OpenAI is limiting the release of its newest AI models to a “small group of trusted partners” at the behest of the U.S. government, the company said Friday.

The next generation GPT-5.6 lineup includes Sol, its flagship model; Terra, a more balanced model for everyday use; and Luna, a faster, lower-cost option. Although Sol is the company’s most powerful model, the Trump administration has restricted the release of all three. OpenAI said the preview is limited to partners “whose participation has been shared with the government.”

The administration’s request comes as the U.S. government puts new pressure on AI companies to restrict their most advanced systems. After Anthropic released its most powerful public model Fable 5, the administration ordered the company to remove access for any foreign national, prompting Anthropic to take the model down entirely. 

The incident has brought up questions of how much power the government should have over AI model releases. Dean Ball, a former White House AI adviser and soon-to-be OpenAI employee, says President Trump’s recent executive order — which asks certain AI companies to voluntarily submit their most advanced models for government review up to 30 days before release — has created a de facto involuntary licensing regime for frontier AI, leading to heavy-handed restrictions. 

The problem compounds, Ball argues, when the government doesn’t have clearly defined safety standards, which could lead to endless launch delays that might not only give a hand to China in the AI race, but also jeopardize the billions of dollars going to AI infrastructure buildouts. 

And while OpenAI did as the administration asked this time around, the AI firm made it clear it wasn’t happy with the arrangement.

“We don’t believe this kind of government access process should become the long-term default,” reads a Friday blog post. “It keeps the best tools from users, developers, enterprises, cyber defenders, and global partners who need them.”

OpenAI called the preview a “short-term step” that will put GPT-5.6 on the path to broader availability in the coming weeks, as the company works with the administration to develop a new executive order framework on cybersecurity, as well as a “repeatable process for future model releases.”

GPT-5.6 Sol specs

OpenAI says GPT-5.6 Sol is its strongest model yet, with improved agentic capabilities in coding, biology and cybersecurity. Sol introduces a “max” reasoning effort mode and an “ultra” mode that uses coordinated subagents to solve highly complex tasks (just the sort of neat trick that sends your token usage skyrocketing).

GPT-5.6 excels at several benchmarks, says OpenAI, including being slightly better at coding workflows than Anthropic’s Claude Mythos 5, which the Trump administration also effectively banned this month. OpenAI says GPT-5.6 Sol is also competitive with Mythos preview, but uses a third of the output tokens. 

To assuage any fears of its powerful models being unsafe, OpenAI says Sol includes its most robust security stack yet. It is, OpenAI says, heavily hardened against adversarial attacks and intentionally optimized to favor defensive cybersecurity work over offensive exploits. In other words, it’s designed to be hard to jailbreak, while prioritizing showing users how to defend against exploits, rather than how to hack into systems. 

OpenAI also says its safety guardrails are built directly into the core model’s behavior, rather than relying on a separate filter on top of it. The firm is likely trying to avoid the trap that caught Anthropic with Fable 5. In the brief moments when Fable 5 was available, whenever the model’s classifiers detected a high-risk topic— like cybersecurity, biology, or chemistry — it wouldn’t just block the prompt; it would route the request to an older model. The whole over-cautious flow and invisible downrouting led to many false positives and user backlash. 

While the GPT-5.6 models are initially available only to a select group of partners, OpenAI plans to make them more broadly available to people using ChatGPT, Codex, and the API soon. 

GPT-5.6 comes in three sizes with tiered pricing: Sol costs $5 per million input tokens and $30 per million output tokens; Terra costs half that; and Luna costs $1 and $6, respectively. OpenAI says it has also improved prompt caching to make repeated prompts cheaper and more predictable.

Update: Added Microsoft’s statement to the article.

Microsoft has quietly extended its free Windows 10 Extended Security Updates (ESU) program for consumers by an additional year, allowing enrolled devices to continue receiving security updates until October 12, 2027.

The change was made without a formal announcement and instead appeared in updates to Microsoft’s Windows 10 ESU documentation and as an “Editor’s note” to a Windows Experience Blog post published yesterday.

“Editor’s note – June 25, 2026 – This post has been updated to reflect that the Windows 10 Extended Security Updates (ESU) program for personal use devices is being provided for an additional year, with coverage now available through Oct. 12, 2027,” reads the updated blog post.

“This extension provides customers with more time to transition to a new Windows 11 PC while continuing to receive critical security updates.”

On October 14, 2025, Windows 10 reached the end of support, and Microsoft no longer provides technical support, feature updates, or security updates for the operating system unless you are running a Windows LTSC version.

For those who are unable to upgrade to Windows 11, Microsoft originally offered consumers an extra year of security updates if they enrolled in a free extended security updates (ESUs) program that would expire on October 12, 2026.

