Penetration testing stories

Anthropic and OpenAI take rival paths on AI cyber tools, as one keeps access tightly restricted while the other widens vetted user access.

AI coding accelerates software delivery, but security teams struggle to keep up as more code, alerts and manual checks pile up.

HackerOne rolls out h1 Validation to help enterprises sort AI-found bugs by real-world exploitability as submissions jump 76% and critical flaws rise.

HackerOne unveils h1 Validation as vulnerability reports surge 76% and AI tools speed up discovery, leaving firms struggling to triage real threats.

Anthropic limits Claude Mythos to critical users after it exposed browser and Linux flaws, stoking fears of AI-driven cyber risk for banks.

LangWatch releases open-source AI red-teaming framework to expose hidden vulnerabilities in production agents through multi-turn attack simulations.

Anthropic is to give UK banks controlled access to its Mythos AI model, as financial firms brace for a new era of autonomous cyber threats.

Anthropic rolls out Claude Opus 4.7 with sharper coding, stronger image handling and new cyber safeguards, plus fresh API controls and review tools.

Synack launches AI-driven assessment to expose overlooked attack surface gaps as offensive tools speed up vulnerability discovery.

iProov warns iOS injection attacks surged 1,151% in late 2025 as generative AI fuels deepfake impersonation and identity fraud.

Abacus secures CREST accreditation for penetration testing, bolstering its pitch to regulated sectors as demand rises for verified cyber security assurance.

Cyberscope and Lunar Strategy team up to offer Web3 projects audits, compliance checks and launch support before they scale.

Acronis rolls out globally available managed detection and response for MSPs, bundling 24/7 monitoring, incident response and recovery tools.

ChatGPT flaw may have let attackers siphon sensitive user data via DNS queries, prompting OpenAI to issue a fix after researchers exposed the bug.

ExpressVPN expands beyond VPNs with encrypted AI chats, launching ExpressAI on confidential computing enclaves after an audit by cybersecurity firm Cure53.

Novee unveils an autonomous AI red teaming tool to probe LLM apps for prompt injection, jailbreaks and other emerging security flaws.

Horizon3.ai doubles ARR as more than 5,200 organisations adopt its NodeZero platform, fuelled by MSSP demand and rising cyber risks.

NSS Labs warns many enterprise AI guardrails fail basic security tests, urging independent, real-world validation of protections.

Rapid7 warns that hands-on attacks against cellular IoT hardware can pivot through trusted modules to breach cloud and backend systems.

Qualys rolls out Agent Val to live‑test exploit paths in production, promising sharper risk prioritisation and major remediation noise cuts.