Snowflake Inc. said that it’s buying a database startup called Crunchy Data Solutions Inc. in a $250 million deal that’s expected to close imminently, bolstering its agentic AI capabilities. The startup has developed a cloud-based database platform that makes it simple for businesses and government agencies to use PostgreSQL without having to manage the underlying infrastructure. Executive Vice President of Product Christian Kleinerman and Crunchy Data founder and Chief Executive Paul Laurence explained that the upcoming Snowflake Postgres platform will “simplify how developers build, deploy and scale agents and apps.” They were referring to AI agents, which are widely expected to become the next big thing after generative AI, taking actions on behalf of humans to automate complex work with minimal human supervision. When it launches as a technology preview in the coming weeks, Snowflake Postgres will be an enterprise-grade PostgreSQL offering that will give developers the full power and flexibility found in the original, open-source Postgres database, together with the superior operational standards, governance, security and flexibility of Snowflake’s cloud data warehouse. According to Snowflake, it will help developers to speed up the development of new AI agents and simplify the way they access data. “Access to a PostgreSQL database directly within Snowflake has the potential to be incredibly impactful for our team and our customers, as it would allow us to securely deploy our Snowflake Native App, LandingLens, into our customers’ account,” said Dan Maloney, CEO of Snowflake customer LandingAI Inc. “This integration is a key building block in making it simpler to build, deploy and run AI applications directly on the Snowflake platform.” The advantage of having a PostgreSQL offering is that it is flexible enough to be the underlying database for AI agents that leverage data from their respective cloud platforms.
New community program tackles the cliff effect’ of sudden loss of public benefits when income rises; offers monthly bridge payment, support networks and personalized coaching
Springfield WORKS and United Way Pioneer Valley will host a celebration for the Bridge to Prosperity Cliff Effect Pilot Program launch. A community initiative of the Western Massachusetts Economic Development Council, this pilot program is designed to tackle the “cliff effect,” which occurs when families experience a sudden loss of public benefits when their income rises, often leaving them financially worse off despite earning more. The initiative is crafted in collaboration with the Food Bank of Western Massachusetts. In the pilot program, participants benefit from personalized coaching to help navigate finances, employment, and career growth, and receive connections to additional support in the community as needed. Each participant receives a monthly bridge payment based upon their estimated cliff effect impact, with an additional $10,000 asset-building payment at the end of the program. These payments are designed to stabilize families and will help mitigate potential losses in benefits while they work toward moving up the career ladder and achieving lasting economic security. Our pilot launched in February with 18 participants, seven here in Springfield, and we’re already making a difference,” said Kristen Joyce, Bridge to Prosperity program director. “Bridge payments helped one family stabilize their housing and another purchase food when their SNAP ended. Another participant was able to start training to become a nurse after years of only dreaming of it.” The program is aiming to serve up to 100 families in 2025.
CrowdStrike and Microsoft partner to create a shared mapping system for cyber threat intelligence that links adversary identifiers across vendor ecosystems without mandating a single naming standard
CrowdStrike Holdings and Microsoft have announced a strategic collaboration to address confusion in identifying and tracking cyberthreat actors across security platforms. The partnership aims to create a shared mapping system that aligns adversary attribution across both companies’ threat intelligence ecosystems, eliminating ambiguity caused by inconsistent naming. The “Rosetta Stone” for cyber threat intelligence links adversary identifiers across vendor ecosystems without mandating a single naming standard. This enables defenders to make faster, more confident decisions, correlate threat intelligence across sources, and better disrupt threat actor activity before it causes harm. The collaboration will start with a shared analyst-led effort to harmonize adversary naming between CrowdStrike and Microsoft’s threat research teams. Microsoft and CrowdStrike aim to continue working together to expand this effort and maintain a shared threat actor mapping resource for the global cybersecurity community.
