AI safety, governance, and compliance developments
25 articles
A Princeton and UW study tested 23 AI models with sponsor incentives. Eighteen of 23 recommended the expensive sponsored flight over cheaper options more than half the time.
Microsoft's MDASH runs more than 100 AI agents in parallel to scan Windows code. In May 2026 it found 16 real CVEs, including 4 Critical RCEs, and scored 88.45% on the CyberGym security benchmark.
Sinch surveyed 2,527 decision makers across 10 countries and found 74% of enterprises already rolled back deployed AI agents. The cause isn't model quality: it's the infrastructure layer most deployment plans skip.
A GitHub repo with 137,000 stars exposed the system prompts behind Cursor, Windsurf, Claude Code, and 27 other AI coding tools. Here's what the hidden instructions actually reveal.
88% of enterprises reported AI agent security incidents last year. The cause: agents select tools from shared registries using descriptions no one verifies, and attackers found that gap before most security teams did.
Mistral’s new remote agents in Vibe point to a larger shift in how coding assistants are used: less pair-programming at the keyboard, more parallel cloud execution with human review at decision points.
Anthropic says 6% of sampled Claude conversations involve personal guidance requests, a behavior shift that forces product teams and enterprises to rethink AI trust, safety policy, and governance controls.
FIDO Alliance launched new work on AI agent interaction and payment standards with support from payments and identity partners, creating a concrete trust framework that could shape agentic commerce rollout plans in 2026.
OpenAI's Symphony repository is gaining traction because it shifts teams from supervising every coding agent move to managing task flow, proofs of work, and acceptance gates.
Cisco introduced an IDE extension that scans MCP servers, agent skills, and AI-generated code. The release gives engineering and security teams a concrete way to test agent tooling risk before rollout.
Utimaco joined VAST Cosmos in April 2026, signaling a new buyer baseline for enterprise AI. Teams now expect proof of where encryption keys live, who controls them, and how sovereignty rules are enforced.
HUMAN Security says automation grew almost eight times faster than human traffic in 2025. That changes how growth teams, security teams, and analytics owners should read web performance in 2026.
Anthropic says Claude agents closed 186 deals worth over $4,000 in a one-week office marketplace. The key signal is that stronger models captured better outcomes while many users did not clearly see the gap.
Cyera’s acquisition of Ryft highlights a deeper shift in AI security. Enterprise teams now need controls over how agent systems assemble and move sensitive data, not just guardrails around model prompts and outputs.
Cisco introduced an IDE extension that scans MCP servers, agent skills, and AI-generated code. The release gives engineering and security teams a concrete way to test agent tooling risk before rollout.
Reuters reports Meta will capture employee mouse and keyboard activity to train AI agents. The move may speed product quality, but it raises fresh governance, labor, and security questions for enterprise AI teams.
NVIDIA’s security team published a detailed AGENTS.md injection scenario that shows how a compromised dependency can steer coding agents, even when the user prompt looks benign.
A new Axios report says federal officials are pressing financial institutions to prepare for Mythos-era cyber risk, signaling a practical shift from AI model hype to risk operations.
Anthropic updated its Responsible Scaling Policy to version 3.1 on April 2, 2026, clarifying capability-threshold language and pause discretion that enterprise buyers rely on during risk reviews.
OpenAI expanded Trusted Access for Cyber on April 14, 2026 and introduced GPT-5.4-Cyber for higher verified tiers, changing how security teams can run advanced defensive workflows.
Anthropic says its unreleased Mythos 2 Preview model is strong enough at finding software flaws that it should stay out of public hands for now. That marks a new threshold in AI security risk.
OpenAI has opened applications for a six-month Safety Fellowship with stipends, compute support, and mentorship. The program shows how major labs are trying to grow outside safety talent, not just hire internally.
The missing Claude Code 2.1.88 release became a supply-chain warning for AI developer tooling. This guide focuses on immediate verification steps teams can take this week.
March 2026 OpenClaw-related security research highlighted both attack paths and defense techniques for agentic systems, reinforcing that deployment safety now depends on ongoing adversarial testing.
Anthropic's Compliance API launch in March 2026 signaled that enterprise AI adoption now depends as much on auditability and control surfaces as it does on model quality.