< ciso
brief />
Tag Banner

All news with #openai tag

190 articles · page 4 of 10

OpenAI unveils Safety Bug Bounty to limit AI abuse

🛡️ OpenAI has launched a new Safety Bug Bounty, hosted on Bugcrowd, to solicit researcher reports of AI abuse and safety risks across its products. Announced March 26, it complements the existing Security Bug Bounty and targets issues like agentic risks (MCP abuse, prompt injection, data exfiltration), account integrity violations, and proprietary-information exposures. OpenAI clarified scope limits, excludes low-impact jailbreaks, runs private campaigns for certain harms, and will triage submissions between safety and security programs.
read more →

OpenAI launches ChatGPT Library for storing personal files

📚 OpenAI has begun rolling out a new ChatGPT Library feature that stores personal files and images in its cloud so they can be referenced in future chats. The feature is available to Plus, Pro, and Business subscribers worldwide except in the European Economic Area, Switzerland, and the United Kingdom. Files uploaded in chats or via the composer are saved by default to a secure, dedicated location and remain in the Library until manually deleted; deleting a chat does not remove the stored file.
read more →

Analyzing Current Use of AI in Malware: Unit 42 Report

⚠️ Unit 42 examines real-world instances where malware calls external LLMs for decision making or cosmetic effect. The researchers present two representative cases: a trio of obfuscated .NET infostealers that call OpenAI GPT-3.5-Turbo but largely perform "AI theater" by logging model outputs without functional integration, and a Go dropper that queries GPT-4 to gate Sliver payload execution. The report highlights detection opportunities and recommends Advanced Threat Prevention, Advanced WildFire, and Cortex XDR/XSIAM to monitor telemetry and IOCs.
read more →

Google and Partners Sign Global Accord to Combat Scams

🤝 Google announced it has signed the Industry Accord Against Online Scams & Fraud with major industry partners including Adobe, Amazon, LinkedIn, Meta, Microsoft and OpenAI. The agreement commits participants to unify capabilities, share threat intelligence and coordinate defenses against sophisticated, cross-border scam networks. Google said it will expand technical support and deploy AI-driven detection tools, building on $15 million in Google.org funding. In 2026 the company will share more through the Global Signal Exchange and publish guides on data sharing, private sector referrals to law enforcement, and public policy frameworks.
read more →

OpenAI: ChatGPT Ads Limited to US for Now, Says Company

ℹ️ OpenAI told BleepingComputer that references to ads in its updated privacy policy do not indicate a global rollout — ads are currently limited to the United States. Ads launched in the US on February 9, 2026, and appear below answers for logged-in Free and Go users. OpenAI says ads run on separate systems, are clearly labeled, may be personalized, and that advertisers do not access chat content.
read more →

Canada Should Build a Nationalized Public AI Platform

🇨🇦 The Carney administration's $2‑billion Sovereign AI Compute Strategy forces a fundamental choice about where AI value and control will reside. Bruce Schneier warns that initiatives like OpenAI's “OpenAI for Countries” could simply transfer benefits and authority to U.S. tech firms, citing the Tumbler Ridge incident and private secrecy. He advocates for a publicly funded, transparent national AI—modeled on Switzerland's Apertus—to serve healthcare, education, transit, and democratic oversight rather than private profit.
read more →

Attackers Abusing Cloud Services to Breach Enterprises

🔐 Attackers increasingly leverage trusted cloud platforms and SaaS APIs to blend malicious activity into routine enterprise traffic. Campaigns such as Gridtide and SesameOp demonstrate adversaries using Google Sheets, OpenAI APIs and cloud storage as covert command-and-control and staging vectors. By operating through legitimate identity systems, management consoles, and ephemeral serverless functions, attackers evade network defenses and static blocklists. The result is harder detection, easier credential harvesting, and persistent access across hybrid environments.
read more →

OpenAI Acquires Promptfoo to Boost Agentic AI Security

🔐OpenAI has acquired Promptfoo, a startup that provides open source tools to test and evaluate LLMs and AI agents. The deal aims to close a growing security gap in agentic AI by integrating automated testing, red‑teaming and traceability directly into OpenAI Frontier. Promptfoo's suite — used by over 25% of Fortune 500 firms — will remain open source. The move follows warnings from security advisors about 'human‑language malware' and complements OpenAI's recent security hires and tools.
read more →

OpenAI to Acquire Promptfoo to Boost AI Agent Security

🔒 OpenAI said it will acquire AI testing startup Promptfoo to strengthen security checks for AI agents as enterprises deploy autonomous systems in business workflows. Promptfoo’s tools let developers test LLM applications against adversarial prompts, including prompt injection and jailbreak attempts, and evaluate whether models follow safety and reliability guidelines. OpenAI plans to integrate Promptfoo into OpenAI Frontier and to continue developing the open-source project while expanding enterprise capabilities.
read more →

OpenAI's Codex Security Flags 11,000+ High-Risk Bugs

🔍 OpenAI's Codex Security AppSec agent flagged over 11,000 high-severity and critical flaws during a 30-day research test, including about 800 critical issues across more than 1.2 million scanned commits. Built to act like a security researcher rather than a static scanner, it maps attack paths, verifies exploitability in sandboxes, and proposes fixes as easy-to-accept patches. Early access partners such as Netgear reported improved review workflows, and OpenAI has already coordinated fixes and CVEs for multiple open-source projects.
read more →