New malware campaign exploits Open WebUI plugin system used for making enhancements to large LLMs, to deploy AI-generated payloads targeting both Linux and Windows systems
A new report from cloud-native application security firm Sysdig Inc. details one of the first instances of a LLM being weaponized in an active malware campaign. Discovered by Sysdig’s Threat Research Team, the malware campaign involved exploiting misconfigured instances of Open WebUI, a widely used self-hosted artificial intelligence interface, to deploy malicious, AI-generated payloads targeting both Linux and Windows systems. The attack began when a training system using Open WebUI deployed by one of Sysdig’s customers was mistakenly exposed to the internet with administrative privileges and no authentication. The exposure to the internet allowed anyone to execute commands on the system, dangerous mistake attackers are well aware of and actively scanning for. Open WebUI, which has more than 95,000 stars on GitHub, allows extensible enhancements for large LLMs via custom Python scripts. The attacker exploited the feature by uploading a malicious, obfuscated Python script through Open WebUI’s plugin system. The system’s internet exposure and lack of safeguards provided an easy entry point for the attacker to execute commands and deploy further malicious payloads. The uploaded Python script was obfuscated using PyObfuscator and also contained a distinctive style indicative of AI-generated code. The script, which underwent multiple decoding layers, downloaded and executed crypto miners targeting Monero and Ravencoin networks, while establishing persistence via a systemd service masquerading as “ptorch_updater.” Notably, the use of inline format string variables, a common feature in AI-generated code, was prevalent throughout the malicious script. Sysdig’s researchers confirmed that parts of the code were likely AI-generated or heavily AI-assisted, a trend that could signify a shift towards the rapid development of malware using generative AI tools. The good news, as much as there can be in malware cases, Sysdig’s runtime threat detection was able to identify the threat in real time. Using a combination of YARA rules, behavioral detections and threat intelligence, Sysdig detected the suspicious activity, including unauthorized code compilation, domain lookups, and the use of known miner communication protocols.
Banks are driving uptick in corporate API adoption for treasury and cash management by collaborating with ERP/TMS providers and middleware providers supporting ISO 20022
One of the main obstacles to broader API adoption in corporate treasury has been the legacy design of treasury management systems, which were not originally built with APIs in mind. Corporates that have realised tangible business value through APIs have typically supported their implementation with robust IT strategies – upgrading accounting and reconciliation systems to be API-enabled, for example. JPMorgan Payments has been collaborating with ERP and TMS providers to integrate APIs that are essential for treasury and cash management operations. It integrates into SAP’s platform through its multi-bank connector functionality and has also integrated Kinexys Digital Payments within Kyriba Connector, allowing treasurers to facilitate and operate cross-border and real-time payments, and blockchain deposit accounts.The bank’s APIs offer near real-time reporting of cash balances and account transactions, and it has integrations with Trovata, which enable Trovata users to manage multiple bank accounts across institutions in one platform. API adoption also hinges on middleware providers, which act as intermediaries between ERP/TMS systems and end-users. These providers are evolving to support API connectivity alongside traditional file-based and Swift messaging methods. In addition to ERP and TMSs adapting, success also depends on middleware providers stepping up. These providers, which act as the bridge between TMS/ERP systems and end-customers, are gearing up to support API connectivity alongside traditional methods such as file transfers and Swift messaging. Carl Slabicki, co-head of global payments for BNY’s treasury services, points to a notable uptick in API adoption among corporate clients.
Nearly half of Mastercard’s online transactions in Europe are now tokenized encompassing methods like Secure Card on File (SCOF), Click to Pay and digital wallets growing one-third in the past year
Mastercard said that nearly half of all its online transactions in Europe are now tokenized. The payment giant unveiled the milestone exactly one year after outlining its plan to phase out manual card entry and achieve 100% tokenization by 2030. The process lets consumers avoid exposing their sensitive account details, preventing a fraudster from using your credit card for nefarious purposes. Mastercard said that tokenized transactions in Europe, encompassing methods like Secure Card on File (SCOF), Click to Pay and digital wallets, have seen a one-third increase in the past year. The company’s strategy of driving the adoption of safer transactions is gaining ground as growing numbers of eCommerce marketplaces, food delivery services and financial institutions across the continent embrace new standards and solutions. A major component of this growth is merchant tokenization, specifically known as Secure Card on File (SCOF). By replacing static card numbers stored by merchants with dynamic, merchant-specific tokens, SCOF helps to reduce fraud and improve approval rates. The result: Enhanced security for shoppers and fewer fraud-related losses for businesses. Another tokenization method, Click to Pay, is also playing a crucial role in simplifying the online checkout experience. This service, now used in 26 European markets, allows consumers to make purchases online without manually entering their card details each time, often using pre-saved, tokenized credentials. Mastercard said that consumer signups for Click to Pay have more than doubled over the past year.
