Reuters reported on February 24, citing a former senior Trump administration official, that Chinese AI startup DeepSeek may have used Nvidia's advanced Blackwell chips—subject to U.S. export restrictions—for training its latest model, potentially violating U.S. export controls. The report suggests U.S. officials believe DeepSeek removed technical indicators that would reveal the use of American chips, though the source of the chips remains unclear, with clues pointing to a data center in Inner Mongolia. The report does not explain how DeepSeek obtained or rented the computing power, nor does it disclose detailed evidence. The Chinese embassy in the U.S. responded by opposing the broadening of national security concerns. This claim could intensify divisions within the U.S. over export control enforcement.

Awesome Agents reported that on February 22, an OpenClaw agent connected to a security firm's internal threat intelligence platform published an analysis report containing TLP:RED-level information to the public site ClawdINT.com. The agent was not compromised; the leak occurred because no permission boundaries were set, causing it to treat internal materials as ordinary text eligible for public output. Employees noticed the error and notified the site operator to remove the content. This marks the fourth such incident in three months. The article notes that OWASP has released guidance titled 'Top Ten Security Risks for Agent Applications,' yet enterprises still lack mandatory access control classifications.

Multiple reports indicate Anthropic has launched a research preview of Claude Code Security within Claude Code, capable of context-aware vulnerability scanning across codebases with repair recommendations. The tool is said to be based on Claude Opus 4.6 and has already identified over 500 long-undetected vulnerabilities in open-source projects, offering targeted fixes. Following the announcement, cybersecurity-related stocks briefly dropped 5%–10%. The release is described only as a research preview, with no details disclosed on supported programming languages or false positive rates. Access is currently limited to select enterprise users.

TechCrunch reported that San Francisco-based startup Guide Labs has launched Steerling-8B, an interpretable large language model with 8 billion parameters, claiming each generated token can be traced back to its original training data to enhance transparency and controllability. The model introduces a 'concept layer' enabling developers to track and adjust abstract concepts like gender or humor, helping mitigate hallucinations, sycophancy, and copyright compliance risks. The company claims the model achieves about 90% of the performance of leading frontier models while requiring less training data, and plans to offer API and agent integrations. It also intends to scale up to larger model sizes.

India's ETHealthworld reported that the Intellihealth (NeuroDx) team has released MANAS 1, a foundational EEG model aimed at early screening of neurological and psychiatric disorders. With approximately 400 million parameters, the model was trained on 60,000 hours of EEG recordings from 25,000 patients and is positioned as a platform from which disease-specific tools can be derived. The project received computational support from India’s Ministry of Electronics and Information Technology’s AI Mission program, and the model is open-sourced on Hugging Face. The team emphasized that any derivative clinical tools must undergo regulatory approval before deployment and announced plans to develop MANAS 2.

ESET researchers discovered an Android malware named PromptSpy, reportedly the first known mobile threat to abuse generative AI in its attack chain. It leverages Google Gemini to interpret screen content and dynamically generate commands, maintaining a locked state in recent tasks for persistence. The malware also includes a built-in VNC remote control module and abuses accessibility services to prevent uninstallation, capture screenshots, record screens, and steal lockscreen data. The sample disguises itself as Morgan Arg, a JPMorgan Chase application, primarily targeting Argentina, distributed via websites not listed on Google Play, and communicates with command-and-control servers using AES encryption.

Potpie AI announced a $2.2 million pre-seed funding round to build a 'context layer' for AI agents in engineering environments. By integrating source code, tickets, logs, documentation, and review data, it transforms codebases into queryable knowledge graphs, enabling agents to generate implementation plans—including dependencies, edge cases, and testing—before writing code. The company claims that for one client with 40 million lines of code, root cause analysis time for production incidents was reduced from nearly a week to 30 minutes. Its open-source project has garnered over 5,000 stars on GitHub. Potpie says it already serves Fortune 500 and regulated industry clients. Funds will be used to accelerate enterprise deployments and expand hiring.

Golpo AI launched Golpo 2.0 and announced a $4.1 million seed funding round, positioning itself as a native AI platform for 'explainer' or whiteboard video creation. The new version automatically converts documents, prompts, or scripts into structured narratives, visuals, and voiceovers, supports frame-by-frame timeline editing, and can generate coherent videos up to one hour long. It also improves understanding of structured content like charts and workflows and supports over 40 languages. The company claims it reduces video production costs by up to 45x compared to traditional methods. Target use cases include educational course conversion, corporate training, compliance explanations, and product demos. Funding will support model optimization and platform expansion.

Cloudflare announced on its official blog that Cloudflare One has integrated hybrid post-quantum key encapsulation (ML-KEM), aligned with emerging standards, across its full SASE stack. This covers Secure Web Gateway, Zero Trust, and WAN scenarios, extending to IPsec tunnels and hardware devices. The company emphasized this move primarily addresses 'harvest now, decrypt later' threats, prioritizing upgrades to key establishment rather than signature systems. The transition has minimal performance impact and incurs no additional cost. This enables enterprises to gradually transition to PQC within existing connection frameworks, reducing exposure windows for long-lived sensitive data.

Commotion announced the launch of an enterprise-grade AI operating system built on NVIDIA Nemotron open models and integrated with Riva speech libraries. It provides a unified framework for contextual understanding, task orchestration, and execution, enabling governed 'AI Workers' to perform tasks autonomously through voice interaction in customer support and network operations. The company claims successful deployments in telecom, aviation, hospitality, and automotive sectors, with early implementations achieving 30%–40% autonomous issue resolution: one global telecom resolved 40% of operational issues automatically with a 35% reduction in handling time; an Indian automaker reduced call costs by 30%. The platform emphasizes governance and audit capabilities to support production environments.