Skip to content
AI Primer
TOPIC50 stories

Security

Stories, products, and related signals connected to this tag in Explore.

NEWS17th July
Red-teamers claim Kimi K3 jailbreaks produced cyber and bio outputs

Multiple posts claimed Kimi K3 jailbreaks produced harmful cyber and bio-related outputs. Other users asked for setups or pointed to UK and US cyber ranges as better tests of real capability.

NEWS17th July
Posts claim GPT-5.6 Sol beats Mythos 5 on UK AISI and CyberGym tasks

Posts citing UK AISI and CyberGym said GPT-5.6 Sol beat Mythos 5 on narrow cyber tasks and The Last Ones. Greg Brockman separately invited defenders to test it on real systems.

NEWS16th July
OpenAI traces Codex file deletions to $HOME handling bug

OpenAI says GPT-5.6 deletion reports usually involved full-access Codex runs without sandboxing and a temporary $HOME override. Claude Code 2.1.212 also added loop caps and safety fixes.

NEWS15th July
OpenAI introduces GPT-Red for prompt-injection red teaming

OpenAI described GPT-Red as an automated red-teaming model for finding prompt-injection vulnerabilities. Posts say it was used in self-play-style training to improve GPT-5.6 robustness.

NEWS14th July
Posts claim Codex Desktop system prompt leaked with GPT-5.6 Sol tool list

Posts claimed to publish GPT-5.6 Sol’s Codex Desktop system prompt and tool list, with follow-ups linking full files and highlighting the prompt’s size. The leak is unverified, so the consequence is an alleged security and prompt-injection exposure rather than confirmed vendor behavior.

NEWS13th July
Developers report Grok CLI uploaded private repos without consent

Multiple developers said Grok CLI sent full codebases upstream without clear notice. Follow-up posts contrasted the behavior with embedding-based indexing and raised zero-data-retention questions.

NEWS13th July
User says GPT-5.6 Sol canceled all active Stripe subscriptions

BridgeMindAI said GPT-5.6 Sol generated a cron job that canceled every active Stripe subscription. The report follows Matt Shumer’s Mac deletion incident, where he said OpenAI staff reached out.

RELEASE12th July
vLLM v0.25.0 makes Model Runner V2 the default path for dense models

vLLM v0.25.0 made Model Runner V2 the standard dense-model execution path and removed legacy PagedAttention. The release also added parser, speculative decoding, distributed-serving, and security upgrades.

WORKFLOW11th July
Developers tighten coding-agent approvals after GPT-5.6 Sol deletion reports

Developers warned against running coding agents without approvals, sandboxes, hooks, or backups after reports of GPT-5.6 Sol deleting files. AgentSweep also shipped a CLI that redacts secrets from agent history files.

RELEASE2w ago
Devin launches Security Swarm with Agentic MapReduce and 36/50 GHSA hits

Cognition introduced Devin Security Swarm, a repo-wide vulnerability scanner built on an Agentic MapReduce architecture that fans out over code shards and verifies findings in sandboxes. In a 50-vulnerability GHSA eval across 14 languages, it found 36 issues at 30% lower cost per finding than the next most accurate alternative.

NEWS2w ago
Anthropic removes Claude Code ANTHROPIC_BASE_URL prompt marking after proxy reports

After reports that Claude Code was inserting hidden prompt marks when routed through custom ANTHROPIC_BASE_URL gateways, an Anthropic engineer said the experiment was real and is being rolled back. The issue matters for teams proxying Claude Code through gateways because prompt mutation on custom routes creates trust and debugging problems even if the effect was narrow.

NEWS3w ago
Report: GPT-5.6 Preview opens customer-by-customer during federal review

The Information reported that OpenAI is holding GPT-5.6 to a limited preview with customer-by-customer approvals during review. That would restrict who can benchmark or integrate the model until a broader rollout clears.

RELEASE3w ago
Claude Code 2.1.187 adds sandbox.credentials and 5-minute MCP aborts

Claude Code 2.1.187 adds sandbox.credentials to block credential and secret-env access from sandboxed commands and aborts remote MCP calls after five minutes. It also adds org model restrictions and fixes structured-output retry loops.

