All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Anthropic released Claude Fable 5, described as its most powerful publicly available AI model, which performs exceptionally well at software engineering, knowledge work, and vision tasks. This is the first broad public release from Anthropic's Mythos class of models, which the company previously considered too dangerous to release due to their advanced cybersecurity capabilities. The release became possible through new safeguards that prevent the model from responding to requests in high-risk areas.
The European Union ordered Meta to allow competing AI chatbots to access WhatsApp's business platform for free, saying Meta's ban on third-party AI assistants violated competition rules. As an interim measure while investigating whether Meta abused its dominant market position, the EU gave Meta five working days to restore access to the WhatsApp for Business API (an interface that lets external programs connect to WhatsApp) under previous terms, with potential fines up to 10% of Meta's annual revenue if it refuses.
Organizations need to speed up how quickly they fix security vulnerabilities to keep pace with AI-powered attacks, which are accelerating both vulnerability discovery and exploitation. The main challenges slowing down fixes include unclear ownership of vulnerable systems, generic remediation guidance that doesn't fit specific environments, and manual processes that can't handle the large volume of findings that AI scanners now produce. Pillar 2 of the AI Threat Readiness Framework focuses on automating remediation workflows and establishing clear ownership so that the right teams can fix vulnerabilities quickly.
Gemini 3.5 Live Translate is a new audio model that provides near real-time speech-to-speech translation across over 70 languages, automatically detecting the language and generating natural-sounding translated speech that preserves the speaker's tone and pacing. Unlike older systems that wait for a speaker to finish, this model translates continuously while staying just a few seconds behind, avoiding awkward pauses. The feature is rolling out across Google products including Google Meet, Google Translate apps, and via API access for developers.
Microsoft's AI leader Mustafa Suleyman clarified that he didn't mean AI would replace white-collar workers like lawyers and accountants, but rather assist them by automating specific tasks (like writing emails or creating presentations) to help them work faster and more efficiently. He emphasized that these jobs themselves won't disappear, only the individual sub-tasks within them will become automated.
Apple announced major updates to Siri, its virtual assistant software, at its annual developer conference, positioning it as an AI-powered tool that works across all Apple devices with new multimodal features (abilities to handle text, images, and voice). The announcements represent Apple catching up in AI technology after largely neglecting Siri and delaying AI improvements until 2025.
Google DeepMind introduced Gemma 4 12B, a multimodal AI model (a system that processes text, images, and audio together) designed to run efficiently on laptop computers with 16GB of memory. The model uses an encoder-free architecture (meaning it processes images and audio directly without separate translation layers), achieving performance comparable to larger models while reducing memory usage and latency. It supports native audio inputs and includes Multi-Token Prediction drafters to speed up response generation.
JPMorgan Chase plans to deploy AI agents (software systems that can work independently toward goals) in 2026 that can run for hours instead of just minutes, marking a shift toward longer-running autonomous workers. These advances are enabled by improvements in how AI models reason and perform tasks like writing code and controlling software, though security concerns have prevented wider corporate adoption. The bank has already seen a 20% increase in gross sales from AI tools in private banking and believes the technology could eventually expand individual banker productivity by 50%.
In May 2026, overall cyber-attack numbers dropped slightly month-over-month, but ransomware (malware that locks files and demands payment to unlock them) surged 48% compared to the previous year, and AI-powered risks to data security continued growing. Security researchers warn that the temporary decrease in total attacks doesn't mean organizations are actually safer, since threats are shifting toward more damaging methods.
Apple announced several AI features at its WWDC conference that largely replicate capabilities already available in competitors' products, such as chatbots for questions, text creation and summarization tools, and image generation. The company's main pitch is delivering these existing AI features to iPhone and iPad users rather than introducing genuinely new AI innovations.
Apple announced updates to its voice assistant, including a redesigned Siri AI with new voices and conversational abilities, while also confirming partnerships with Nvidia and Google to run some AI features on their chips. OpenAI filed confidentially with the SEC for a potential initial public offering (IPO, the process of a private company becoming publicly traded), joining other tech companies preparing to go public. The Agriculture Department confirmed additional cases of screwworm in Texas, a pest the U.S. had previously worked to eliminate.
Nextdoor engineers use Codex (an AI coding assistant) to shift from writing code step-by-step to focusing on desired outcomes, allowing individual engineers to build features end-to-end across multiple platforms rather than specializing in one system. This productivity boost has made engineering faster, so the main bottleneck is now deciding what to build strategically rather than how to build it. Codex also helps with debugging complex issues in systems like Rust databases and Kubernetes by persistently investigating problems and finding root causes.
