HN treated “AI cybersecurity is not proof of work” as a serious argument about search, model capability, and security asymmetry. The thread pushed past hype into a harder question: when an LLM flags a bug, did it understand the exploit path or just sample a suspicious pattern?
HN cared less about a clean open-versus-closed slogan than about what happens when AI makes vulnerability discovery cheaper for everyone. The Strix post argued that closing source does not remove the attack surface, while the thread split over noisy AI reports, SaaS economics, and whether obscurity can still raise attacker costs.
Cloudflare made AI Security for Apps generally available on March 11, 2026 and opened AI endpoint discovery to all customers, including Free, Pro, and Business plans. The launch adds custom topic detection and folds AI-specific controls into the company’s existing reverse-proxy and WAF stack.
Anthropic said on February 23, 2026 that DeepSeek, Moonshot AI, and MiniMax carried out industrial-scale distillation attacks against Claude. The company framed model-output extraction as a security and platform integrity problem, not just a competitive concern.
GitHub said on April 1, 2026 that Agentic Workflows are built around isolation, constrained outputs, and comprehensive logging. The linked GitHub blog describes dedicated containers, firewalled egress, buffered safe outputs, and trust-boundary logging designed to let teams run coding agents more safely in GitHub Actions.
Perplexity said on March 31, 2026 that it is launching the Secure Intelligence Institute to study the security, trustworthiness, and practical defense of frontier AI systems. The institute page says the work draws on Perplexity’s experience serving millions of users and thousands of enterprises, is led by Purdue professor Ninghui Li, and already highlights research such as BrowseSafe and a NIST-focused paper on securing AI agents.
OpenAI announced plans to acquire Promptfoo on March 9, 2026. The company says Promptfoo’s security testing and evaluation technology will be integrated into OpenAI Frontier so enterprises can test and document risks such as prompt injection, jailbreaks, data leaks, and tool misuse earlier in the development cycle.
On March 11, 2026, Cloudflare announced the general availability of AI Security for Apps. It also made AI endpoint discovery free for Free, Pro, and Business customers, while adding custom-topics detection and integrations involving IBM and Wiz.
On March 9, 2026, OpenAI said it plans to acquire Promptfoo and integrate its AI security tooling into OpenAI Frontier. The move pushes security testing, red-teaming, and governance closer to the default workflow for enterprise agents.
A Hacker News thread drew attention to CodeWall's March 9 disclosure on McKinsey's Lilli platform, where an autonomous agent reportedly chained unauthenticated endpoints, SQL injection, and prompt-layer access into full production-database compromise.
Cloudflare said on March 11, 2026 that AI Security for Apps is now generally available. The company also made AI endpoint discovery free across Free, Pro, and Business plans while adding custom topic detection and expanded policy controls.
Google said on March 11, 2026 that it has closed its acquisition of Wiz. Wiz will join Google Cloud, but Google says the platform will continue working across major cloud providers, including AWS, Azure, and Oracle Cloud.