security

Vercel launched Protected Source Maps so browser `.map` files return 404 to the public while staying available to authenticated team members. The feature is enabled by default for…

OpenAI disclosed that two employee devices were affected in the TanStack npm supply chain attack and said limited credential material was exfiltrated from a subset of internal sou…

Vercel launched Trusted Sources for Deployment Protection, letting protected deployments accept short-lived OIDC identity tokens from Vercel projects and external services instead…

Whisper launched an MCP-based AI context layer for security and infrastructure investigations, exposing live BGP, DNS, WHOIS, GeoIP, and threat-intelligence relationships from Whi…

Vercel updated the Sandbox firewall to support forwarding selected HTTP requests to a proxy under customer control, along with matchers and credentials brokering for the requests…

Fabraix launched publicly as an adversarial verification platform for AI agents, pairing black-box stress testing with runtime defense. The product is built around finding functio…

Anthropic published new alignment research saying current Claude models from Haiku 4.5 onward no longer show the blackmail-style agentic misalignment behaviors highlighted in prio…

Anthropic introduced natural language autoencoders, a research approach that translates Claude's internal activations into human-readable text. The company positions it as an inte…

OpenAI began rolling out Trusted Contact, an optional ChatGPT setting that lets adults nominate a person who may be notified if trained reviewers determine a serious self-harm ris…

Vercel published a coordinated May 2026 security release for Next.js, covering 13 advisories across denial of service, middleware and proxy bypass, SSRF, cache poisoning, and XSS.…

Braintrust confirmed a breach in one of its AWS environments and told customers to rotate sensitive API keys on May 6. For an AI evaluation and experimentation platform, the incid…

Vercel open-sourced deepsec, a security harness that uses coding agents to scan large repositories for hard-to-find vulnerabilities on infrastructure the user controls. The projec…

ZeroClaw merged a security-policy fix that distinguishes git -C from git -c in its shell controls. The change addresses an over-broad policy behavior that could block legitimate G…

Tinfoil launched on Product Hunt with a privacy-focused AI chat and API pitch centered on keeping conversations private. The product enters a market where data handling and traini…

noirdoc launched an open-source Claude Code plugin and companion API proxy that pseudonymize names, emails, IBANs, and other sensitive fields before model calls are made. The prod…

QwenPaw v1.1.5.post1 ships a security-sensitive update that rejects absolute static file paths to prevent path traversal, while also moving Feishu tool approvals to interactive ca…

Anthropic published an election safeguards update describing how Claude is trained and monitored to handle political and election-related prompts. The company shared fresh evaluat…

Vercel's April 2026 security bulletin says the incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee. According to the bulletin, the…

OpenAI opened applications for a GPT-5.5 Bio Bug Bounty that asks vetted researchers to find a universal jailbreak that can beat a five-question biology safety challenge in Codex…

OpenAI released Privacy Filter, an open-weight model for detecting and redacting personally identifiable information in text. The model is positioned as local, high-throughput pri…

GitHub added a workflow that lets teams assign Dependabot alerts to coding agents including Copilot, Claude, and Codex so the agent can analyze the vulnerability and open a draft…