Enterprise customers could also enroll in the ESU program for up to three years, bringing the total cost per device to $427 over that period.

With today’s quiet update, Microsoft has now extended the free consumer ESU program to October 12, 2027, giving users an additional year to upgrade to a newer operating system.

When asked why the free ESU program was extended, Microsoft shared the following statement with BleepingComputer.

“We understand that moving to a new PC can take time. As part of our ongoing commitment to helping customers stay secure during the transition, the Windows 10 Extended Security Updates (ESU) program for personal devices is being provided for an additional year,” explained Microsoft.

“Coverage will now be available through October 12, 2027. This gives customers more time and flexibility to find the best PC for their needs while keeping them protected.”

Consumers can continue to receive extended security for free using one of these methods:

• Paying $30.
• Backing up your Windows settings to your Microsoft account.
• Redeeming 1,000 Microsoft reward points.
• Users in the European Economic Area can receive ESU for free by logging in to Windows 10 with a Microsoft account.

Microsoft says an ESU license can be used on up to 10 devices associated with the same Microsoft account, and users already enrolled will automatically remain covered until the new October 2027 end date.

The company notes that the consumer ESU program is only for personal devices and is not available for systems joined to Active Directory domains, Microsoft Entra, or managed through Mobile Device Management (MDM). However, Microsoft Entra-registered devices are eligible.

The extension gives Windows 10 users another year of security updates as Microsoft continues encouraging customers to upgrade to Windows 11 or purchase new Copilot+ PCs.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Threat actors are creating OpenAI tenants that impersonate legitimate companies and inviting employees to join them, in what appears to be a ploy to trick targets into submitting sensitive company information in chats and projects.

Push Security discovered what they dub as the “Poisoned Tenant” campaign after multiple employees received invitations to join an OpenAI organization named “Push Security Inc.”  While the invite was legitimate, coming directly from OpenAI, the ChatGPT tenant had been created by an attacker using Gmail addresses rather than by the company.

The invitation emails were sent from OpenAI’s legitimate notification address, noreply@tm.openai.com, passed email authentication checks, and were identical to a normal invitation to join an organization’s ChatGPT workspace.

Push Security told BleepingComputer that other customers have also received similar invitations and that all are in the cybersecurity or technology space.

Attacker-controlled OpenAI organizations

According to a new report by Push Security, the invitations targeted specific employees using their work email addresses, suggesting the attackers had researched the employees who work at the company before launching the campaign.

Although OpenAI includes a warning stating that the inviter’s email domain does not match the recipient’s company domain, the notice appears as a single line within the legitimate invitation email.

To better understand the attack’s goal, Luke Jennings, VP, Research & Development at Push Security, accepted one of the invitations.

After accepting, the researcher was immediately added to the fraudulent organization, which impersonated Push Security and contained a single attacker-controlled account with a Gmail address that posted as the company’s CEO, Adam Bateman.

The invited employees had all been assigned Owner privileges within the organization, giving them administrative permissions over the tenant.

As they had administrative access, they could view other pending invitations and confirm that none of the targeted employees had joined the fake ChatGPT organization. They also found that a Visa credit card had already been attached to the organization’s billing account, adding further legitimacy.

Push Security told BleepingComputer that the project was empty and contained no existing chats or projects, making it unclear what the goal of the attack was.

Push Security believes the attackers’ objective is to convince employees to use the ChatGPT workspace as if it were a legitimate corporate platform, which would then allow the attackers to collect any sensitive information that was submitted.

“An attacker who just wants to spray scam content through a trusted email channel doesn’t name the organization after their target, research individual employees, or attach a credit card,” wrote Push.

“That investment only pays off if employees actually join the organization and start using it. And on an AI platform, the data people put into prompts can be extraordinarily sensitive — source code, internal documents, customer data, security research, strategic plans.”

The company also believes that attaching a payment method removes another potential warning sign, allowing invited users to use premium features without questioning whether the organization is legitimate.

Push Security says the campaign reflects a broader trend of attackers abusing legitimate invitation and notification features built into SaaS platforms.

Unlike normal phishing campaigns, these invitations originate from the platform’s own infrastructure, and because they are legitimate, they are more likely to bypass email security controls.

To reduce the risk of these types of attacks, Push recommends training employees to verify unexpected organization invitations and monitoring SaaS organization memberships.

BleepingComputer contacted OpenAI to ask whether it has received additional reports of similar campaigns, what protections organizations can use against these attacks, and whether it plans to introduce additional safeguards to prevent attackers from creating organizations impersonating legitimate companies. We will update this article if we receive a response.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

what-to-expect-at-the-next-samsung-galaxy-unpacked

A wider Galaxy Z Fold 8

Sam Rutherford for Engadget

Galaxy Z Fold 8 Ultra

Sam Rutherford for Engadget

Galaxy Z Flip 8

Mat Smith for Engadget

Galaxy Watch 9 and Watch Ultra 2

Amy Skorheim for Engadget

Android XR glasses

Google

Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform’s frontend following a breach at a third-party vendor.

