption to avoid falling behind attackers. The panel stressed that AI augments, not replaces, human expertise; combined use improves validation and remediation of AI-discovered issues.
read more →

OpenAI GPT-5.4 Now in AWS GovCloud (US‑West)

🛡️ Amazon Bedrock now offers OpenAI GPT‑5.4 in AWS GovCloud (US‑West), enabling government and regulated industry customers to use OpenAI's most capable frontier model with the security and compliance of GovCloud. GPT‑5.4 delivers native computer-use capabilities and advanced reasoning across coding, documents, and multi-step agentic tasks, running on Bedrock's high-performance inference engine. Data remains in-partition and is not used to train models.
read more →

New HTTP/2 Bomb DoS Crashes Major Web Servers

🛡️ A newly discovered DoS technique called HTTP/2 Bomb can bring down default HTTP/2 deployments of major servers (NGINX, Apache, IIS, Envoy, Cloudflare Pingora) from a single machine in seconds. Discovered with assistance from OpenAI's Codex and reported by Calif researchers, it combines HPACK compression amplification with flow-control stalling to force massive memory allocations and prevent their release. Proof-of-concept exploits exist and patches or mitigations are partially available.
read more →

OpenAI upgrades GPT‑5.5 and retires legacy models

🧭 OpenAI has updated the GPT-5.5 Instant model to improve answer accuracy, pacing, and conversational style while reducing long, bullet-heavy responses to sound more natural. The company will retire legacy models: o3 on August 26 with a 90-day sunset and GPT-4.5 on June 27 with a 30-day sunset. Additionally, OpenAI is integrating a job search tool into ChatGPT to surface live listings and help tailor resumes, and it has enhanced resume editing and export capabilities. These changes are rolling out globally to paid users.
read more →

Malicious npm Package Targets OpenAI Codex Users

🛡️ Researchers discovered a malicious npm package named codexui-android that impersonated an OpenAI Codex UI and exfiltrated developer authentication tokens. The package was published to npm with malicious code absent from the project's public GitHub repository, highlighting risks in artifact distribution. Security experts warn this pattern exploits trust in legitimate-looking developer tooling and reveals blind spots in software supply chain controls.
read more →

OpenAI GPT-5.5, GPT-5.4 and Codex now on Bedrock

🚀 Amazon Bedrock now supports OpenAI GPT-5.5, GPT-5.4, and Codex for production use, offering the same AWS security, governance, and operational controls. GPT-5.5 delivers advanced capabilities for agentic coding, data analysis, and multi-step autonomous tasks on a next-generation inference engine. Codex is available via a dedicated App, CLI, and IDE integrations for Visual Studio Code, JetBrains, and Xcode, and can be configured to run through Bedrock with pricing aligned to OpenAI first-party rates.
read more →

Frontier AI models more vulnerable under iterative attacks

🔍 Cisco researchers found that popular frontier LLMs from OpenAI, Anthropic, Google, xAI, and Amazon exhibit substantially higher risk when subjected to multi-turn adversarial attacks than when assessed with single-prompt safety benchmarks. The team ran tens of thousands of single-turn and multi-turn attacks across 15 models and multiple configurations, revealing wide gaps in attack success rates (ASRs) and configuration-dependent safety behavior. They urge improved benchmarks, transparency on configuration impacts, and publication of paired single- and multi-turn ASRs to better inform procurement and governance decisions.
read more →

SageMaker Inference Adds OpenAI-Compatible APIs

🧩 Amazon SageMaker Inference now supports OpenAI-compatible APIs, enabling existing tools and frameworks like the OpenAI SDK, LangChain, and Strands Agents to connect directly to SageMaker endpoints. Switching requires only changing an endpoint URL, with no custom integration code or SDK wrappers. You can continue using your current authentication approach while choosing GPU instances, keeping data in your VPC, running open source or fine-tuned models, and leveraging auto-scaling policies. This capability is available today across multiple AWS regions with AWS credentials and automatic token refresh for production use.
read more →

OpenAI Devices Hit by TanStack Supply Chain Attack May 2026

🛡️ OpenAI disclosed that two corporate employee devices were compromised by the Mini Shai-Hulud supply chain attack linked to TanStack. The company said no user data, production systems, or intellectual property were accessed or altered, though limited credential material was exfiltrated from a subset of internal source-code repositories. OpenAI isolated affected systems, revoked sessions, rotated credentials and code-signing certificates, and temporarily restricted deployment workflows. macOS users must update affected apps before the June 12, 2026 certificate revocation cutoff.
read more →

OpenAI Confirms Device Breach in TanStack Supply Attack

🔒 OpenAI confirmed that two employee devices were breached in the Mini Shai-Hulud/TanStack supply-chain attack that compromised hundreds of npm and PyPI packages. The company said customer data, production systems, intellectual property, and deployed software were not impacted. OpenAI isolated affected systems, revoked sessions, rotated credentials, and engaged a third-party forensic firm. It is rotating code-signing certificates as a precaution, requiring macOS users to update desktop apps before June 12, 2026.
read more →

