LIVE FEED
OpenAI Launches GPT-5.6 with Enhanced Agentic Capabilities

OpenAI Launches GPT-5.6 with Enhanced Agentic Capabilities

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 TechCrunch AI

OpenAI has released GPT-5.6 in a restricted preview to government-vetted partners, featuring three models (Sol, Terra, Luna) with significantly upgraded agentic capabilities in coding, biology, and cybersecurity, including a coordinated multi-subagent 'ultra' mode. The cybersecurity-specific enhancements and agentic orchestration introduce meaningful new attack surface: adversaries gaining access to Sol's coordinated subagent architecture could automate sophisticated multi-stage intrusions at scale previously requiring significant human expertise. The restricted rollout itself creates a novel supply chain and access-control risk, as the 'trusted partner' gating model concentrates high-capability model access among a small set of privileged accounts, making partner credential compromise a high-value target.

Anthropic Releases Claude Mythos 5 Under U.S. Export Controls

Anthropic Releases Claude Mythos 5 Under U.S. Export Controls

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.8 Anthropic (via HN)

The U.S. Commerce Department has lifted export controls on Anthropic's Claude Mythos 5, permitting access to over 100 vetted U.S. institutions and government agencies under a nascent federal AI licensing regime. For defenders, this tiered-release model introduces a new class of risk: the 'trusted partner' designation becomes a high-value target, as compromise of any listed entity grants implicit legitimacy to interact with a model previously deemed too dangerous for general release. Security teams at approved organizations should treat Mythos 5 access credentials and API endpoints as critical assets, and assume adversaries will probe the boundary between licensed and unlicensed access patterns.

OpenAI Releases GPT-5.6 Under Controlled Access

OpenAI Releases GPT-5.6 Under Controlled Access

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 TechCrunch AI

OpenAI's GPT-5.6, a frontier model with advanced cyber capabilities, is being released exclusively to vetted partners under a White House-directed limited-access programme coordinated with the Office of the National Cyber Director and OSTP. This controlled rollout signals that the model's offensive cyber potential — including autonomous vulnerability identification and exploitation — is significant enough to warrant government-gated distribution, mirroring Anthropic's Project Glasswing model for Claude Mythos. For defenders, the emergence of a government-approved, partner-tier distribution model creates new supply chain trust questions and raises the stakes around who gains early access and how that access is verified, monitored, and potentially abused.

GitHub Releases Copilot Agentic Harness Evaluation

GitHub Releases Copilot Agentic Harness Evaluation

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 GitHub Blog

GitHub has published an evaluation of its Copilot agentic harness, detailing how the orchestration layer performs across multiple underlying models and coding tasks — effectively documenting the architecture of an autonomous, multi-step code generation and execution system. For defenders, this transparency reveals an orchestration surface where prompt injection, supply chain manipulation, and model-switching logic can be targeted across a broader set of model backends than previously understood. Security teams should treat the harness itself as a critical trust boundary, since compromising task routing or model selection logic could silently redirect agentic workflows to less-safe or adversary-controlled model endpoints.

Anthropic Launches Claude Cowork Mobile with Remote Control

Anthropic Launches Claude Cowork Mobile with Remote Control

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 BleepingComputer

Anthropic is expanding its Claude Cowork agentic desktop feature to mobile, enabling users to remotely initiate, monitor, and steer long-running AI tasks on their PC from a smartphone — with background task execution persisting even after the mobile app is closed. This cross-device architecture introduces a new attack surface: a mobile application acting as a command-and-control interface for an agent with local filesystem access, expanding the blast radius of device compromise, session hijacking, and prompt injection attacks. Defenders must now account for a persistent, background-running agentic process on employee endpoints that can be triggered or manipulated via a separate, potentially less-secured mobile channel.

OpenAI Launches Jalapeño Custom Inference Chip

OpenAI Launches Jalapeño Custom Inference Chip

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 5.8 TechCrunch AI

OpenAI has unveiled 'Jalapeño', its first custom-built AI inference processor co-designed with Broadcom, optimised for running large language models at reduced cost and power consumption. The move deepens OpenAI's vertical integration across the full AI stack — from chip silicon through to end-user products — introducing new hardware supply chain dependencies and firmware-level attack surfaces that defenders must now account for. Security teams should treat purpose-built AI silicon as a new tier of the ML supply chain, with unique risks around hardware backdoors, firmware integrity, and reduced hardware diversity.

Google DeepMind Releases AI Agent Attack Taxonomy

Google DeepMind Releases AI Agent Attack Taxonomy

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.7 SecurityWeek

Google DeepMind researchers have released a structured taxonomy categorising adversarial attacks against autonomous AI agents into six classes — content injection, semantic manipulation, cognitive state poisoning, behavioural control, systemic, and human-in-the-loop traps — formalising an emerging threat model for agentic AI systems. For defenders, this framework codifies attack paths that exploit the agent's inability to distinguish trusted instructions from attacker-controlled data ingested from web pages, emails, documents, and tool outputs. NIST evaluation data cited in the research shows malicious instruction injection succeeded in 57% of tested agent hijacking scenarios on average, underscoring that these are active, high-yield attack vectors rather than theoretical concerns.

