Penetration testing stories

AI coding accelerates software delivery, but security teams struggle to keep up as more code, alerts and manual checks pile up.

HackerOne rolls out h1 Validation to help enterprises sort AI-found bugs by real-world exploitability as submissions jump 76% and critical flaws rise.

HackerOne unveils h1 Validation as vulnerability reports surge 76% and AI tools speed up discovery, leaving firms struggling to triage real threats.

Anthropic limits Claude Mythos to critical users after it exposed browser and Linux flaws, stoking fears of AI-driven cyber risk for banks.

Cyber Scheme extends professional standards to firms with new company accreditation backed by UK council benchmarks and procurement access.

LangWatch releases open-source AI red-teaming framework to expose hidden vulnerabilities in production agents through multi-turn attack simulations.

Anthropic is to give UK banks controlled access to its Mythos AI model, as financial firms brace for a new era of autonomous cyber threats.

Anthropic rolls out Claude Opus 4.7 with sharper coding, stronger image handling and new cyber safeguards, plus fresh API controls and review tools.

Banks and regulators race to assess Anthropic's controlled Mythos access, as AI cyber testing raises fears over payments, trading and wider financial stability.

CyberUp urges ministers to modernise the Computer Misuse Act as a report warns outdated rules are hampering cyber research and investment.

Study finds UK telecom firms exposing security-critical server data as Europe-wide analysis flags widespread certificate failures and critical asset weaknesses.

Synack launches AI-driven assessment to expose overlooked attack surface gaps as offensive tools speed up vulnerability discovery.

iProov warns iOS injection attacks surged 1,151% in late 2025 as generative AI fuels deepfake impersonation and identity fraud.

Abacus secures CREST accreditation for penetration testing, bolstering its pitch to regulated sectors as demand rises for verified cyber security assurance.

Acronis rolls out globally available managed detection and response for MSPs, bundling 24/7 monitoring, incident response and recovery tools.

ChatGPT flaw may have let attackers siphon sensitive user data via DNS queries, prompting OpenAI to issue a fix after researchers exposed the bug.

ExpressVPN expands beyond its VPN roots with ExpressAI, a privacy-focused platform using confidential computing to keep prompts and chats hidden.

ExpressVPN expands beyond VPNs with encrypted AI chats, launching ExpressAI on confidential computing enclaves after an audit by cybersecurity firm Cure53.

Novee unveils an autonomous AI red teaming tool to probe LLM apps for prompt injection, jailbreaks and other emerging security flaws.

Horizon3.ai doubles ARR as more than 5,200 organisations adopt its NodeZero platform, fuelled by MSSP demand and rising cyber risks.