OpenAI is taking significant steps regarding account security.

On Thursday, the firm introduced Advanced Account Security (AAS), a collection of voluntary safeguards for ChatGPT users aimed at high-profile individuals — but accessible to anyone who desires them.

As part of this initiative, the digital security firm Yubico shared that it has collaborated with OpenAI to associate two new security key products with ChatGPT accounts. The partnership is intended to shield users from the dangers of phishing, which poses an increasing risk for those using chatbots.

The two organizations are rolling out a pair of “co-branded” YubiKeys — known as the YubiKey C NFC and the YubiKey C Nano.

OpenAI has indicated that AAS is particularly suitable for political activists, journalists, researchers, and elected representatives — individuals involved in political and perilous endeavors. It would seem logical for enterprise users as well, whose sensitive information is stored in ChatGPT sessions.

“Ultimately, our goal is to significantly diminish the likelihood of unauthorized access to confidential information in OpenAI accounts globally,” stated Yubico CEO Jerrod Chong in a press statement regarding the agreement.

Security keys are compact pieces of hardware that can be linked to digital accounts and utilized via a computer’s USB ports. A distinctive cryptographic identifier resides on the key, enabling only the holder to log into a connected account.

While the threat of hacked ChatGPT accounts may appear somewhat theoretical, an increasing number of reports demonstrate that malicious actors are increasingly aiming at chatbot users. Cybercriminals are constantly searching for valuable information to exploit, and given the personal nature of many chatbot interactions, there is an abundance of material for both corporate and individual users.

Digital security is gaining more prominence within the AI sector. A few weeks prior, Anthropic unveiled a new cybersecurity model titled Mythos. In an attempt to capture some attention away from its competitor, OpenAI has also made several announcements relating to digital security. The news regarding the Yubico partnership came right after OpenAI revealed it would be launching a fresh framework for digital protection.

Naturally, having a security-key-enabled account does provide enhanced protection, but it does come with a caveat: If the key is misplaced, OpenAI will not be able to assist in restoring access. Practically, this implies that conversations could potentially be irretrievable.

Recently, OpenAI and Anthropic have intensified their opposition against third-party attempts to train new AI models by utilizing their publicly available chatbots and APIs, a procedure referred to as “distillation.”

The discussion has centered on Chinese companies employing distillation to develop open-weight models that rival U.S. alternatives in capabilities, yet are offered at significantly reduced prices. However, it has been commonly believed among tech professionals that American laboratories engage in these practices with one another to maintain a competitive edge.

We now have confirmation that this is indeed the case at least once: During his testimony in a California federal court on Thursday, Elon Musk was queried about whether xAI has applied distillation methods on OpenAI models to enhance Grok, and he indicated it was a common practice within the AI sector. When asked if that implied a “yes,” he replied, “Partly.”

Musk is currently pursuing legal action against OpenAI, CEO Sam Altman, and Greg Brockman, alleging that they have deviated from OpenAI’s original nonprofit mission by converting the organization into a for-profit entity. This trial commenced this week, featuring testimonies from the tech executive.

Musk’s acknowledgment is significant as distillation poses a threat to AI behemoths by eroding the competitive edge they have gained through substantial investments in computing infrastructure. This enables other software developers to produce models that closely match their capabilities at a fraction of the cost. There is a considerable amount of irony present, considering the bending and potential infringement of copyright laws by leading labs in their pursuit of adequate data to train their systems.

It’s not surprising that Musk’s xAI, which launched in 2023, several years after OpenAI, would seek to draw lessons from the former leader in the domain. It remains uncertain whether distillation is explicitly unlawful, but it may contravene the user agreements established by companies for their product utilization.

Reports indicate that OpenAI, Anthropic, and Google have initiated an effort via the Frontier Model Forum to exchange information on how to counteract distillation endeavors from China. These typically consist of systematic probing of models to glean insights into their operations. To thwart such actions, frontier labs are strategizing to prevent users from conducting suspicious bulk queries.

As of press time, OpenAI had not responded to a request for comment regarding Musk’s admission.

