This edition is mostly about AI agents becoming operational infrastructure rather than demos. Security teams are getting new tooling from Anthropic, Vercel, Microsoft, and open source projects at the same time that policymakers are moving closer to pre-release oversight of frontier models. The throughline is clear: agent capability is rising fast, and the market is now building the governance, identity, and runtime controls needed to keep up. There is also a practical warning underneath several of these stories: AI-era security failures increasingly show up at the harness, tool, and deployment layer, not just in the model itself.
Risks & Security
OWASP launches FinBot CTF for agentic AI security
OWASP formally launched FinBot as a hands-on CTF for testing prompt injection, tool misuse, and other agentic AI failure modes. It gives defenders a more practical way to learn the OWASP GenAI model than another abstract checklist.
References:
UK AISI says GPT-5.5 reaches a new cyber benchmark
The UK’s AI Security Institute said GPT-5.5 is among the strongest cyber-capable models it has tested and the second to complete one of its end-to-end attack simulations. That suggests frontier cyber capability is broadening across labs rather than remaining isolated to one model family.
References:
Microsoft is turning agent governance into a product layer
Microsoft is moving agent security from visibility into enforcement, pairing its open-source Agent Governance Toolkit with Agent 365 features for cross-cloud discovery, lifecycle controls, and upcoming runtime blocking. The message is that enterprise agent governance is becoming an operational product category.
References:
Anthropic is widening security reviews around Claude Code
Anthropic’s Claude Code Security preview and its broader automated security review features show the company pushing AI-assisted AppSec deeper into normal development workflows. The emphasis is on finding subtle, context-heavy vulnerabilities and generating fixes for human review.
References:
OX says MCP’s STDIO design flaw creates ecosystem-wide RCE risk
OX Security argues that MCP’s STDIO execution model creates a direct path from tool configuration to command execution, with blast radius across popular agent frameworks and IDEs. The important lesson is architectural: weak boundaries around tools can turn prompt injection into full host compromise.
References:
Technology & Tools
Vercel open-sources deepsec for codebase security
Vercel’s new deepsec project uses coding agents to scan repositories, investigate suspicious paths, and revalidate findings before export. It is a good example of security tooling shifting from one-pass pattern matching toward multi-step agent workflows.
References:
SharkMCP brings packet capture into MCP
SharkMCP exposes tshark-powered packet capture and analysis through MCP, making network inspection available as an agent tool. It is a niche project, but a useful one for debugging and security workflows that benefit from direct packet visibility.
References:
ship-safe packages agentic security scanning into one CLI
The open-source ship-safe CLI bundles secrets scanning, dependency checks, and AI- and MCP-specific security rules into a single workflow. Its broader significance is that it treats agent configs, prompt surfaces, CI/CD, and supply chain risk as one security problem.
References:
Business & Products
PwC launches managed security on Google Security Operations
PwC has launched a managed detection and response service on Google Security Operations that combines threat detection, vulnerability management, incident response, and testing with automation and agentic workflows. The pitch is simplified operations and faster deployment for organizations that do not want to build this stack themselves.
References:
Cisco moves to acquire Astrix for AI agent security
Cisco’s planned Astrix acquisition shows how quickly AI agents are being folded into the non-human identity problem. The deal is about discovery and control of agents, tokens, service accounts, and OAuth connections before they become unmanaged attack paths.
References:
Perplexity is turning enterprise search into workflow automation
Perplexity’s enterprise push now looks less like search and more like an agent platform, with background task execution, connector-driven workflows, and document creation on top of enterprise data. The strategy is to make the answer engine responsible for carrying work through to action.
References:
Regulation & Policy
White House weighs pre-release review of frontier AI models
Reporting this week suggests the U.S. government is moving closer to a standing process for reviewing advanced AI models before release, especially on national security grounds. That would formalize a trend that has so far lived mostly in voluntary lab-government relationships.
References:
White House pushes back on broader Mythos access
White House officials reportedly opposed Anthropic’s plan to expand Mythos access to more organizations, citing both misuse risk and compute constraints. The story matters because access control to powerful models is becoming a live policy instrument rather than just a company decision.
References:
Opinions & Analysis
Anthropic frames agent security as shared responsibility
Anthropic’s latest agent safety research argues that security depends on four layers: model, harness, tools, and environment. That framing is useful because it moves attention away from the model alone and toward the operational controls that usually decide whether agents are safe in production.
References:
NVD changes are colliding with AI-accelerated vulnerability discovery
NIST’s decision to stop routinely enriching every CVE comes at a moment when AI-assisted discovery is driving more vulnerability volume, not less. The practical takeaway is that teams will need stronger enrichment, exploitability, and patching workflows outside the old NVD-centered model.
References:
Leave a comment