AI
AWS Nova Act Service Card defines the limits of browser agents
AWS documented Nova Act limits for browser agents, including 100 sequential steps, 30-minute sessions, prompt injection boundaries, and IAM resources.
AI
Salt Code brings 40 security policies into AI coding assistants through MCP
Salt Code connects security policy packs to AI coding assistants through MCP, moving checks from PR review into code generation, MCP configuration, and runtime behavior.
AI
ChatGPT Sheets security report exposed prompt injection across sidebars
PromptArmor disclosed a ChatGPT for Google Sheets exfiltration path, and OpenAI removed Apps Script code generation.
AI
Mythos found 10,000 vulnerabilities, now patching is the bottleneck
Anthropic Project Glasswing says Claude Mythos Preview and partners can find vulnerabilities faster than teams can validate, disclose, and patch them.
AI
Codex can now control Windows apps as coding agents move onto the PC
OpenAI Codex added Windows Computer Use and remote control from mobile. The update expands coding agents from shells and repos into desktop apps.
AI
Mini Shai-Hulud hit 5,718 commits and AI coding config files
CSA analyzed the Mini Shai-Hulud and Megalodon supply-chain campaigns, showing how npm attacks now reach AI coding settings and CI/CD authority.
AI
Trust3 says agent discovery must track hidden MCP connections
Trust3 AI’s agent discovery guide frames shadow agents, MCP bindings, runtime traffic, and ownership as an inventory problem for AI governance.
AI
TrustAI kill switch cuts agent data access in seconds
TrustLogix TrustAI moves AI agent control to the data layer with MCP governance, intent-based authorization, and a runtime kill switch.
AI
Agent 365 goes GA and prices agent governance at $15 per user
Microsoft Agent 365 is now generally available, turning AI agents into governed inventory across Entra, Defender, Purview, and Microsoft 365 admin.
AI
Cursor and Endor Labs Put Security Gates Inside the Coding Agent Loop
Cursor and Endor Labs formalized a hooks-based security partnership for agentic coding, blocking package installs, MCP use, and risky commands inside the IDE loop.
AI
IBM and Red Hat Put $5B Behind Lightwell for AI-Era Patching
IBM and Red Hat introduced Project Lightwell, a $5B effort to turn AI-found open-source vulnerabilities into verified patches.
AI
Sysdig Traces a 113-Second LLM-Agent Intrusion Into Postgres
Sysdig says an LLM-driven attacker chained a marimo RCE into AWS secrets, SSH bastions, and an internal PostgreSQL dump.