Check Point released emergency hotfixes for two vulnerabilities in VPN products that still use IKEv1 (Internet Key Exchange version 1, an outdated encryption protocol). The more critical flaw, CVE-2026-50571, allows attackers to log into VPNs without a valid password, giving them access to corporate networks. Attackers have already exploited this vulnerability since early May, including in ransomware attacks.
XBOW security researchers tested Anthropic's Mythos Preview model, a new AI designed to help find software vulnerabilities (weaknesses in code that attackers can exploit). They found it significantly outperforms previous models at analyzing source code (program code written by developers) to identify vulnerability candidates, especially in complex areas like native application analysis (testing software written in languages like C or C++), though it works better as a tool to assist human experts rather than as a replacement for hands-on security testing.
Fix: The EU ordered Meta to re-instate access for third-party general-purpose AI assistants to the WhatsApp for Business API under the same terms and conditions that were in place previously, with a deadline of five working days to comply.
BBC TechnologyApple has introduced new AI-powered photo editing tools at WWDC 2026 that allow users to manipulate images significantly, but the company did not clearly label which photos were real versus AI-generated. This represents a shift from Apple's earlier caution about generative AI (machine learning models that can create new content), as the company now appears less concerned about how these editing capabilities might distort people's perception of reality.
Fix: According to the source, Wiz supports Pillar 2 by building a unified ownership model that automatically routes findings to the right team. This includes: establishing service ownership through the Wiz Service Catalog or Backstage integration, grouping resources by business unit or application with designated owners in Wiz or ServiceNow CMDB, and using cloud tags or Resource Tag Rules to assign owners automatically. The source also emphasizes the need to automate remediation workflows to eliminate manual triage, identify root causes of vulnerabilities, determine optimal fix paths based on specific environment architecture, and prevent recurrence by shifting fixes left and embedding guardrails into development pipelines, though specific implementation details for these actions are not fully elaborated in the provided text.
Wiz Research BlogAnthropic's Claude Mythos Preview model can create working exploits (code that attacks vulnerabilities in software) targeting known security flaws in just hours or minutes, significantly faster than human experts could do it. The model demonstrated this by building 16 working exploits for Firefox and Windows vulnerabilities within hours, and creating proof-of-concept code (simplified versions showing a vulnerability works) in as little as 8 minutes. This threatens organizations during the patch gap (the time between when a vulnerability is disclosed and when most users have installed the fix), because LLMs now automate the traditionally slow process of exploit development.
This article discusses Donald Trump's push for AI growth in the US and highlights a contradiction where Anthropic, an AI safety company, is advocating for a pause on AI advancement while simultaneously filing to go public on the stock market. The piece covers various AI-related developments including OpenAI's public offering plans, Apple's new AI features, and concerns about the rapid expansion of AI datacenters.
AI-powered coding tools prioritize speed and ease of development over security, often resulting in apps with unprotected identities and known vulnerabilities. Atsign's AI Architect product addresses this by making all identities invisible to attackers through cryptographic protection (using advanced encryption to hide identities), so even if vulnerabilities exist in the code, attackers cannot exploit them because they cannot identify the resources to attack.
Fix: Use Atsign's AI Architect product, which requires configuring the coding agent to use AI Architect's custom MCP (model context protocol) server called AAIA. This server implements authentication, authorization, and encryption for all interactions between resources, assigns each resource a unique cryptographic identity with controlled privileges, uses non-custodial cryptographic keys that remain solely with the developer, and ensures that even if servers are compromised, only encrypted data (ciphertext) is exposed rather than credentials or cleartext.
SecurityWeekApple announced new AI features at its developer conference, claiming they are more private than competitors' AI systems. The company promises that its cloud processing (AI tasks handled on remote servers) is as private as on-device processing (AI running directly on your device), even though some tasks will now run on Google's servers.
Fix: According to Agriculture Secretary Brooke Rollins, the U.S. would look to the strategy it used in the 1950s to combat screwworm, which included releasing sterile insects (the source text cuts off before completing this description).
CNBC TechnologyThis research article examines whether training employees on cybersecurity improves their understanding of password security and safe Wi-Fi practices. The study, published in June 2026, investigates the connection between formal security education and employees' actual knowledge of protective measures in their daily work.
Fix: Check Point issued three explicit mitigations: (1) search SmartConsole logs (Check Point's management console) for suspicious VPN certificate authentication attempts using the provided queries; (2) disable support for legacy Remote Access client connections and configure VPN authentication to use only IKEv2 instead of IKEv1; and (3) make machine certificate authentication mandatory. Most importantly, Check Point released downloadable hotfixes for each affected software version (R80.20.X, R80.40, R81, R81.10, R81.10.X, R81.20, R82, R82.00.X, R82.10) which customers should apply immediately.
CSO Online