LLM News

OpenAI has added native sandbox execution and governance controls to its Agents SDK, allowing enterprises to deploy AI agents with isolated compute environments and credential separation. The SDK now supports major cloud storage providers including AWS S3, Azure Blob Storage, Google Cloud Storage, and Cloudflare R2, with built-in integrations for sandbox providers like E2B, Modal, Blaxel, and Vercel.

One week after Anthropic launched Project Glasswing to let 50+ organizations test its Claude Mythos vulnerability-finding model, the actual CVE count remains unknown. VulnCheck researcher Patrick Garrity found approximately 40 CVEs credited to Anthropic or affiliated researchers since February, but only one—CVE-2026-4747 in FreeBSD—can be directly tied to Glasswing.

OpenAI has released GPT-5.4-Cyber, a fine-tuned variant of GPT-5.4 built for defensive cybersecurity work including binary reverse engineering. Access is initially restricted to a few hundred verified security professionals, with expansion planned to thousands of individuals and hundreds of teams in coming weeks.

GitHub has integrated Copilot directly into its security assessment tools, enabling organization admins and security managers to request real-time explanations and guided remediation steps from detected secret risks and code vulnerabilities without leaving the assessment interface.

GitHub has extended Dependabot to allow direct assignment of security alerts to AI coding agents including Copilot, Claude, and Codex. The feature targets vulnerabilities requiring code changes beyond simple version bumps, automating remediation workflows across entire projects.

A source code leak in Anthropic's Claude Code 2.1.88 update exposed more than 512,000 lines of TypeScript, revealing unreleased features including a Tamagotchi-like pet interface and a KAIROS feature for background agent automation. Anthropic confirmed the leak was caused by a packaging error, not a security breach, and has since fixed the issue.