First Look: Agentic AI SOC Systems Ship Autonomous Decision-Making at Machine Speed

First Look: Agentic AI SOC Systems Ship Autonomous Decision-Making at Machine Speed

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.8 SecurityWeek

Agentic AI systems deployed in security operations and enterprise workflows are increasingly executing autonomous decisions at machine speed, using LLM-derived confidence regardless of context accuracy. The core security risk is that incomplete, poisoned, or manipulated context fed to these agents produces confidently wrong actions executed without human review. Defenders face a compounded threat: adversaries can now target the context layer—asset inventories, threat feeds, exposure data—to induce systematic misconfiguration or inaction at scale.

MoEngage Deploys Autonomous AI Agents via Aampe Acquisition

MoEngage Deploys Autonomous AI Agents via Aampe Acquisition

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.8 TechCrunch AI

MoEngage has acquired Aampe to deploy individualized AI agents for every customer, enabling autonomous decisions on messaging targeting, timing, and content at enterprise scale across 1,350+ brands globally. This architecture introduces a large, distributed fleet of autonomous agents operating on sensitive behavioral and PII data, dramatically expanding the blast radius of any single compromise. Security teams at enterprises adopting this platform must now reason about agent-level trust boundaries, data inference risks, and the amplification potential of adversarial manipulation across millions of simultaneous decision-making agents.

Dragos Launches EmberAI, an OT-Specific AI Platform

Dragos Launches EmberAI, an OT-Specific AI Platform

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 SecurityWeek

Dragos has launched EmberAI, an AI module embedded within its OT security platform that allows analysts to query threat intelligence, asset data, and network activity in plain language, grounded in a decade of proprietary OT-specific data. The system introduces new attack surface considerations because it aggregates highly sensitive OT network telemetry, vulnerability data, and adversary intelligence into a single AI-queryable layer — making the platform itself a high-value target. Defenders must weigh the risks of prompt injection, over-reliance on AI-generated recommendations in safety-critical environments, and the intelligence value this consolidated dataset represents to nation-state adversaries.

Mistral AI Ships OCR 4 with Document Extraction

Mistral AI Ships OCR 4 with Document Extraction

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.8 Mistral AI (via HN)

Mistral OCR 4 is a production-grade document intelligence model delivering bounding boxes, block classification, inline confidence scores, and 170-language OCR optimised for enterprise RAG and search ingestion pipelines. For defenders, the model's role as a trusted ingestion component in downstream retrieval pipelines creates a high-value attack surface: adversarially crafted documents can now influence RAG context, citations, and automated redaction decisions at scale. The self-hosted single-container deployment option further expands the supply chain and misconfiguration risk surface for organisations running document intelligence internally.

AWS Launches Bedrock AgentCore for Autonomous Payments

AWS Launches Bedrock AgentCore for Autonomous Payments

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.8 AWS Machine Learning Blog

AWS has launched Amazon Bedrock AgentCore Payments, a managed infrastructure layer that enables AI agents to autonomously transact with external model providers and services using the x402 payment protocol, without human intervention. This capability introduces a new class of financial attack surface where compromised or manipulated agents can autonomously spend real funds, exfiltrate value, or be redirected to malicious service endpoints. Defenders must now treat agent payment credentials and spending budgets as first-class financial controls, on par with cloud IAM policies.

Bayer and Thoughtworks Ship PRINCE Agentic RAG Platform

Bayer and Thoughtworks Ship PRINCE Agentic RAG Platform

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 HN AI Security

Bayer AG and Thoughtworks have published a detailed case study on PRINCE, a production agentic RAG system combining multi-agent orchestration, Text-to-SQL, and human-in-the-loop workflows to answer complex pharmaceutical preclinical research questions and draft regulatory documents. The system's architecture — spanning intent clarification, planning, retrieval, reflection, and writing agents with access to decades of safety study data — introduces a broad attack surface including prompt injection across agent boundaries, SQL injection via natural language, and sensitive data exfiltration through compromised agent outputs. Defenders evaluating similar agentic platforms should treat each inter-agent handoff as a trust boundary requiring independent validation and focus on data leakage controls given the sensitivity of preclinical regulatory data.

Anthropic Launches Claude Code with Local Memory Layer

Anthropic Launches Claude Code with Local Memory Layer

FIRST LOOK ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 5.8 Anthropic (via HN)

Recall is an open-source, fully-local memory layer for Anthropic's Claude Code that persists and summarises project context across coding sessions without sending data to external services. For defenders, the introduction of a persistent, file-based context store creates a new attack surface: a poisoned or tampered memory file can silently inject malicious instructions into every subsequent Claude Code session. Security teams should treat the local memory store as a trusted-input boundary and apply appropriate file-integrity and access controls.

Enterprise Security Platforms Ship Autonomous Threat Response

Enterprise Security Platforms Ship Autonomous Threat Response

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 The Hacker News

A new class of agentic AI security platforms is emerging that autonomously correlates threat intelligence, validates controls, and prioritizes remediations across siloed enterprise security tooling — moving beyond assistive chatbot interfaces to continuous, multi-step autonomous action. This shift introduces significant new attack surface: an AI system with persistent access to live exposure data, security telemetry, and remediation workflows becomes a high-value target for adversarial manipulation. Defenders must assess trust boundaries, prompt injection risks, and the consequences of autonomous action taken on poisoned or manipulated inputs before deploying these systems.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.