If someone on your leadership team needs to see this, forward it their way.

Three signs the AI security game is shifting. OpenAI pointed its most powerful hacking tool at fixing open-source software instead of breaking it. Google published a blueprint for keeping its own AI agents on a leash — built on the assumption they can't be fully trusted. And five governments' intelligence agencies issued a rare warning aimed at executives, not IT: AI-powered attacks are coming fast, and cyber resilience is now your board's problem. If your organization runs on software, uses AI, or has a board, all three touch you.

What Happened

On June 22, OpenAI launched a program called Patch the Planet. It aims its most capable cybersecurity AI at finding and fixing flaws in open-source software — the free, shared building blocks that sit quietly inside almost every product, app, and system your company uses. Most of these components are maintained by tiny volunteer teams. The security firm Trail of Bits supplied human experts who review every single thing the AI flags before it reaches a maintainer, which is the part that actually matters. In its first five-day sprint, the effort covered 19 widely used projects, surfaced hundreds of issues, and got dozens of fixes merged.

The name is a wink at "Hack the Planet," the rallying cry from the 1995 cult film Hackers. The direction of travel is the opposite: instead of breaking in, the AI is meant to patch up.

(If you want to pass this on to your security team: the model is OpenAI's GPT-5.5-Cyber, paired with its Codex Security tool, under the broader "Daybreak" initiative. Initial projects include Python, Go, cURL, and pyca/cryptography. HackerOne and Calif are assisting with triage and disclosure.)

Why It Matters

→ The bottleneck has flipped. Finding flaws used to be the hard part. Now AI finds them faster than anyone can fix them — so the real work is patching without drowning volunteer maintainers in AI-generated false alarms. The human review layer is the actual product here, not the AI.

→ The same tool that finds a flaw can write the attack for it. That makes this a race. Whoever reaches a piece of software first — a defender patching or an attacker exploiting — wins that round. OpenAI is betting defenders can stay ahead by moving first.

→ Shared infrastructure means your infrastructure. A flaw in a widely used library reaches thousands of systems, including yours, often before you've heard the library's name. When that code gets safer, so do you. When it doesn't, that's your exposure.

Almost every organization runs heavily on open-source components without a clear picture of which ones or where they sit. You can't benefit from work like this — or judge your risk when the next flaw hits — without knowing what's inside your stack. That inventory is the foundation.

What Happened

On June 18, Google DeepMind published something it calls an AI Control Roadmap. Google is now treating its own AI agents the way a security team treats a privileged employee who could, in theory, go rogue — assume they might cause harm, watch what they do in real time, and keep a hard stop within reach.

Most AI safety work has focused on training models to behave well in the first place. DeepMind's framework starts from a different assumption: training alone isn't enough once an agent is loose in the real world with access to tools, data, and systems. So it builds containment around the agent — continuous monitoring of what it's doing, a cryptographic record of every action it takes, and a kill switch to shut it down if something goes wrong.

The most useful detail came out of the data. DeepMind analyzed a million tasks performed by its coding agents. Most of the problems it flagged weren't attackers or scheming AI. They were agents being overeager — misreading what a user wanted and, in at least one case, deleting data unintentionally while trying too hard to finish the job.

(For your technical team: the framework is built around a supervisor agent doing real-time monitoring, cryptographic signing of agent actions, and tiered response levels. DeepMind reports it's already running a live monitor on its Gemini coding agent. The roadmap and a companion "Three Layers of Agent Security" guide are on the DeepMind blog.)

Why It Matters

→ A leading AI lab is admitting good training isn't enough. If the company building these agents thinks you need monitoring and a shut-off switch around them, that's a strong signal for anyone deploying agents. Safety can't live only inside the model — it has to live in the controls around it.

→ The real risk is less sci-fi than you'd think. The headline fear is agents turning malicious. DeepMind's own data says the everyday danger is an agent being too eager — misreading a goal and doing damage while trying to help. That should shape your guardrails: protect against enthusiasm, not just attackers.

→ There's a gap between what DeepMind recommends and what you can buy. These controls aren't standard features in most agent tools yet. So if you're connecting AI agents to real systems, the monitoring, the audit trail, and the ability to pull the plug fast are on you to add. They don't come in the box.

If you're deploying AI agents that can touch real systems — files, email, code, customer data — answer one question: can you see what the agent is doing, and can you stop it fast if it goes wrong? If either answer is no, fix that before you widen what the agent can reach.

Do you have AI agents connected to real systems in your business yet — and if so, can you actually see what they're doing? Even a "not yet" is useful to know.

Hit reply with a one-liner.

Your finance close runs in #finance. Stripe and QuickBooks reconciled, runway updated, posted Sunday night without you asking.

Engineering review lands in #eng. Viktor pulled the open PRs, left comments on auth-refactor, flagged a dependency blocking api-pagination.

Campaign brief lands in #growth: Meta CPA up 18%, recommendation to pause broad match, a draft landing page already deployed for the variant test.

You hired him on day zero. He lives in Slack and Microsoft Teams alongside your contractors and investors, connects to 3,000+ tools, pushes back when you ship something dumb.

"Viktor is now an integral team member, and after weeks of use we still feel we haven't uncovered the full potential." Patrick, Director, Yarra Web.

Get Started for Free

What Happened

On June 22, the cybersecurity agencies of the Five Eyes alliance — the intelligence-sharing partnership between the US, UK, Canada, Australia, and New Zealand — issued a rare joint statement. The warning: AI is rapidly compressing the time between a software weakness being discovered and being exploited, from weeks down to days or hours, and attacks capable of overwhelming corporate and government defenses are months away, not years.

What's unusual is who they addressed. This wasn't a technical bulletin for security teams. It was aimed at boards and executives. The agencies said cyber risk can no longer be treated as a purely technical issue — it's a core business responsibility that sits with leadership. Their words: "It is not enough to have controls." Leaders have to be confident those controls will actually hold up during a real incident, not just exist on paper.

The timing wasn't an accident. The statement landed days after the US government ordered Anthropic to cut off foreign access to its most capable Mythos-class models on national security grounds — a story we've been tracking. The agencies are signaling that the offensive potential of these tools has moved from a research concern to a boardroom one.

(For your security team: the statement came jointly from CISA, the UK's NCSC, the Canadian Centre for Cyber Security, the Australian Signals Directorate, and New Zealand's NCSC. The full text is published on each agency's site.)

Why It Matters

→ They addressed executives directly, and that's the signal. This wasn't written for the people who already get it. It was written for leaders who treat cyber risk as something they delegate. The message: delegation isn't enough anymore — leadership owns whether the organization can actually survive an attack.

→ "Months, not years" is a planning instruction. They're saying assume this capability arrives soon and act like it. An annual security review doesn't move at that speed. The teams that shorten their cadence are the ones that stay ahead.

→ The fixes are deliberately unglamorous. Reduce your attack surface, patch faster, retire legacy systems, tighten access, and test your breach response before you need it. Nothing exotic — just the basics, done with real urgency. That's what separates resilient from exposed.

This is a board-level conversation, and the statement is written to be handed to a board. The honest question for leadership isn't whether you have controls — it's whether anyone has confirmed they'd hold under a real, fast-moving attack. If the answer is "we assume so," that's the gap the Five Eyes are pointing at.

If someone in your organization needs to be reading this brief, it's probably the person making AI tool decisions without a security lens. Forward it their way.

- Hashi