Between December 19 and 26, 2025, the AI industry took a definitive shape: OpenAI released GPT-5.2 on December 11[44], Anthropic launched Claude Opus 4.5 (November 23–24), and Google remains under pressure after Gemini 3’s debut on November 18. Meanwhile, Linux Foundation announced the creation of the Agentic AI Foundation (December 9), and OWASP published “OWASP Top 10 for Agentic Applications” (December 9), shifting discussions from benchmark comparisons toward implementing guardrails and compliance. As a result, the market combines technological rivalry with an urgent need for safety standards.
Major Model Releases
OpenAI launched GPT-5.2 in three variants: GPT-5.2 Thinking (deep reasoning), GPT-5.2 Instant (fast), and GPT-5.2-Codex (coding optimization). The model scored 70.9% on the GDPval benchmark and 55.6% on SWE-Bench Pro, operating with context windows up to 400K tokens. The price is $1.75 per million input tokens and $14 output; simultaneous integration with Microsoft 365 Copilot confirmed on December 11 intensifies competitive pressure and cost risks for price-sensitive customers.
Security and Regulations
Anthropic focused on coding and agents: Claude Opus 4.5 reached 77.2% on SWE-Bench Verified[48] and declares token efficiency with 48–76% less output token usage at equal performance. The new variant’s price stands at $5/$25 per million tokens, which combined with token efficiency may attract large enterprises. Google is testing a new development environment called Google Antigravity[76], where agents autonomously plan, code, and validate applications; the project is led by Demis Hassabis and Koray Kavukcuoglu, integrating Gemini 3 Pro and Vertex AI, creating potential lock-in within the Google Cloud ecosystem.
Agent security has moved to the forefront of risks. OWASP detailed in “OWASP Top 10 for Agentic Applications” the main threats[74]: Agent Behavior Hijacking, Tool Misuse and Exploitation, Identity and Privilege Abuse, and Goal Hijacking. Simultaneously, Linux Foundation formalized cooperation among major players in the Agentic AI Foundation (December 9). The EU AI Act, whose phase II came into effect August 2, 2025[101] practically requires technical documentation, incident reporting, and audits for systemic systems.
Markets and Business Implications
December 2025 also saw a wave of transactions: the M&A market reached about $100 billion this month, and a Bain & Co report indicated[103] growth to $478 billion in Q4. Key deals included mergers and investments involving Palo Alto Networks[100], Cyber. Ark ($25 billion), AMD, Lenovo, while infrastructure partnerships like Core Weave (valued at $22.4 billion) and Disney–OpenAI investment (~$1 billion) are changing computing power access. Forbes and CB Insights forecasts estimate the agentic AI market at $155 billion in 2026 (a 35% year-over-year increase), shifting employee roles from routine tasks to agent oversight and auditing.
The implications for Polish companies are direct: immediate mapping of used LLM/VLM models, preparation of budgets for compliance with the EU AI Act, and assessment whether agent applications have guardrails aligned with OWASP best practices. Failure to act risks penalties and customer trust loss[102]. I recommend three steps: (1) inventory AI systems and document their usage, (2) implement context sanitization in RAG applications, (3) appoint a person responsible for agent security and compliance — Chief Agent Officer or a similar role.