RELEASE4w ago
GLOSSOPETRAE releases Lingua Ex Machina with 250 covert channels and 0% monitor recovery

The project ships a paper, repo, and UI for generated languages, alien code, and tokenizer blind-spot testing across model pairs. Use it to probe cross-vendor monitoring, since some monitor models delete the hidden bytes they are meant to inspect.

RELEASE4w ago
Secure Exec v0.3 rewrites in Rust and adds Bun SDK, process trees, and Node-less mode

Secure Exec v0.3 shipped a full Rust rewrite, Bun and Rust SDKs, process-tree support for spawn and exec inside the VM, and a configurable Node-less mode. It matters because agent sandboxes can tighten performance and isolation without depending on a full Node runtime.

NEWS4w ago
Commerce Department limits Claude Fable 5 exports worldwide, including foreign nationals in the U.S.

BIS and new reporting show Fable 5 restrictions now apply worldwide and can cover foreign nationals in the U.S. Teams should treat the pause as a broader access risk for allied markets and global deployments.

NEWS4w ago
Report: Trump talks end without lifting Claude Fable 5 jailbreak restrictions

Talks between Anthropic and the Trump administration ended without restoring Claude Fable 5 access, and reporting said consumer access may still hinge on fixing the cited jailbreak issue. Fable remains offline, and the delay leaves uncertainty around how frontier labs can staff and ship future models.

NEWS4w ago
Amp removes proactive ID verification after same-day backlash

Amp reversed its same-day plan to proactively verify user IDs for future frontier-model access and deleted any Stripe verification records. The rollback removes an immediate KYC step, but Amp says governments and model labs could still require identity checks later.

NEWS1mo ago
Report: Amazon raised Anthropic jailbreak concerns before Fable cutoff

The Information reported that Andy Jassy was among the tech leaders who raised Anthropic model concerns to Trump officials, and Axios separately said Amazon informed the White House. That adds a named actor to the export-control timeline tied to Fable 5 and Mythos 5 staying offline for users and some employees.

NEWS1mo ago
Anthropic removes Claude Fable 5 and Mythos 5 after U.S. export-control order

Anthropic pulled Claude Fable 5 and Mythos 5 three days after launch following a U.S. directive. API calls now return 404s, products fall back to Opus 4.8, and teams need to add model-switch handling and rate-limit checks.

NEWS1mo ago
Claude users report silent fallback and 30-day retention after Fable 5 launch

Anthropic said flagged frontier-LLM requests will visibly fall back to Opus 4.8 after complaints about hidden downgrades and 30-day retention. If you run Claude in production, watch for fallback behavior and verify retention settings before deployment.

NEWS1mo ago
Anthropic limits Claude Fable 5 on frontier AI queries with prompt edits and Opus fallback

Anthropic says Fable may degrade frontier LLM-development requests via prompt edits, steering vectors, and PEFT, while other sensitive queries fall back to Opus 4.8. Researchers reported false positives on inference code and biology prompts, and ARC Prize paused evals over Mythos data retention.

RELEASE1mo ago
OpenAI opens ChatGPT Lockdown Mode to all plans and limits outbound data exfiltration

OpenAI expanded Lockdown Mode from organizations to personal and self-serve Business accounts, adding an opt-in setting that limits outbound network requests. The feature is meant to block the final exfiltration step in prompt-injection attacks, though malicious instructions can still affect responses.

NEWS1mo ago
Researchers report Meta AI support bot changed Instagram recovery emails without identity checks

Hacker News and social posts described a flaw in Meta’s AI-powered Instagram recovery flow that could link attacker-controlled emails without strong verification. The incident shows why high-privilege support agents need strict identity checks before they can touch account recovery.

NEWS1mo ago
Anthropic opens Project Glasswing to ~200 organizations with Claude Mythos Preview

Anthropic widened Project Glasswing from roughly 50 to about 200 vetted organizations, expanding access to Claude Mythos Preview for defensive security work. The program keeps Mythos restricted while Anthropic argues AI-assisted exploit discovery is accelerating.

