Check Point Research demonstrated that a frontier AI model independently discovered a viable ransomware attack path using Chrome's File System Access API — no native payload, no exploited vulnerability, no root access required.
The latest AI security developments, threats, and industry updates.
Check Point Research demonstrated that a frontier AI model independently discovered a viable ransomware attack path using Chrome's File System Access API — no native payload, no exploited vulnerability, no root access required.
Two critical vulnerabilities in Cursor IDE, CVE-2026-50548 and CVE-2026-50549 (collectively DuneSlide), allow prompt injection attacks to escape the editor's sandbox and execute arbitrary code at the OS level — with no user click required. All Cursor versions before 3.0 are affected. Cato Networks disclosed publicly on July 3, 2026.
OpenAI's Daybreak program and its GPT-5.5-Cyber model have found hundreds of vulnerabilities across critical open-source infrastructure in weeks, including a 23-year-old OpenBSD bug and a Firefox WebAssembly flaw that emptied Pwn2Own's Firefox bracket. The same model scores 39.5% on ExploitGym.
Formal verification research published July 4, 2026 shows that attested TLS, the core trust mechanism underpinning confidential computing, is fundamentally flawed. CVE-2026-33697 (CVSS 7.5) affects Meta's WhatsApp Private Processing, Cocos AI, and other AI inference systems relying on Trusted Execution Environments.
Check Point Research demonstrates a complete browser-based ransomware chain requiring no native payload or installation. A fake AI enhancement tool tricks users into granting File System Access API permissions, then enumerates, exfiltrates, and encrypts local files entirely within the browser. DeepSeek showed significantly weaker resistance to generating this technique than OpenAI or Anthropic models.