Later in his testimony, Musk was questioned about a statement he made last summer, suggesting that xAI would soon surpass all companies except Google. In reply, he assessed the industry’s top AI providers, placing Anthropic in the lead, followed by OpenAI, Google, and Chinese open-source models. He described xAI as a significantly smaller entity with only a few hundred personnel.

Entrepreneurs in the healthcare field cannot simply rush their projects or embrace a trial-and-error approach. The timelines are extended, the risks are greater, and achieving success relies on maneuvering through frameworks that prioritize thoroughness over haste. 

This is precisely the environment Robhy Bustami, co-founder and CEO of BioticsAI, has been navigating. His firm is developing an AI assistant for ultrasound that aids in identifying fetal anomalies, a domain with surprisingly high misdiagnosis rates. Bustami spoke with Isabelle Johannessen on Build Mode to elaborate on how the company has maneuvered through a tightly regulated domain while keeping the team inspired amid numerous bureaucratic hurdles.

BioticsAI started from humble beginnings. The team created an early, operational prototype for less than $100,000, a remarkable achievement in the medical device arena. This initial model helped them secure victory at TechCrunch Startup Battlefield in 2023, enhancing their early exposure and legitimacy. In January, they obtained FDA approval, allowing them to start deploying their product in hospitals and accelerating business growth.

From the outset, the team approached product creation with FDA approval as a key consideration. Rather than building the product first and sorting out regulations afterward, they fused clinical validation, regulatory planning, and product development into one cohesive process. This strategy involved close collaboration with medical professionals, gathering extensive datasets, and conducting structured clinical trials prior to reaching the submission phase.

The FDA approval process is frequently perceived as opaque, yet Bustami highlights that entrepreneurs do not have to traverse it without guidance. Early communication with regulators, via pre-submission discussions, enabled the team to synchronize on study design and expectations. Nonetheless, risk remains a constant concern. For many investors, the fundamental inquiry is straightforward: What if the FDA declines approval?

Internally, these prolonged timelines present a unique challenge: maintaining team motivation when significant milestones are years away. At BioticsAI, this involved cultivating a culture of unity among engineers, clinicians, and researchers, ensuring that everyone could witness the incremental successes occurring.

 “Ensuring that everyone is completely aligned, even if it’s outside of their technical expertise,” Bustami remarked, “constantly acknowledging successes on the R&D front,” from clinical trials to new partnerships in healthcare.

As BioticsAI secures its FDA endorsement, it steps into a new chapter: implementation. The business is commencing the rollout of its technology in hospitals, with ambitions to extend beyond obstetrics into wider areas of reproductive health.

Creating solutions in healthcare is a prolonged endeavor. It demands patience, discipline, and the capacity to function amid uncertainty. For founders willing to embark on this path, the reward transcends mere company success — it is the opportunity to create something that significantly transforms the provision of care.

---

Subscribe to Build Mode on Apple Podcasts, Spotify, or your preferred listening platform. Watch the complete videos on YouTube. Isabelle Johannessen is our host. Build Mode is crafted and edited by Maggie Nye. Morgan Little spearheads Audience Development. A special acknowledgment to the Foundry and Cheddar video teams. 

---

Apply to Startup Battlefield: We are seeking early-stage firms with a minimum viable product. So nominate a founder (or yourself). Be sure to mention that you learned about Startup Battlefield from the Build Mode podcast. Apply here.

TechCrunch Disrupt 2026: We are returning for TechCrunch Disrupt on October 13 to 15 in San Francisco, featuring the Startup Battlefield 200. If you wish to support them or simply network with thousands of founders, venture capitalists, and tech enthusiasts, then secure your tickets.

Use code buildmode15 for 15% off any ticket type. 

On Thursday, Google unveiled its plans to initiate the rollout of Gemini to vehicles featuring Google built-in, representing a major enhancement from the existing Google Assistant. This initiative highlights Google’s commitment to integrating more sophisticated, conversational AI into the driving experience.

This announcement closely follows General Motors’ revelation from yesterday that Gemini will be available in around 4 million vehicles manufactured from the 2022 model year onward, covering brands such as Cadillac, Chevrolet, Buick, and GMC. However, today’s statement did not specify particular automakers, implying that Gemini’s availability will not be restricted to GM cars.

