Startup Lightrun has built an observability platform to identify and debug (remediate) code. “Code is becoming cheap but bugs are expensive,” Ilan Peleg, CEO said. That problem, meanwhile, has reached “an inflection point. Developers now can ship more code than ever before,” due to all the automation that is being used, thanks to AI. “But it’s still a very manual process to fix it when things go wrong.” Lightrun’s breakthrough has been to build an observability toolset that can monitor code just as it is in the IDE and understand how it will behave alongside code that is actively in production. Lightrun is then able to automatically make adjustments to the code as it moves into production to continue operating without interruption and crashes. It does this by way of being able to create AI-based simulations to understand that behaviour, and then to fix the code before issues arise. “This is the part where we are unique,” Peleg said. There are a lot of options for how Lightrun might develop, given how close observability sits to other activities in organizations. One of those is building tools more specifically for cybersecurity teams, given the obvious security implications that arise out of bugs. Another is potentially building some of its tooling even closer to the point of code creation, to make finding and fixing possible bugs even more efficient.
OpenAI is rolling out shopping features such as improved product results, visual product details, pricing and reviews, and direct links to “find, compare and buy products” in ChatGPT
OpenAI said that it began rolling out features that make it easier and faster to “find, compare and buy products” in its ChatGPT chatbot. These features include improved product results; visual product details, pricing and reviews; and direct links to buy, according to a post on X. They will be available to Plus, Pro, Free and logged-out users. The rollout of this shopping experience began Monday and will take a few days to complete. “Product results are chosen independently and are not ads,” the post said. The new improvements outlined in other posts on X include the ability to send a WhatsApp message to ChatGPT to get up-to-date answers and live sports scores; the delivery of multiple citations with each response so that users can learn more or verify information; and the use of trending searches and autocomplete suggestions to make search faster.
Stripe is testing cross border API infrastructure for stablecoin payments to support countries with volatile currencies and/or very high cross border payments costs
Stripe’s crypto product team member, Jennifer Lee, announced on X that the company is starting to test its Bridge-based product and invited companies outside the US, UK and EU who want to access dollars. She didn’t mention which stablecoins solutions would be offered initially. Bridge’s APIs support several corporate use cases including cross border transfers, enabling large corporates such as SpaceX’s Starlink to move money around the world, and dollar payouts to staff or others. An important one is enabling clients in countries with volatile currencies to save using dollar stablecoins. Stepping back, Stripe’s appeal for participant companies outside the US, UK and EU is notable. While it’s easy to think that Stripe has a presence worldwide because it sends payments globally, it only offers services to companies in 51 jurisdictions, of which 31 are in Europe, plus the five mainly English-speaking regions of the US, UK, Canada, Australia and New Zealand. Anecdotal evidence has shown that stablecoins appeal most to people in countries with volatile currencies and/or very high cross border payments costs. Quite a few of these countries are not currently served by Stripe. Hence, Stripe’s Bridge integration represents a strategic addition in emerging markets, where stablecoins offer both expanded payment options and access to previously underserved territories with volatile currencies.
ACH’s departure away from file-based transmission protocols (FTP) to Restful APIs allowing ACH transfers to be tracked programmatically, validated in real-time, and reconciled correctly
The ACH network, known as the backbone of the US payments infrastructure, is evolving to become a flexible, programmable, and fraud-aware payment rail. This is to ensure the needs of new business models are met across on-demand payouts, gig economy payments, or instant lending disbursements. The expansion of Same Day ACH and the increase of transaction limits to $1 million, is a substantial shift for digital payments in the US. Agile development and scalable workflows should be prioritised, especially as ACH starts to be used for payments across business models that involve complexities such as split payments, multi-party reconciliation, or recurring bills. ACH will remain the underlying rail, but with enhancements such as support for virtual accounts, automated exception handling, and accurate reconciliation, ubiquity can be bolstered. In line with this, it is important to reiterate that while ACH is not a real-time network, it is to its advantage that it is a key component of the multi-rail engine. ACH will continue to be the backup mechanism when instant payments fail and an option when requiring a cost-effective method for recurring and batch transfers. Taira Hall, head of payments strategy at Citizens, highlighted that the “ACH network’s focus on speed and availability” will be an “evolution catalyst of the payments landscape with the potential to unlocked new use cases for emerging businesses.”