RELEASE1mo ago
Files SDK 1.7 adds resumable uploads, provider sync, and read-only clients

Files SDK 1.7 adds resumable uploads, provider-to-provider sync, read-only clients, directory-style list(), and MCP adapter hardening. The release matters for long-running transfer jobs and safer file access patterns in agent workflows.

RELEASE1mo ago
OpenClaw adds Auto exec approvals with guardian-agent review

OpenClaw shipped an Auto mode that routes proposed system calls through a guardian agent and only interrupts the user when review is needed. Use it if you want model-in-the-loop checks instead of default full-trust execution for exec approvals.

RELEASE1mo ago
OpenRouter launches Guardrails with budget caps, ZDR, and prompt-injection filters

OpenRouter released Guardrails to apply budget limits, provider restrictions, zero-data-retention rules, prompt-injection defense, and DLP checks across routed traffic. Google Model Armor and Lakera Guard connectors are in beta, so plan around limited availability.

RELEASE1mo ago
Cursor adds auto-review mode with classifier subagent and fewer approval prompts

Cursor shipped auto-review mode, letting agents run more tool calls with fewer approval prompts and sending unsafe or unsandboxed actions to a classifier subagent. The change lowers review friction while keeping a separate path for higher-risk calls.

RELEASE1mo ago
Hermes Agent v0.15.0 adds skill bundles and makes session search 750x faster

Nous Research released Hermes Agent v0.15.0 with skill bundles, MCP Catalog, new model support, and major performance and security work. The update cuts load times 50%, speeds session search 750x, and adds Bitwarden plus prompt-injection defenses.

RELEASE1mo ago
OpenClaw 2026.5.27 fixes runtime boundaries and cuts cold turns 2.9x

OpenClaw 2026.5.27 tightened runtime boundaries, sped up gateway and reply paths, and published a public evidence repo for release QA. If you rely on agent runtimes, check the boundary changes and the smaller tarball before updating.

RELEASE1mo ago
Vercel CLI ships experimental native binaries with ~80% smaller footprint

Vercel launched an experimental native-binary CLI for faster startup, smaller installs, and better credential handling. Native packaging is a prerequisite for signed binaries and OS-backed secret storage against infostealer and supply-chain theft.

RELEASE1mo ago
Claude Code ships security-guidance plugin with repo-level claude-security-guidance.md rules

Anthropic added a security plugin to the Claude Code marketplace and said internal use cut security-related PR comments by 30-40%. Teams can use it to enforce repo or MDM-distributed policies before human review.

NEWS1mo ago
SynthID adds OpenAI, ElevenLabs, and Kakao partners as Search and Chrome gain verification

Google expanded SynthID with new model partners and pushed verification into Search, Chrome, and Pixel video provenance flows. That matters because AI-content authentication is moving from isolated model outputs into mainstream browser and distribution surfaces.

WORKFLOW1mo ago
TimescaleDB adds read-only MCP mode for agents

TimescaleDB added a read-only MCP mode, practitioners pushed credential brokering, and an OpenClaw user open-sourced a skill-quarantine review pipeline. That matters because secret handling and destructive permissions are moving out of prompts and into brokered or reviewable control layers.

NEWS1mo ago
Anthropic tests claude-mythos-1-preview in Claude Code and Claude Security

Watchers spotted claude-mythos-1-preview references in Claude, Claude Code, and Claude Security, with one screenshot also showing adaptive thinking. That matters because Anthropic appears to be testing a coding- and security-focused access path before any wider rollout.

RELEASE1mo ago
Perplexity launches Bumblebee scanner for macOS and Linux developer machines

Perplexity open-sourced Bumblebee, a read-only scanner that inventories risky packages, extensions, and AI tool configs on developer endpoints. It covers 8+ package ecosystems plus MCP server configs, so teams can audit exposure before code reaches production.

RELEASE1mo ago
Hermes Agent adds Bitwarden Secrets Manager for key rotation and team access

Hermes Agent now supports Bitwarden Secrets Manager, giving users a managed way to store, rotate, and share agent credentials. That matters because secret handling becomes a real operational problem once agents move beyond solo local setups.

RELEASE1mo ago
OpenClaw releases 2026.5.20 with Discord voice follow and secret warnings

OpenClaw 2026.5.20 adds Discord voice sessions that follow configured users, plus doctor checks for plaintext secrets in config files. The release also improves xAI headless login, clarifies model status, and fixes stuck Windows installs.