The deployment will start in the United States with support for the English language, with plans for broader availability in the months to come. Importantly, Gemini is not exclusive to new cars but also applicable to compatible existing vehicles through software updates.

Vehicles with Google built-in made their debut in 2020. Now, Google asserts that the new Gemini update allows for a more intuitive, conversational interaction between drivers and their cars. 

Soon, drivers will be able to communicate more freely to accomplish tasks, explore ideas, or gather information. For example, a driver could express a desire to stop for lunch at a highly rated restaurant with outdoor seating along their path. Gemini can generate relevant suggestions using data from Google Maps and manage follow-up inquiries such as parking availability or menu choices, including dietary restrictions. 

Gemini can also execute functions like adjusting the temperature, offering directions, suggesting music, retrieving vehicle details, summarizing incoming messages, and assisting drivers in responding without hands-on involvement. 

Moreover, there is Gemini Live, which is presently in beta and facilitates more spontaneous, real-time discussions. Drivers can activate it by pressing a button in the interface or by saying, “Hey Google, let’s talk,” allowing for brainstorming, learning, or general conversation while driving.

Drivers logged into their Google accounts in compatible vehicles will receive a prompt to upgrade. Once activated, Gemini can be accessed via voice commands, the on-screen microphone, or controls on the steering wheel.

Google has stated its intention to broaden Gemini support to additional languages and regions, with future updates anticipated to enhance integration with services such as Gmail, Google Calendar, and Google Home.

TikTok has unveiled a new “Campus Hub,” the company informed TechCrunch via email on Thursday. This newly created hub includes specific group chats for college students and tailored feeds aimed at keeping students connected to their campus communities, even during the summer break.

The hub enhances the app’s campus verification feature, which was introduced last August, allowing users to include their college campus on their TikTok profile and explore a roster of fellow students from their institution to connect with peers. This feature is accessible at over 6,000 universities through TikTok’s collaboration with UNiDAYS, a platform for student verification that validates student status.

After students confirm their status as students, they can access the new dedicated campus hub.

Students have the ability to create and join group chats featuring up to 300 fellow classmates. These chats are exclusive to verified students from the same school. TikTok claims these chats can serve as a means to maintain communication, arrange gatherings, or continue discussions throughout the summer.

While these chats may prove beneficial during the summer, TikTok might also be incentivizing students to use its platform for daily school-related communication, such as class or club discussions typically conducted on other platforms like Discord, Facebook Messenger, or Instagram.

Regarding the new college feeds, users will receive a customized feed that showcases a combination of content shared by verified students and material related to their university. TikTok mentions that these feeds will enable students to remain engaged with campus activities, trends, and updates, regardless of their location.

These new offerings echo Facebook’s early phase, where the platform was entirely centered around college campuses and mandated individuals to register with a valid “.edu” email address to connect with classmates and meet people at their institution.

It should be noted that TikTok is not the sole social media heavyweight attempting to ease college students’ connectivity, as Meta-owned Instagram introduced a feature last year that closely resembles TikTok’s campus verification option, permitting U.S. students to add their educational institution to their profile banner and view a list of fellow students from their university.

Stripe, a financial services platform, is unveiling a digital wallet designed for the age of AI, where autonomous agents can handle tasks like shopping, making reservations, purchasing tickets, and more.

During its annual event this week, the company launched Link, a wallet that enables users to connect different payment options, monitor their spending, and manage their recurring subscriptions. Additionally, it allows for the integration of AI agents to spend on your behalf, safely.

Available on the web, iOS, and Android, Link provides many expected features of a digital wallet. Users can link various payment options such as cards, bank accounts, crypto wallets, and buy-now/pay-later services, as well as save crucial information for online checkouts, including billing and shipping details.

Link also includes practical functions, such as tracking your expenditures and recurring subscriptions—allowing updates to the payment methods kept on file, when necessary. Furthermore, it offers 90 days of buyer protection on qualified purchases from select merchants.

What makes Link particularly intriguing is its capacity to collaborate with autonomous AI agents, like OpenClaw and others.

The interest in autonomous AI is surging, evident from Apple selling out its base model Mac Minis, a favored platform for deploying these always-active AI agents. Nonetheless, some users (with good reason) hesitate at the notion of sharing raw payment data with an agent, despite the convenience of automating various bookings.