The company states in a brief announcement that the hack was the result of a supply-chain attack that impacted a dependency on its website.

Polymarket is one of the world’s largest cryptocurrency-based prediction markets that allows users to trade contracts with prices that reflect the market’s collective estimate of an event’s outcome.

It offers predictions for sports, economic indicators, weather patterns, awards, political and legislative outcomes, and even military conflicts.

Founded in 2020, the platform is currently valued at $9 billion, handles billions of dollars in trading volume, and serves as an influential source of information on market expectations.

During the attack, unsuspecting users were tricked into approving fraudulent transactions on the official Polymarket website after malicious JavaScript was injected through a frontend vendor.

Polymarket’s own servers and backend infrastructure were not impacted by the incident.

The company did not share many details about the event, but independent blockchain intelligence firms estimate the losses at roughly $3 million, stolen from a small number of accounts.

According to blockchain security firm PeckShield, the incident was a phishing campaign that stole approximately $3 million worth of ParyonUSD from users. The stolen funds were later swapped for 1,893 Ether.

“The attacker bridged the stolen funds from #Polygon to #Ethereum and swapped them into ~1,893 $ETH,” PeckShield says.

Based on visual analytics company Bubblemaps, the incident has impacted less than 15 accounts. The company published a list of some of the affected accounts as well as the wallets holding the stolen funds.

BleepingComputer has contacted Polymarket to request more details about the incident, but we have not received a response by publication time.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

security

Researchers warn many AI coding assistants now execute commands from project configurations

A high-severity flaw in Amazon’s AI coding assistant for Visual Studio Code meant that opening the wrong Git repository could allow an attacker to execute code on a developer’s machine and potentially hand them the keys to the dev’s cloud environment.

The bug, tracked as CVE-2026-12957 and assigned a CVSS 4.0 score of 8.5, centers on how Amazon Q handled Model Context Protocol (MCP) server configurations. Wiz found the extension would automatically load a repository’s .amazonq/mcp.json file and execute the commands it contained when a developer opened the project and activated Amazon Q.

“The security model assumes the user explicitly configures these servers. After all, you’re granting an AI assistant permission to run arbitrary commands on your machine. This should require informed consent,” the researchers write. “The vulnerability arose when this assumption was violated: Amazon Q automatically loaded MCP configurations from .amazonq/mcp.json within the workspace – no prompt, no consent, no workspace trust check.”

MCP lets AI assistants launch local processes to carry out tasks. In Amazon Q’s case, those processes inherited the developer’s environment, giving them access to AWS credentials, API keys, authentication tokens, SSH agent sockets, and other secrets already loaded into the session.

“The combination meant that a single malicious config file could execute arbitrary commands with full access to the developer’s credentials – no user interaction required beyond opening the folder and activating Amazon Q,” Wiz said.

To prove the attack worked, Wiz built a repository with a malicious MCP configuration. Opening the project and activating Amazon Q caused the extension to execute a command against AWS using the developer’s existing credentials.

Amazon fixed the bug in version 1.65.0 of its language server, which powers Amazon Q’s IDE integrations. Existing installations should receive the patched component automatically unless you’ve blocked automatic updates.

“We would like to thank Wiz for collaborating with us on this issue. We have remediated this issue in language server version 1.65.0,” Amazon said in an advisory, though it didn’t respond to The Register’s questions. 

Wiz argues the bug is less an Amazon problem than an industry one. More and more AI coding assistants are adopting MCP to connect models to local tools and services, allowing them to execute commands on developers’ machines. 

According to the researchers, similar workspace configuration flaws have recently surfaced in other AI coding tools. It suggests attackers have found a new place to lurk: the hidden files that developers rarely think twice about trusting. ®

Nvidia has dominated the AI chip market for years, but the era of total dependence might be ending.  

OpenAI just shared its plans to spice things up with Jalapeño, its custom inference chip built with Broadcom, joining Google, Apple, and SpaceX in a growing list of companies building their way out of single-supplier risk. The goal is less of a clean break and more of a hedge. Custom silicon means more control, hardware tuned to specific needs, and the kind of performance gains Apple unlocked when it ditched Intel. 

On this episode of TechCrunch’s Equity podcast, hosts Kirsten Korosec, Anthony Ha, and Sean O’Kane dig into what the custom chip trend means for the industry and a few deals of the week worth watching. 

Subscribe to Equity on YouTube, Apple Podcasts, Overcast, Spotify and all the casts. You also can follow Equity on X and Threads, at @EquityPod. 

This will impact Home Assistant users and those who rely on similar third-party tools.