Top Stories
OpenAI Walks Away from Stargate Norway, Microsoft Takes the Racks
OpenAI has abandoned plans to lease compute directly from Nscale’s Narvik data center inside the Arctic Circle, and Microsoft has stepped in to absorb the capacity. Bloomberg first reported the handoff late Tuesday; CNBC and Computerworld confirmed it Wednesday. Microsoft will rent roughly 30,000 additional Nvidia Vera Rubin GPUs from Nscale at the site, while OpenAI says it will access that same compute indirectly through its previously announced $250 billion Azure contract.
The switch matters because OpenAI had described itself as the “initial offtaker” for the Narvik facility and had intended to take about half of its capacity. It is also the second Stargate data center deal OpenAI has quietly stepped away from in the last week, after halting its U.K. Stargate project citing energy costs and regulatory friction. Sam Altman has spent the quarter walking back some of the company’s most aggressive infrastructure rhetoric as a potential IPO approaches and investors push back on an $852 billion valuation.
The pattern is straightforward once the choreography is stripped away: OpenAI is consolidating its compute purchasing through Microsoft rather than building out direct relationships with neocloud providers. For Nscale, the swap preserves the revenue; for OpenAI, it preserves cash; for Microsoft, it locks in another gigawatt-class site in Europe. The companies without a $250 billion committed contract to fall back on — everyone other than OpenAI — should take note of what the funding backdrop looks like when the frontier labs start triaging their own build plans.
Sources: CNBC, Bloomberg, Computerworld, Digitimes
Flowise Maximum-Severity RCE Goes From Disclosure to Mass Exploitation
CVE-2025-59528, a CVSS 10.0 remote code execution bug in the popular open-source Flowise AI agent builder, is now being actively exploited in the wild. The flaw lives in the platform’s CustomMCP node, which passes user-supplied mcpServerConfig strings directly into JavaScript’s Function() constructor — functionally identical to eval() — with no validation. Any attacker who can reach a Flowise instance can execute arbitrary Node.js code, including shelling out via child_process, reading or writing files via fs, or opening arbitrary network connections.
VulnCheck reports that exploitation is currently traced to a single Starlink IP address, with 12,000 to 15,000 internet-exposed instances online. The vulnerability was publicly disclosed by FlowiseAI in September 2025, but most operators clearly never patched. Affected versions are 2.2.7-patch.1 through 3.0.5; fixes landed in 3.0.6, and users should move to 3.1.1 immediately.
This is the kind of incident the Model Context Protocol ecosystem keeps quietly teeing up: an “AI agent” is really a thin wrapper around tool-invocation plumbing, and every new MCP surface is a new way to pipe attacker-controlled data into a code path that was never meant to run user-supplied logic. If you host a Flowise instance on anything reachable from the public internet, treat this as an incident response, not a patch cycle.
Sources: The Hacker News, Security Affairs, BleepingComputer
IBM Launches Autonomous Security to Fight Agentic Attacks With Agents
IBM announced two new products Wednesday aimed at the same problem the Flowise incident exposes: attackers using frontier AI to accelerate every phase of the intrusion kill chain. The first is a consulting assessment — delivered by IBM Consulting with partner integrations — that scores an enterprise’s readiness for agentic threats and produces prioritized mitigation guidance, including interim safeguards for gaps that have no software fix yet. The second, IBM Autonomous Security, is a multi-agent service that coordinates vendor-agnostic “digital workers” across an organization’s existing security stack to detect anomalies, enforce policy, and contain threats at machine speed.
IBM’s framing — attackers weaponizing frontier models means defenders need agents of their own — echoes last week’s positioning from OpenAI around its GPT-5.4-Cyber release and Anthropic’s gated Claude Mythos Preview. The pattern is that every major vendor is now betting the answer to offensive AI is defensive AI, rather than restricting the offensive models in the first place. Whether that bet pays off for enterprises — or just creates a new vendor tier to pay — is the open question.
Source: IBM Newsroom
Quick Hits
- Avid and Google Cloud launched an agentic AI partnership embedding Gemini and Vertex AI directly into Avid’s video production tools, with demos set for NAB Show in Las Vegas April 19-22. Press release.
- Gartner found that organizations with successful AI initiatives invest up to four times more in data and analytics foundations than peers — the infrastructure question, not the model question, is what separates wins from the 72% of I&O AI projects that don’t fully deliver ROI.
- Stellantis announced a strategic collaboration with Microsoft to roll Azure AI into customer-facing experiences across its brands, including an automotive Copilot. Microsoft Source.
- OpenAI shipped updates to its Agents SDK including native sandbox execution, configurable memory, and built-in snapshotting, and expanded ChatGPT Business with Outlook shared-mailbox and shared-calendar actions. Release notes.
- A Nature commentary published this week summarizing the Stanford AI Index finds that the best AI agents still score roughly half as well as PhD-level human specialists on complex multi-step scientific workflows — a useful counterweight to the “AI scientist” marketing cycle. Nature.
Worth Watching
OpenAI’s Stargate retrenchment is starting to look like a pattern rather than a one-off. Norway is the second cancellation in a week; the U.K. was the first. Watch for what happens to the remaining announced sites, and for how Nscale, CoreWeave, and the other neoclouds that priced in direct OpenAI demand reshape their capex plans if Microsoft becomes the de facto intermediary.
On the security side, the Flowise RCE and IBM’s agentic-security launch are pointing at the same reality: agent frameworks are shipping to production with eval-class primitives wrapped in friendly UIs. Expect more disclosures in this category through the spring, particularly around MCP server implementations that accept third-party configuration.