Link aims to provide a remedy, allowing users to connect their AI agents and grant them spending permissions without revealing their payment information.

For functionality, users must first allow their agent access to the Link wallet through an OAuth (standard authentication) process. The agent can then submit a spending request, offer context, and await approval. Currently, it supports traditional payment methods, but Stripe indicates that compatibility with agentic tokens, stablecoins, and other payment forms is forthcoming “soon.”

Users on mobile and web will receive a notification to authorize the spending request, necessitating a review of the transaction beforehand, before the payment details are disclosed to the AI agent. Looking ahead, Stripe mentions plans to broaden its control options, enabling users to set their own spending limits or designate when their agents can operate without prior approval.

The wallet is based on Stripe’s new Issuing for agents, which allows users to create virtual cards for agents to make independent purchases, with real-time authorization, spending controls, and complete transaction transparency. Rather than giving an agent direct access to your payment data, users can opt to provide agents programmatic access to Link, resulting in a single-use card, or they could utilize a Shared Payment Token (SPT), which is supported by payment cards and banks.

According to Stripe, developers and companies creating agents or AI personal assistants can also leverage Link’s wallet rather than building their own from the ground up.

The rapid evolution of artificial intelligence is compelling businesses to create and introduce new offerings faster than ever or face the risk of being outpaced by more agile rivals.

Salesforce believes it has discovered a method that enables it to adapt even amidst the uncertainty of AI’s future direction. The behemoth in customer management software is sourcing input for its AI strategy in real time.

Salesforce is by no means the only firm to actively collaborate with its clients for insights on its products. However, what sets it apart is the company’s vast scale, the speed of new product launches or updates, and the detailed nature of these collaborations. These exchanges occur far more frequently than annual or quarterly meetings; some customers are engaging with Salesforce as regularly as once a week.

“The 18,000 customers are a significant reservoir of insights and critical information necessary for achieving customer success,” stated Jayesh Govindarajan, executive vice president at Salesforce AI, during a recent discussion with TechCrunch. “The stack we’ve developed has resonated with these clients. Over time, we will enhance our context, and as it improves, and LLMs advance, agent systems will perform increasingly autonomous functions. That’s an ongoing path of innovation to which we will commit resources.”

Salesforce was among the pioneers to roll out AI agent management software in late 2024, even before agentic AI began to capture media attention the subsequent year. Since then, the company has intensified its efforts and is persistently launching new products for voice AI and Slack at a brisk pace.

The rapid pace of product introductions is credited to Salesforce’s clientele. According to the company, by allowing its customers to guide the process, it can create an AI product roadmap that swiftly adapts to the evolving landscape of AI technology.

As large language models emerged, businesses eagerly sought to leverage the technology but lacked the necessary final applications to fully utilize LLMs, explained Muralidhar Krishnaprasad, president and chief technology officer of Salesforce engineering, in a conversation with TechCrunch.

The necessity for that final technology is what prompted Salesforce to unveil its agent management platform, Agentforce, according to Govindarajan.

From this point, the firm embraced a grassroots strategy directed by themes — such as agent context, observability, and deterministic controls, among others — rather than specific product timelines. This method involves direct feedback from rotating customer groups to design products under the assumption that other businesses will encounter similar requirements.

Customers in control

“The advancements we’ve made come directly from collaborating with a vast array of these customers and categorizing the challenges they face in the marketplace,” Govindarajan shared. “Then we analyze that and determine which issues can be addressed at the LLM level and which cannot. For the latter, we need to develop a sort of agentic operating system components around the LLMs to be able to achieve that.”

Close collaboration with customers’ engineering teams enables Salesforce to address issues swiftly before the technology surpasses them.

“We can’t afford to wait three or six months for feedback and then take another six months to address it,” Krishnaprasad stated. “We are actively responding, week by week, month by month. This has been a significant change. Now we deploy code quickly and have various checkpoints to test new features and gather early feedback prior to wider release. These are all adaptations we’ve had to make to respond to the rapid shifts in this landscape.”

Engine, a travel management platform, is one of the companies engaged in Salesforce’s customer feedback loop. This relationship is not casual; the operations team at Engine meets with Salesforce weekly, as reported by Engine founder and CEO Elia Wallen.

