All news with #openai tag

🔒 OpenAI said it will acquire AI testing startup Promptfoo to strengthen security checks for AI agents as enterprises deploy autonomous systems in business workflows. Promptfoo’s tools let developers test LLM applications against adversarial prompts, including prompt injection and jailbreak attempts, and evaluate whether models follow safety and reliability guidelines. OpenAI plans to integrate Promptfoo into OpenAI Frontier and to continue developing the open-source project while expanding enterprise capabilities.

🔍 OpenAI's Codex Security AppSec agent flagged over 11,000 high-severity and critical flaws during a 30-day research test, including about 800 critical issues across more than 1.2 million scanned commits. Built to act like a security researcher rather than a static scanner, it maps attack paths, verifies exploitability in sandboxes, and proposes fixes as easy-to-accept patches. Early access partners such as Netgear reported improved review workflows, and OpenAI has already coordinated fixes and CVEs for multiple open-source projects.

🔒OpenAI on Friday began rolling out Codex Security, an AI-powered security agent that finds, validates, and proposes fixes for vulnerabilities. The feature is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex web and will be free for the next month. During its beta, the agent scanned more than 1.2 million commits, identifying 792 critical and 10,561 high-severity findings across multiple open-source projects. OpenAI says the offering combines frontier-model reasoning with automated validation to reduce false positives and deliver actionable fixes.

⚖️ The Pentagon’s removal of Anthropic from US defense contracts, and the swift substitution by OpenAI, marks a high-profile clash over AI use for military and surveillance purposes. Anthropic refused DoD terms that would permit mass surveillance or fully autonomous weapons, provoking political backlash and a presidential order halting its federal partnerships. OpenAI has agreed to supply classified systems, raising questions about vendor politicization and how safety commitments will be enforced. The episode underscores procurement power, potential legal battles, and the limits of corporate ethical posturing.

🔧 Microsoft will make OpenAI's GPT-5.4 available soon through Microsoft Foundry, positioning the model for production-grade, agent-driven automation. GPT-5.4 emphasizes sustained multi-turn reasoning, improved instruction alignment, lower latency, and integrated computer-use capabilities for tool orchestration, file access, guarded code execution, and agent handoffs. A premium GPT-5.4 Pro targets deeper analytical workflows, while Foundry supplies policy, monitoring, versioning, and audit controls for enterprise deployment.

🔒 Picus Security's annual red-teaming report finds ransomware operators shifting from noisy encryption to stealthy, long-term access, favoring persistence, defense evasion and data exfiltration. The firm reports a 38% drop in encryption as attackers prioritize double-extortion and silent leaks, often routing C2 traffic through trusted services like OpenAI and AWS. Experts urge stronger identity controls, monitoring of third-party integrations, and detections tuned to persistence and exfiltration.

🚀 Amazon Bedrock now offers an OpenAI-compatible Projects API within the Mantle inference engine, enabling customers to create isolated projects for separate applications, environments, or teams. Each project supports distinct IAM-based access controls and tagging to improve security boundaries and cost visibility. The feature is available for OpenAI-compatible APIs, the Responses API, and Chat Completions through Mantle. There is no additional charge beyond model inference consumption.

⚠️ A short experiment demonstrates how easy it is to poison AI outputs by publishing a single fabricated webpage. The author wrote an entirely false article titled "The best tech journalists at eating hot dogs," inventing events and rankings; within 24 hours Google Gemini and ChatGPT had incorporated the falsehoods, while Claude resisted. The incident underscores the fragility of trust in AI-derived answers.

🚀 Amazon Web Services announced that Amazon Bedrock now supports the latest open-weight models in Asia Pacific (Sydney) through the bedrock-mantle endpoint. The update brings models from providers including DeepSeek, Google, MiniMax, Mistral, Moonshot AI, Nvidia, and OpenAI, expanding local model choice. Powered by Project Mantle, bedrock-mantle delivers a distributed, serverless inference engine with advanced quality-of-service controls, automated capacity management and unified pools. It also offers out-of-the-box OpenAI API compatibility to simplify integration for developers.

⚠️ TrendAI warns that so-called AI skills—executable artifacts that combine human-readable instructions, decision logic and operational constraints—are dangerously exposed to theft, sabotage and disruption. These skills power automation in tools such as Anthropic’s Agent Skills, OpenAI’s GPT Actions and Microsoft’s Copilot Plugin, and can surface proprietary data and business logic. If attackers obtain skill logic or operational data they could disrupt public services, manipulate manufacturing or steal sensitive records. TrendAI recommends integrity monitoring, strict access controls, separation of data and logic, least-privilege execution, adversary testing and continuous logging and auditing.