161 professionals successfully pass the inaugural Accredited Faster Payment Professional (AFPP) exam developed as a collaboration between Nacha and the U.S. Faster Payments Council (FPC)
Nacha and the U.S. Faster Payments Council announced that 161 payments professionals successfully passed the inaugural Accredited Faster Payment Professional (AFPP) exam, marking an important milestone in demonstrating expertise and commitment within the faster payments ecosystem. The AFPP accreditation, developed as a collaboration between Nacha and the U.S. Faster Payments Council (FPC), with assistance from Payments Associations and other leading payments industry experts and stakeholders, sets a new standard for professionals dedicated to advancing secure, efficient and innovative faster payments solutions. The exam focuses on a variety of payments rails used across the United States, including Same Day ACH, FedNow, RTP and Push-to-Card Debit Card Networks. This credential demonstrates the growing emphasis on professional education and industry excellence in an era where faster payments are becoming a cornerstone of commerce and economic activity. “Passing this exam is a significant feat, and these individuals have validated their expertise and proven their passion for shaping the future of payments,” said Jane Larimer, President and CEO of Nacha.
Sam’s Club to deploy Mastercard’s personalization tech and data-driven engagement; members can earn Sam’s Cash from relevant card-linked offers with Mastercard
Mastercard teamed with Sam’s Club to power the retailer’s Cash Bonus Offers program. The collaboration employs Mastercard’s personalization technology to help Walmart-owned Sam’s Club better communicate appropriate rewards offers to its members. Marie Elizabeth Aloisi, executive vice president for U.S. market development at Mastercard, said ”With our advanced personalization technology, businesses can boost retention and revenue, while consumers get more value, more efficiently than ever.” Barb Berg, vice president of membership Sam’s Club, the program is “a perfect example of how we can expand our data-driven consumer engagement to provide relevant and valuable offers that benefit our members.” The partnership is happening as retailers embrace the power of personalization, as Narvar Chief Technology Officer Ram Ravichandran said. Consumers expect sophistication in their retail experiences, from intuitive chatbots to smart product recommendations to seamless support, Ravichandran said. By providing relevant content, tailored promotions and timely support, businesses can deepen customer trust while building a foundation for sustainable growth.
New open-source, interoperability protocol LOKA assigns agents a unique and verifiable identity enabling them to communicate with other agents and operate autonomously across different systems
A group of researchers from Carnegie Mellon University proposed a new interoperability protocol governing autonomous AI agents’ identity, accountability and ethics. Layered Orchestration for Knowledgeful Agents, or LOKA, could join other proposed standards like Google’s Agent2Agent (A2A) and Model Context Protocol (MCP) from Anthropic. The open-source LOKA, which would enable agents to prove their identity, “exchange semantically rich, ethically annotated messages,” add accountability, and establish ethical governance throughout the agent’s decision-making process. LOKA builds on what the researchers refer to as a Universal Agent Identity Layer, a framework that assigns agents a unique and verifiable identity. The researchers said LOKA stands out because it establishes crucial information for agents to communicate with other agents and operate autonomously across different systems. LOKA could be helpful for enterprises to ensure the safety of agents they deploy in the world and provide a traceable way to understand how the agent made decisions. A fear many enterprises have is that an agent will tap into another system or access private data and make a mistake. LOKA will have to compete with other agentic protocols and standards that are now emerging. Protocols like MCP and A2A have found a large audience, not just because of the technical solutions they provide, but because these projects are backed by organizations people know. Anthropic started MCP, while Google backs A2A, and both protocols have gathered many companies open to use — and improve — these standards.