Through this collaboration, Engine gains early access to AI tools ahead of their public launch. Wallen highlighted that this access helps Engine maintain its competitive edge and derive greater value from these tools than it could otherwise achieve.

The benefits are mutual.

Wallen noted that feedback from Engine has been integrated into Salesforce’s tools. For instance, Wallen once directed an AI voice agent to reserve a hotel in Chicago but found the interaction felt somewhat artificial and reported this to Salesforce. Subsequently, adjustments were made, and the company’s A/B tests began yielding improved results.

“If someone is genuinely willing to assist in curating and developing solutions we require, they can understand our challenges better and find effective ways to address them,” Wallen said. “For us, it’s excellent to be included in such processes because we can shape the product.”

This strategy also enables the company to implement solutions and workflows crafted by users across its larger client base.

The federal credit union PenFed has managed to streamline its technology stack by closely collaborating with Salesforce, according to Shree Reddy, the company’s chief innovation officer and executive vice president, who spoke with TechCrunch.

“We dedicate our time and effort to platforms that are more strategic, and we naturally invest significantly in this partnership,” Reddy commented about Salesforce. “This investment has produced favorable outcomes in terms of strengthening that collaboration, with mutual impacts that yield enhanced value for both parties.”

Reddy shared that PenFed developed an IT service management (ITSM) workflow independently using existing tools and agents in Agentforce that worked effectively for the organization. Salesforce recognized this success and expanded the tool for use across its platform for other businesses as well.

A potential drawback of this approach is its reliance on the traditional notion that the customer is always right. Salesforce is hopeful, despite numerous businesses still determining the role of AI in their operations and many not having realized value from the technology. Consequently, these businesses might not offer the best insights for long-term product development.

Additionally, a willingness to test and explore technology in beta today may not necessarily predict long-term usage patterns or future software agreements either.

Maximize internal usage

The company adopts this grassroots philosophy internally as well. Govindarajan mentioned that Salesforce employees are the primary users of its AI offerings.

Moreover, the company redirected its workforce and resources at the onset of the AI surge. Following the release of ChatGPT, Salesforce reallocated teams and resources to establish a new AI division — a strategy the company has successfully implemented during previous innovation phases, according to Krishnaprasad.

“As technology evolves, we can never predict what will emerge a month later,” he noted. “We will adjust accordingly. That’s what we did throughout the past year. If you consider, agents weren’t even on the radar just a year and a half ago. We needed to respond to all the developments and adjust to our customers’ needs.”

Uber’s upcoming luxury robotaxi initiative in partnership with Lucid Motors and Nuro is gaining a fourth collaborator: Hertz.

The firms declared on Thursday that Hertz will manage “daily vehicle asset operations, encompassing charging, upkeep, repairs, sanitation, and depot personnel.” The service, revealed last year, is expected to debut by the close of 2026 in the San Francisco Bay Area, utilizing Lucid’s Gravity SUVs alongside Nuro’s autonomous technology.

Hertz is overseeing these responsibilities through a newly formed subsidiary named Oro Mobility, which the rental business claims will “offer integrated fleet management services across a variety of mobility sectors.”

“As the sector shifts from privately owned vehicles to commercially operated driver-assisted and autonomous fleets, Oro seeks to address a significant orchestration and operations void,” the Hertz press statement indicates.

This isn’t Hertz’s initial foray into new mobility trends, as the company underwent a bankruptcy restructuring in 2020.

In 2021, the firm made headlines by announcing its acquisition of 100,000 EVs from Tesla, a move that contributed to Elon Musk’s automaker achieving a $1 trillion valuation for the first time (and aided Hertz’s recovery image post-bankruptcy). Hertz also disclosed plans in 2022 to procure up to 175,000 EVs from General Motors, along with another 65,000 from Polestar.

However, none of those agreements were fully executed, and Hertz initiated a fire sale of the EVs it had acquired in early 2024. This decision was partly due to unexpectedly high maintenance costs from Uber drivers renting the EVs, in addition to Tesla reducing prices to combat competition and enhance sales.