OpenAI plans to turn ChatGPT into a “super-assistant” that is personalized to each user and available to them via the chatbot’s website, the company’s native apps, phone, email and third-party platforms
OpenAI reportedly plans to turn ChatGPT into a “super-assistant” that is personalized to each user and available to them via the chatbot’s website, the company’s native apps, phone, email and third-party resources like Apple’s Siri. The plan is described in an OpenAI internal document from late 2024 that came to light in the Department of Justice’s antitrust case against Google. The super-assistant will be able to handle tedious daily tasks like answering questions and managing calendars, and more complicated ones like coding. It will be, the document said: “One that knows you, understands what you care about, and helps with any task that a smart, trustworthy, emotionally intelligent person with a computer could do.” OpenAI has announced several updates over the last month that suggest the company aims to expand the capabilities of its artificial intelligence tools. Chief Operating Officer, Brad Lightcap said that OpenAI wants to build an “ambient computer layer” that doesn’t require users to look at a screen.
Veris AI’s platform allows developers to train and test AI agents using dynamic, realistic, high-fidelity simulated experiences rather than prompt engineering and human-generated data to enable deploying more accurate agents
Veris AI, a platform that lets companies safely train and test AI agents through novel high-fidelity simulated experiences, emerged from stealth and has raised $8.5M in seed funding. Veris allows developers to train agents using experience rather than prompt engineering and human-generated data. Veris’ dynamic, realistic, simulated environments gives enterprises a safe space for reinforcement learning and continuous improvement, ultimately helping them deploy and scale more accurate AI agents. Mehdi Jamei, CEO and co-founder of Veris said, ”We are building Veris to unlock the potential of agentic AI for enterprises – both by solving existing problems and improving the speed and quality in which new agents can come into production.”
HSBC UK Private Banking adopts Addepar’s client reporting platform to enable offering holistic view of clients’ wealth through aggregated performance across their entire investment portfolio including investments held with other wealth managers
HSBC UK Private Banking is the first major UK bank to adopt Addepar’ software platform designed specifically for wealth managers. The Addepar platform provides an enhanced client reporting experience, with complex aspects such as alternatives and account aggregation. Relationship managers and investment advisers can provide clients with bespoke, comprehensive performance data and insights on their investments with just a few clicks. Additionally, the platform can also aggregate performance for clients who hold investments with other wealth managers, meaning clients can see a full picture of their entire investment portfolio. Charles Boulton, Head of Private Banking, HSBC UK, said: “Addepar’s platform will mean that clients have the best possible insights at their fingertips to manage an increasingly complex financial landscape. Being able to present a client’s entire portfolio to them so they have a holistic view of their wealth across multiple currencies and multiple wealth managers will be a big step forward for us.” James Thomson, Head of Investment Counselling, HSBC UK Private Banking, said: Our new reporting capabilities will mean our investment advisors can deliver deeper insights and greater transparency to our clients in a more efficient way, meaning they can spend more time on what matters most: providing our clients with high quality advice supported by robust analytics.”
OatFi building a credit network to address the opposing cash flow conundrum in B2B payments by embedding its underwriting, origination, and funding capabilities directly into the platforms within their AP, AR, and commercial charge card workflows
Fintech infrastructure startup OatFi has raised $24 million in Series A funding to build a credit network for business-to-business payments. In traditional B2B transactions, buyers and suppliers often operate on opposing cash flow incentives. Suppliers seek fast post-delivery payments to recover working capital, while buyers look to delay payments to preserve operating cash and liquidity. By embedding its underwriting, origination, and funding capabilities directly into B2B payment platforms within their AP, AR, and commercial charge card workflows, OatFi’s APIs enable platforms to facilitate B2B transactions with built-in financing at the point where it’s needed most. “B2B payments are not just a money movement challenge—they’re a data and workflow challenge,” says Michael Barbosa, CEO, OatFi. “That’s why we’ve focused on deep API integrations that offer working capital solutions within the platforms that businesses already rely on to pay and get paid.”