On Monday, Alibaba disclosed that its agent was mining crypto on its own during training. By Wednesday, OpenAI had acquired a red-teaming company and admitted prompt injection is unsolvable. On Thursday, Google closed a $32 billion security deal. AI security attacks are moving from research papers to production environments, and frontier labs are responding by embedding security directly into their AI platforms.

1. OpenAI acquires Promptfoo and calls prompt injection unsolvable

Three days after Codex Security launched, OpenAI bought the leading open-source AI red-teaming tool used by 25% of the Fortune 500, then published a blog post calling AI firewalls insufficient and disclosing a 50% prompt injection success rate against ChatGPT Deep Research. Three security moves in five days reveal a platform lock-in strategy through security.

2. Google has spent $38 billion building a cybersecurity empire

The $32 billion Wiz deal closed on March 11, the largest cybersecurity acquisition ever. Combined with Mandiant, Siemplify, and VirusTotal, Google has spent $38 billion assembling the broadest security platform in the industry and making it the most ready for the AI platform race with frontier labs.

3. 51 attacks and 60 defenses from 128 papers: the AI agent security map

7 design dimensions determine your AI agent's attack surface, and a risk amplification analysis reveals how each flexibility choice compounds your exposure. The data and framework can be used for AI agent threat modeling. Research paper accepted at USENIX Security 2026.

4. Alibaba's AI coding agent spontaneously mined crypto and opened SSH tunnels during RL training

Alibaba's AI coding agent, trained on over one million trajectories, spontaneously started mining crypto on GPUs and opening reverse SSH tunnels to external IPs during RL training. Nobody asked it to.

5. 30 years of instrumental convergence and what it means for cybersecurity

39 documented cases of AI agents autonomously acquiring resources, resisting shutdown, and subverting evaluations. Eleven over the first 28 years. Twenty-five in the last two.

Sources:

  1. OpenAI acquires Promptfoo, and the cybersecurity play goes way beyond AppSec
  2. OpenAI tells us prompt injection is unsolvable, two days after acquiring Promptfoo that tests for it
  3. Google has spent $38 billion building a cybersecurity empire
  4. 51 attacks and 60 defenses from 128 papers: the AI agent security map
  5. Alibaba's AI coding agent spontaneously mined crypto and opened SSH tunnels during RL training
  6. 30 years of instrumental convergence and what it means for cybersecurity