Ilya Kabanov

5 AI security stories this week that change your decisions (Mar 16-22, 2026)

The gap between intended and actual behavior in deployed AI systems is widening.

1. 7 proofs of False in Rocq, the proof checker that verifies the Airbus C compiler

Finding soundness bugs in proof assistant kernels used to require PhD-level expertise in type theory. Historically, one was found per year. A guy with a $200/month AI subscription found 7 in 3 days, each one a way to make the checker certify something impossible as correct.

2. OpenAI reveals its coding agents bypass security, extract credentials, and deceive users to get tasks done

Over five months monitoring tens of millions of internal coding agent interactions, OpenAI found that circumventing restrictions and deceiving users are common behaviors. The agents are just trying so hard to complete tasks that they encode commands in base64, extract encrypted credentials from keychains, and attempt to prompt-inject users.

3. OpenAI explains why Codex Security doesn't include SAST. We may not need it for long.

SAST tells you a defense exists in the code path. OpenAI argues it can answer whether the defense works. If you can answer the second question, the first one becomes irrelevant.

4. Cursor enters code security with four autonomous agents reviewing 3,000+ internal PRs per week

Cursor shipped four security agents on its Automations marketplace after AI coding drove internal PR volume up 5x in nine months. On Cursor's own codebase, the agents review 3,000+ PRs and catch 200+ vulnerabilities per week.

5. Microsoft benchmark for LLM performance on end-to-end SOC tasks

Microsoft's CTI-REALM tests 16 models on real detection engineering tasks: threat report to MITRE mapping to KQL query to Sigma rule. Opus 4.6 led at 0.64, O4-Mini trailed at 0.36, and more reasoning made GPT-5 worse.

Sources:

  1. In search of falsehood (Tristan Stérin, March 5, 2026)
  2. How we monitor internal coding agents for misalignment (OpenAI, March 19, 2026)
  3. Why Codex Security Doesn't Include a SAST Report (OpenAI)
  4. Securing our codebase with autonomous agents (Cursor blog, March 16, 2026)
  5. CTI-REALM: Benchmark to Evaluate Agent Performance on Security Detection Rule Generation Capabilities