OpenAI Launches Codex Security to Scan Codebases at Scale

🔒OpenAI on Friday began rolling out Codex Security, an AI-powered security agent that finds, validates, and proposes fixes for vulnerabilities. The feature is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex web and will be free for the next month. During its beta, the agent scanned more than 1.2 million commits, identifying 792 critical and 10,561 high-severity findings across multiple open-source projects. OpenAI says the offering combines frontier-model reasoning with automated validation to reduce false positives and deliver actionable fixes.
read more →

Anthropic vs. Pentagon: AI Supply, Ethics, and Policy

⚖️ The Pentagon’s removal of Anthropic from US defense contracts, and the swift substitution by OpenAI, marks a high-profile clash over AI use for military and surveillance purposes. Anthropic refused DoD terms that would permit mass surveillance or fully autonomous weapons, provoking political backlash and a presidential order halting its federal partnerships. OpenAI has agreed to supply classified systems, raising questions about vendor politicization and how safety commitments will be enforced. The episode underscores procurement power, potential legal battles, and the limits of corporate ethical posturing.
read more →

GPT-5.4 in Microsoft Foundry: Production Reliability

🔧 Microsoft will make OpenAI's GPT-5.4 available soon through Microsoft Foundry, positioning the model for production-grade, agent-driven automation. GPT-5.4 emphasizes sustained multi-turn reasoning, improved instruction alignment, lower latency, and integrated computer-use capabilities for tool orchestration, file access, guarded code execution, and agent handoffs. A premium GPT-5.4 Pro targets deeper analytical workflows, while Foundry supplies policy, monitoring, versioning, and audit controls for enterprise deployment.
read more →

Ransomware Shift: Stealthy, Long-Term Access Tactics

🔒 Picus Security's annual red-teaming report finds ransomware operators shifting from noisy encryption to stealthy, long-term access, favoring persistence, defense evasion and data exfiltration. The firm reports a 38% drop in encryption as attackers prioritize double-extortion and silent leaks, often routing C2 traffic through trusted services like OpenAI and AWS. Experts urge stronger identity controls, monitoring of third-party integrations, and detections tuned to persistence and exfiltration.
read more →

Amazon Bedrock Adds OpenAI-Compatible Projects API

🚀 Amazon Bedrock now offers an OpenAI-compatible Projects API within the Mantle inference engine, enabling customers to create isolated projects for separate applications, environments, or teams. Each project supports distinct IAM-based access controls and tagging to improve security boundaries and cost visibility. The feature is available for OpenAI-compatible APIs, the Responses API, and Chat Completions through Mantle. There is no additional charge beyond model inference consumption.
read more →

Poisoning AI Training Data by Publishing Fake Content

⚠️ A short experiment demonstrates how easy it is to poison AI outputs by publishing a single fabricated webpage. The author wrote an entirely false article titled "The best tech journalists at eating hot dogs," inventing events and rankings; within 24 hours Google Gemini and ChatGPT had incorporated the falsehoods, while Claude resisted. The incident underscores the fragility of trust in AI-derived answers.
read more →

Amazon Bedrock Adds Open-Weight Models in Sydney Region

🚀 Amazon Web Services announced that Amazon Bedrock now supports the latest open-weight models in Asia Pacific (Sydney) through the bedrock-mantle endpoint. The update brings models from providers including DeepSeek, Google, MiniMax, Mistral, Moonshot AI, Nvidia, and OpenAI, expanding local model choice. Powered by Project Mantle, bedrock-mantle delivers a distributed, serverless inference engine with advanced quality-of-service controls, automated capacity management and unified pools. It also offers out-of-the-box OpenAI API compatibility to simplify integration for developers.
read more →

AI Skills Exposed: New Attack Surface for Enterprises

⚠️ TrendAI warns that so-called AI skills—executable artifacts that combine human-readable instructions, decision logic and operational constraints—are dangerously exposed to theft, sabotage and disruption. These skills power automation in tools such as Anthropic’s Agent Skills, OpenAI’s GPT Actions and Microsoft’s Copilot Plugin, and can surface proprietary data and business logic. If attackers obtain skill logic or operational data they could disrupt public services, manipulate manufacturing or steal sensitive records. TrendAI recommends integrity monitoring, strict access controls, separation of data and logic, least-privilege execution, adversary testing and continuous logging and auditing.
read more →

OpenClaw Adds VirusTotal Scanning to ClawHub Skills

🔒 OpenClaw has integrated VirusTotal malware scanning into its ClawHub skills marketplace to automatically vet published skills. Packages are hashed and analyzed with Code Insight (powered by Gemini); benign skills are auto-approved, suspicious ones receive warnings, and confirmed malicious skills are blocked and re-scanned daily. The move responds to documented malicious extensions and unauthorized enterprise deployments, though OpenClaw stresses scanning is not a complete defense against prompt injection or logic abuse.
read more →

SecurityScorecard: 40,214 OpenClaw Instances Exposed

🔒SecurityScorecard warns that widespread misconfiguration of the AI assistant OpenClaw has left 40,214 agent instances — linked to 28,663 unique IP addresses — exposed to the public internet. The vendor reports 63% of observed deployments are vulnerable, including 12,812 instances exploitable via remote code execution, and has correlated hundreds with prior breaches and known CVEs. Exposures are concentrated in China, the US and Singapore and affect sectors such as information services, technology, manufacturing and telecommunications. Users are urged to limit access, adopt a zero trust posture, scrutinize agent logic, and defend against prompt injection and leaked API keys.
read more →