Establishing a fleet management and operations division should align more closely with Hertz’s core strengths as a car rental behemoth. Rivals like Avis are already engaging in similar operations for Waymo. With robotaxi ventures appearing eager to utilize third parties for managing this aspect, Hertz has the potential to create a profitable business with Oro.

In this context, Hertz and Uber announced on Thursday that they will “investigate expansion possibilities in 2027.” Uber has partnerships with numerous autonomous vehicle firms globally and plans to order at least 35,000 robotaxi-ready vehicles from Lucid Motors in the forthcoming years. It is starting with 10,000 Gravity SUVs and has recently expressed intentions to acquire another 25,000 EVs from Lucid Motors based on its forthcoming mid-sized platform. (Uber also currently holds over 11% of Lucid Motors due to investments made alongside the vehicle orders.)

Practice by Numbers, the creator of a patient management software utilized in numerous dental offices, has addressed a security vulnerability that revealed patients’ private health information on a portal bundled with the software, as reported by TechCrunch.

One patient, Joseph R. Cox, alerted TechCrunch about the glitch after experiencing the issue while viewing his dental records on the portal provided by his dentist’s office. 

This patient portal is an aspect of dental management software developed by Practice by Numbers, which asserts that its products are employed in over 5,000 dental practices throughout the United States.

Cox indicated that the vulnerability permitted any portal user to access medical documents and health records of other patients. He stated that he could view other patients’ files through his account, which included personal data, medical histories, photo IDs, and additional documents. The flaw also meant that Cox’s own records were similarly vulnerable to other patients.

Cox mentioned that he tried to inform the company about the problem via email but received no response. Subsequently, he contacted TechCrunch as a last option to urge the company to resolve the glitch.

The flaw was notably simple to exploit by anyone logged into the Practice by Numbers’ patient portal. Cox noted that altering the document number in the web address while accessing one of his documents in the portal allowed users to reach files belonging to other patients. 

Even more concerning, Cox stated that the document numbers in the web address seem to progress sequentially, making it easy to guess the document numbers of other individuals’ medical files.

Cox informed TechCrunch that he faced challenges in notifying Practice by Numbers about the problem, as the company provided no clear means for reporting security concerns. The email address on the company’s website was malfunctioning, resulting in returned undeliverable messages. Instead, Cox reached out to one of the company’s founders via LinkedIn, but did not receive any reply following a follow-up email.

The resolved issue emphasizes a growing trend where ordinary consumers discover security flaws in products or websites of companies yet lack a straightforward path to report such matters to the developers.

Earlier in April, fashion retailer Express addressed a website flaw that allowed any user to view the order details and personal information of other customers after a user identified the issue but found no way to inform the company. A similar situation happened with Home Depot in December, where a security researcher attempted to privately alert the company about a security lapse exposing access to its internal systems for nearly a year, but their notifications went ignored until TechCrunch reached out.

Considering the security breach was actively jeopardizing patients’ data, TechCrunch notified Practice by Numbers of the concern on April 13. The company took down its patient portal to rectify the flaw and re-launched it on April 17.

Chris Lau, co-founder and chief technology officer of Practice by Numbers, informed TechCrunch that the vulnerability had been resolved and that fewer than 10 patients were being notified that their information had been compromised due to the flaw, according to server logs.

The company stated it is collaborating with the impacted dental practice to inform the affected patients. Lau mentioned that the company hadn’t found evidence of prior activity related to the flaw, implying that Cox was likely the first to discover it.

Cox confirmed that the vulnerability seems to have been addressed.

When TechCrunch inquired, neither Lau nor Rohit Garg, co-founder and president of Practice by Numbers, disclosed whether the company’s patient portal had undergone a security audit prior to its launch. Companies typically conduct security audits to ensure their products comply with cybersecurity standards and are devoid of prevalent security vulnerabilities before being used by customers.

Although no software is ever entirely free of bugs, firms dealing with sensitive information, such as healthcare data, generally seek external evaluations of their code to eliminate any significant security flaws.

When asked if Practice by Numbers intended to enhance its website to enable security researchers to report security flaws, including a vulnerability disclosure program, Garg stated that the company aims to improve its website to facilitate the reporting of security issues. The company did not provide a timeline.