Reports
AI-generated structured vendor updates
OpenAI buys Ona: Control point shifts to persistent AI agent runtime
OpenAI acquires cloud infrastructure startup Ona to integrate its persistent execution environment into Codex, enabling AI agents to run independently for hours or days in enterprise-owned clouds. This addresses security, governance, and audit requirements, signaling OpenAI's shift from model provider to full-stack AI platform.
In-depth Analysis of CISA Agentic AI Security Guidelines
CISA released the world's first Agentic AI security deployment guidelines on May 1, 2026, marking a critical transition from theoretical discussions to mandatory compliance requirements.
Anthropic MCP Protocol Exposed to Architecture-Level Security Vulnerabilities
Security research team OxSecurity discovered design flaws in Anthropic MCP protocol that can lead to remote code execution (RCE), with 10 CVEs assigned and counting.
Anthropic Partners with Mozilla, AI Models Independently Discover High-Severity Firefox Vulnerabilities
Anthropic's Claude Opus 4.6 model discovered 22 vulnerabilities in Mozilla Firefox over two weeks, with 14 classified as high-severity. This demonstrates AI's ability to independently identify unknown vulnerabilities in complex software and its nascent capability to generate exploits, signaling a new phase in AI-powered cybersecurity offense and defense.
OpenAI Abandons Traditional SAST for AI Constraint Reasoning Verification
OpenAI Codex Security discards traditional SAST methods, adopting AI-driven constraint reasoning and verification to identify security vulnerabilities. This technology aims to significantly reduce false positives, representing deep innovation in AI-powered code security.
OpenAI Launches Codex Security Research Preview for AI-Powered Application Security
OpenAI introduces Codex Security, an AI application security agent based on Codex model, focusing on context-aware vulnerability detection and remediation. The tool aims to reduce false positives common in traditional SAST tools by understanding entire project code and environment. Currently in research preview phase for selected developer testing.
CrowdStrike Launches Phishing-Resistant MFA for Identity Platform
CrowdStrike introduces FalconID with FIDO2/WebAuthn standards for phishing-resistant MFA, integrated with Falcon platform for contextual risk analysis. This represents strategic expansion from endpoint to identity protection.