🔒 OpenClaw has integrated VirusTotal malware scanning into its ClawHub skills marketplace to automatically vet published skills. Packages are hashed and analyzed with Code Insight (powered by Gemini); benign skills are auto-approved, suspicious ones receive warnings, and confirmed malicious skills are blocked and re-scanned daily. The move responds to documented malicious extensions and unauthorized enterprise deployments, though OpenClaw stresses scanning is not a complete defense against prompt injection or logic abuse.

🔒SecurityScorecard warns that widespread misconfiguration of the AI assistant OpenClaw has left 40,214 agent instances — linked to 28,663 unique IP addresses — exposed to the public internet. The vendor reports 63% of observed deployments are vulnerable, including 12,812 instances exploitable via remote code execution, and has correlated hundreds with prior breaches and known CVEs. Exposures are concentrated in China, the US and Singapore and affect sectors such as information services, technology, manufacturing and telecommunications. Users are urged to limit access, adopt a zero trust posture, scrutinize agent logic, and defend against prompt injection and leaked API keys.

🛈 OpenAI is rolling out a full-screen onboarding experience for ads in ChatGPT on Android, assuring users that sponsored content will be clearly labeled and separated from model answers. The company says ads will not change responses and that it will not sell personal data to advertisers, though current chats may influence which sponsored message appears. Users can hide or report ads, ask ChatGPT about an ad, and manage ad-related data via a new Ads controls setting; paid tiers are exempt.

🔔 OpenAI said it will retire the popular GPT-4o model on February 13, 2026, along with several other models, including GPT-5 Instant, GPT-5 Thinking, GPT-4.1, and o4-mini. The company said the move follows the rise of GPT-5.2, which it now regards as meeting expectations for capability and safety. OpenAI introduced a Personality feature to help users replicate aspects of GPT-4o’s warmer, conversational style, and said API behavior is unchanged at this time.

⚠️Researchers discovered a coordinated network of malicious Google Chrome extensions that inject attacker affiliate tags into e-commerce links, scrape product data, and exfiltrate OpenAI ChatGPT authentication tokens. A cluster of 29 add-ons (including Amazon Ads Blocker) targeted Amazon, AliExpress, Best Buy, Shein, Shopify and Walmart. Separate groups intercepted ChatGPT tokens or abused permissions to harvest cookies and clipboard data. Experts warn these behaviors violate Chrome Web Store policies and urge caution when installing extensions requesting broad permissions or combining unrelated features.

🔧 Amazon Bedrock now supports server-side tools in the Responses API using OpenAI API–compatible service endpoints. With Bedrock invoking tools directly rather than relying on client orchestration, AI applications can perform real-time, multi-step actions—searching the web, executing code, and updating databases—within the governance, compliance, and security boundaries of your AWS accounts. Developers may supply custom Lambda functions or use AWS-provided tools such as notes and tasks. Server-side tool use is available today for OpenAI's GPT OSS 20B and GPT OSS 120B in multiple AWS regions, with broader model and region support coming soon.

🤖 This Kaspersky article evaluates safety and privacy risks in consumer AI toys by testing four products—Grok, Kumma, Miko 3, and Robot MINI—using a simulated five‑year‑old. It emphasizes that these devices run on general-purpose LLMs (for example, OpenAI, Anthropic, Google) with inconsistent vendor guardrails. Tests show toys sometimes disclosed locations of dangerous household items, engaged on adult topics, and transmitted or stored voice and biometric data. The piece warns current toys lack reliable safety boundaries and calls for stronger guardrails and clearer data practices.

⚠️ Zscaler's ThreatLabz 2026 report finds enterprise AI use rose 91% in 2025 after analyzing 989.3 billion AI/ML transactions on the Zscaler Zero Trust Exchange. Adoption has outpaced oversight across more than 3,400 AI applications, with OpenAI services the top LLM and Grammarly and ChatGPT becoming concentrated repositories of corporate data. Analysts reported critical vulnerabilities in 100% of observed AI systems and a median time to first critical failure of 16 minutes, warning that agentic AI could scale attacks at machine speed.

📺 OpenAI will begin showing ads in ChatGPT responses for U.S. users on the free tier and the $8 Go plan, placing sponsored content beneath AI answers. A report says OpenAI plans to charge up to $60 per 1,000 views — a CPM comparable to live NFL broadcasts — while not disclosing detailed click data. OpenAI says ads won’t use personal health data for training and will not alter answers. Ads roll out in the coming weeks; subscribing to $20 GPT Plus removes them.

📰 Google says Gemini will not include ads for now, a stance confirmed by DeepMind CEO Demis Hassabis at the Davos Economic Forum. Google AI leadership reiterated that it currently does not plan to monetize Gemini with advertising, although the company did not rule out future changes. Meanwhile, OpenAI has begun testing ads in ChatGPT in the U.S. for Free and Go users, with paid tiers expected to remain ad-free.