Abnormal AI converts real phishing attacks blocked by its security platform into tailored simulations for each employee; and uses real-time behavioral threat data to instantly deliver coaching modules
Abnormal AI is introducing autonomous AI agents that revolutionize how organizations train employees and report on risk, while also evolving its email security capabilities to continue to stop the world’s most advanced email attacks. The launch of AI Phishing Coach allows organizations to replace ineffective, generic training with a personalized, autonomous AI platform. By converting real attacks blocked by Abnormal into tailored simulations for each user, it delivers instant coaching modules when users click—no more canned videos or impersonalized courses. For company-wide training, AI-generated videos are created on-demand, branded, and customized to each organization’s threat landscape. AI Phishing Coach uses real-time behavioral threat data to deliver hyper-relevant training experiences. Because it’s powered by Abnormal’s behavioral AI engine, it learns from each organization’s threat environment and adapts training dynamically—providing proactive education before attacks succeed. Abnormal is also launching AI Data Analyst to turn complex security data into instantly usable intelligence—providing admins with better reporting tools and saving teams dozens of hours in manual data aggregation. AI Data Analyst acts as an intelligent agent that proactively delivers reports directly to customers, highlighting the value Abnormal is bringing to their organization. Customers can then interact with the agent to ask follow-up questions, explore specific data points, or request customized board decks—complete with interactive slides and plain-language insights—tailored to showcase the impact of Abnormal AI on their security posture. Abnormal is rolling out three no-cost upgrades to Inbound Email Security, now available to all customers: 1) Quarantine Release: Consolidates Microsoft-quarantined emails into the Abnormal platform for streamlined triage and faster response; 2) URL Rewriting: Adds user-facing warnings and click tracking for suspicious links, improving protection without disrupting the email experience. 3) Enterprise Remediation Settings: Allows administrators to tailor remediation actions based on threat type and business context.
Bugcrowd’s crowdsourced red teaming as a service RTaaS connects customers with a global network of vetted, trusted ethical hackers tailored to needs, budgets and organizational maturity
Bugcrowd the first-ever offering to apply the scale, agility, and incentive-driven power of crowdsourcing to red teaming. This new service connects customers with a global network of vetted ethical hackers for a variety of red team engagements—fully managed through the Bugcrowd Platform. This release sets a new benchmark in the red team services market, enabling organizations to test their security environments with the highest level of confidence. By tapping into a global pool of experts using the latest adversarial tactics, techniques, and procedures (TTPs), customers gain unparalleled insight into how real-world attackers would attempt to breach their defenses. Available on the Bugcrowd Platform, RTaaS works seamlessly alongside offerings such as Penetration Testing as a Service, Managed Bug Bounty, and Vulnerability Disclosure Programs. Bugcrowd customers can tailor their RTaaS engagements to meet specific needs, budget constraints, and organizational maturity. Through Bugcrowd’s global talent pool of vetted, trusted ethical hackers, customers can secure the exact expertise they need and scale their RTaaS program over time, surpassing competing services on the market. Bugcrowd’s industry-first offensive crowdsourced RTaaS bridges this critical security gap, opening the door for our customers to access high-end capabilities that deliver crucial insights into their defensive posture—continuously,” says Dave Gerry, CEO of Bugcrowd. Key features of RTaaS on the Bugcrowd Platform: Threat intelligence aligned with realistic scenarios; Real-world adversarial tactics; Global pool of specialized operators; Integrated platform and workflows; Scalable and flexible; High return on investment
Minimus platform reduces cloud software vulnerabilities by building container images directly from upstream project sources and including only the essential components needed to run applications
Application security startup Minimus has raised $51 million in an exceptionally large seed round to support the rollout of its platform, which claims to eliminate 95% of software supply chain vulnerabilities. Minimus offers a solution that is said to radically reduce cloud software vulnerabilities. The company’s platform transforms application security by breaking free from the cycle of detection, triage and remediation, allowing chief information security officers and developers to entirely avoid nearly all vulnerabilities. Minimus offers secure, minimal container images and virtual machines that seamlessly replace existing artifacts anywhere in the development workflow. Requiring only a single change to deployment configurations, the Minimus platform can help organizations realize an immediate decrease in vulnerability exposure, vastly accelerating remaining remediation efforts. Under the hood, Minimus builds images directly from upstream project sources, including only the essential components needed to run applications. The methodology reduces the attack surface, providing a lightweight, secure alternative to traditional development artifacts that doesn’t disrupt existing workflows or tools. The platform also integrates real-time threat intelligence to give developers and security teams insights into active exploits and vulnerability metrics, including Exploit Prediction Scoring System metrics and Cybersecurity and Infrastructure Security Agency Known Exploited Vulnerabilities. Doing so allows teams to focus their efforts on the small fraction of remaining risks, streamlining prioritization and significantly improving operational efficiency.