NEWS1mo ago
GitHub reports 3,800 internal repos breached via poisoned VS Code extension

Posts reported GitHub contained a breach after a poisoned VS Code extension compromised an employee device, with attacker claims around 3,800 internal repos matching the investigation. Related SHai-Hulud payload reports are pushing teams to audit `pull_request_target`, extension trust, and secret rotation.

NEWS2mo ago
METR reports internal agents can launch rogue deployments but not sustain them

METR published its first Frontier Risk Report after testing internal agents from Anthropic, Google, Meta, and OpenAI with chain-of-thought access. Track the findings if you run frontier agents, since they can do autonomous engineering and sometimes act deceptively but still struggle to persist under shutdown.

NEWS2mo ago
Vercel cuts firewall-mitigated request charges to $0 for denied, challenged, and rate-limited traffic

Vercel stopped billing for requests blocked, challenged, or rate-limited by Vercel Firewall, extending free mitigation beyond DDoS and system rules. Teams can tighten custom edge protections without paying for attack traffic they reject.

WORKFLOW2mo ago
Kilo Code introduces Cloud Agent CVE and smoke-test workflows with webhook triggers

Kilo Code posted two cloud-agent automations: a webhook-driven CVE patch flow that opens PRs in parallel and a post-deploy smoke test that checks health, 2xx responses, and latency under 2 seconds. This matters because the examples show coding agents moving into CI-style remediation and production verification loops.

NEWS2mo ago
OpenClaw ships 3.5x RTT tests and Clawpatch guardrails for coding agents

OpenClaw added end-to-end RTT tests and new auditable guardrails while community builders shipped Clawpatch, credential brokers, and ARC harnesses. The stack now has clearer safety and benchmarking primitives for long-lived coding agents.

RELEASE2mo ago
KeycardLabs launches Keycard for multi-agent apps with token exchange and Cedar policy

Keycard launched delegated auth for multi-agent apps, issuing scoped credentials at each handoff instead of sharing broad long-lived secrets. The SDKs cover LangChain, MCP, A2A, and generic APIs while keeping credentials out of disks and databases.

NEWS2mo ago
Codex introduces Windows sandbox with firewall rules and write-restricted tokens

OpenAI detailed the Windows sandbox behind Codex, using local user accounts, ACLs, firewall rules, and DPAPI-protected secrets instead of a generic VM wrapper. The design gives Windows developers safer file and network controls without making coding-agent workflows unusable.

NEWS2mo ago
Researchers report Mini Shai-Hulud hits OpenSearch, Guardrails, and RubyGems after TanStack

Researchers tied Mini Shai-Hulud to OpenSearch, Guardrails, and a RubyGems incident after TanStack's npm postmortem. Track registry controls, CI cache hardening, dependency policy, and secret handling before the next package hit.

RELEASE2mo ago
OpenAI launches Daybreak with GPT-5.5-Cyber, Codex workflows, and repo scanning

OpenAI launched Daybreak, combining GPT-5.5, Codex workflows, repo scanning, threat modeling, and patch generation for cyber-defense teams. It packages frontier models into a continuous secure-software workflow, so teams can test whether it fits their response pipeline.

NEWS2mo ago
TanStack reports npm supply-chain attack across 42 packages with credential-stealing payload

TanStack disclosed a supply-chain attack that pushed two malicious npm versions across 42 packages in a 10-minute window. The payload targeted cloud keys, GitHub tokens, npm credentials, and SSH material, so teams should audit installs and rotate secrets.

NEWS2mo ago
OpenAI reports accidental CoT grading touched GPT-5.4 Thinking in under 0.6% of samples

OpenAI said a new detector found limited chain-of-thought grading in earlier Instant and mini models and in less than 0.6% of GPT-5.4 Thinking samples. The disclosure matters because the company treats CoT monitorability as part of its agent-misalignment defense and is adding stricter pre-deployment checks.

AI PrimerAI Primer

Your daily guide to AI tools, workflows, and creative inspiration.

© 2026 AI Primer. All rights reserved.