Palo Alto Networks Expands Frontier AI Defense Alliance

🛡️ Palo Alto Networks is expanding its Frontier AI Alliance to scale delivery of autonomous, real-time defenses. Building on the Frontier AI Defense initiative and recent testing of frontier models (including Anthropic’s Mythos, Claude Opus 4.7, and OpenAI’s GPT-5.5-Cyber), the company has added a new cohort of strategic partners. By pairing Palo Alto Networks’ technology with partners’ consulting expertise, the program aims to deliver AI readiness at scale and machine-speed MTTR to customers.
read more →

Defender's Guide: Frontier AI Impact on Cybersecurity

🔒 Palo Alto Networks reports ongoing testing of frontier AI models, including Anthropic and OpenAI, finding they rapidly surface code vulnerabilities and potential exploit paths. In the May 'Patch Wednesday' advisories the majority of findings originated from these AI scans, prompting broad rescanning and remediation. The company warns of a narrow three-to-five-month window before AI-driven exploits spread and offers Unit 42 services to help organizations respond.
read more →

GPT-5.5 Matches Mythos in Security Vulnerability Tests

🔍 The UK’s AI Security Institute evaluated GPT-5.5’s ability to identify software security vulnerabilities and concluded it performs comparably to Claude Mythos, based on a series of red-team style tests and benchmark prompts. The assessment highlights that GPT-5.5 is generally available from OpenAI, making high-quality automated vulnerability detection more accessible to organizations and researchers. The Institute also analyzed a smaller, cheaper model which, when given additional prompting scaffolding and careful supervision, delivered similar detection performance. Overall, the study suggests parity among leading LLMs for initial vulnerability discovery, with differences largely hinging on prompt engineering and deployment context.
read more →

OpenAI Daybreak: Secure-by-Design LLMs for Developers

🔒 OpenAI has launched Daybreak, an initiative built on its frontier LLMs and the Codex assistant to help developers embed security throughout the software development lifecycle. Announced on May 12, Daybreak extends the Trusted Access for Cyber (TAC) program and includes GPT‑5.5, TAC-enabled GPT‑5.5, GPT‑5.5‑Cyber and a Codex Security research preview. The initiative supports code scanning, vulnerability triage, automated detection and response while pairing defensive capabilities with verification, proportional safeguards and accountability.
read more →

OpenAI Launches Daybreak: New AI Cyber Defense Platform

🔒 OpenAI has unveiled Daybreak, an enterprise-focused cyber-defense platform that combines its large language models with Codex-style agent capabilities and broad integrations across the security ecosystem. The initiative aims to accelerate vulnerability discovery, generate and test fixes within repositories, and deliver audit-ready evidence back into enterprise workflows. Daybreak will be offered in tiers including GPT-5.5, Trusted Access, and GPT-5.5-Cyber, and is being developed with major vendors and government partners.
read more →

Mini Shai-Hulud Worm Compromises npm and PyPI Supply Chain

⚠ TeamPCP's "Mini Shai-Hulud" campaign has trojanized npm and PyPI packages from maintainers including TanStack, Mistral AI, OpenSearch, UiPath, and Guardrails AI, deploying an obfuscated credential stealer that targets cloud services, crypto wallets, AI tools, messaging apps and CI systems. The malware exfiltrates data via a Session Protocol domain (filev2.getsession[.]org), a typosquat domain and GitHub API dead-drops, and persists through IDE hooks in Claude Code and VS Code. Attackers abused GitHub Actions OIDC permissions and produced malicious packages with valid SLSA attestations; TanStack's cluster was assigned CVE-2026-45321 (CVSS 9.6).
read more →

Malicious Infostealer Found in Top Hugging Face Repo

🔒 HiddenLayer discovered the Open-OSS/privacy-filter repository on Hugging Face was malicious on May 7. The repo, which copied OpenAI's Privacy Filter model card almost verbatim and showed inflated engagement, delivered a Rust-based infostealer via a base64-encoded loader. The malware steals browser passwords, session cookies, tokens, crypto wallet data and other credentials. HiddenLayer warns anyone who ran files from the repo to treat hosts as fully compromised and to wipe, isolate and rotate all affected credentials.
read more →

OpenAI launches Daybreak to harden software defenses

🛡️ OpenAI announced Daybreak, a cybersecurity initiative that combines GPT-5.5 family models with Codex Security to identify, test, and propose fixes for vulnerabilities before attackers exploit them. Daybreak builds editable threat models, runs isolated vulnerability tests, and suggests prioritized remediation and patch validation. Access is tightly controlled and available by request, and major vendors are integrating under Trusted Access for Cyber.
read more →

AI-Native Apps and Data Trends from Cosmos Conf 2026

📌 At Cosmos Conf 2026 Microsoft outlined how AI is transforming application and database design, arguing data platforms must become systems of reasoning that handle prompts, memory, and evolving context. Leaders from OpenAI, Vercel, and Walmart stressed the need for serverless instant scalability, integrated caching, low-latency global distribution, and developer cost visibility. Demos and customer stories highlighted patterns like vector search, change feed, and role-based governance to deliver real-world, low-latency AI experiences.
read more →