All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
RAGFlow, an open-source RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions) engine, has a Jinja2 template injection vulnerability (a flaw where untrusted data gets processed as code in a templating system) in version 0.24.0 and earlier. Any registered user can exploit this flaw in the prompt generator to run arbitrary OS commands (any commands they want) on the server by creating a Canvas workflow with specific components.
Boston Children's Hospital integrated AI (artificial intelligence) across its entire organization as a core part of clinical and operational work, rather than treating it as a separate experiment. By building an enterprise AI layer (a shared, secure internal AI system used across teams) and redesigning workflows in areas like supply chain and surgical scheduling, the hospital has diagnosed over 40 previously unresolved rare conditions, saved approximately 60,000 hours of staff time, and enabled more than one-third of employees to use AI daily in their work.
Braintrust, an AI observability company, uses Codex (OpenAI's code-generation AI model) to quickly turn customer feature requests into working preview branches in minutes, with half the team adopting it within one month. The speed of Codex enables faster feedback loops with customers and allows engineers to test ideas in real time rather than letting requests sit in a backlog. Codex's ability to handle large amounts of text output without slowing down makes it more effective than other models for this workflow.
Film director Gareth Edwards publicly endorsed generative AI (software that creates content like images or text from descriptions) for movie-making at an Amazon event, comparing it favorably to traditional CGI (computer-generated imagery) and calling it a tool as fundamental as a camera. Edwards argued that filmmakers have no reason to avoid adopting AI since it can help with creative work and will eventually surpass CGI in quality.
Adobe's Firefly AI Assistant is a conversational AI agent designed to automate tasks within Adobe's design software while keeping users in control of the creative process, unlike traditional AI image generators that work independently. The assistant acts as a multitasking middleman that can operate design apps on behalf of users, though early testing suggests the results are not particularly impressive despite the tool's thoughtful approach to preserving creative control.
In 2023, the SEC required public companies to disclose cybersecurity risk management in their annual filings, prompting an analysis of the top 200 S&P companies' cybersecurity leadership structures. The analysis found that Chief Information Security Officers (CISOs) lead cybersecurity at over 70% of companies with an average of 23 years of experience, most commonly reporting to the Chief Information Officer, while the Audit Committee oversees cybersecurity at about 60% of companies, and the NIST Cybersecurity Framework (a set of best practices for managing cyber risks) is the most referenced security standard.
Big tech companies are legally challenging GDPR (General Data Protection Regulation, Europe's data protection law) fines, with nearly 40% of the €7.1 billion in fines announced over eight years either annulled or under appeal. While GDPR successfully established a global 72-hour breach notification standard (the requirement that organizations tell people within three days if their data is stolen), experts note the framework has structural weaknesses that companies exploit in court, and upcoming AI regulations may face similar challenges.
Anthropic, an AI company, announced that its run-rate revenue (an annualized projection based on current monthly earnings) has grown to $47 billion as of May 2026, up from $30 billion in April 2026. This represents extraordinarily rapid growth, with the company increasing its run-rate revenue more than 10 times annually over the past three years, driven by widespread adoption among enterprise customers.
Anthropic released Claude Opus 4.8 on May 28, 2026, describing it as a modest incremental improvement over its predecessor. A key advancement is improved honesty: the model is about four times less likely than the previous version to overlook flaws in code it writes, and it achieves lower factual hallucination rates (incorrect answers) primarily by declining to answer questions when uncertain rather than attempting to answer more questions.
The llm-anthropic tool (a command-line program for using Anthropic's Claude AI models) was updated to version 0.25.1, adding support for a new Claude Opus 4.8 model and a fast mode option for users with that feature enabled. The update also changed how the tool handles max_tokens (the maximum number of words the AI can generate in a single response) by making it default to each model's actual maximum instead of a fixed 8,192 limit.
A threat group called GreyVibe, likely linked to Russia, has been running cyberattacks since August 2025 against Ukrainian and other organizations using AI-generated fake content and custom malware tools. The group uses ChatGPT, Gemini, and other AI tools to create realistic phishing lures (fake websites and emails impersonating legitimate organizations), and likely uses AI to help develop malware like LegionRelay (a remote access trojan, or RAT, which lets attackers control a victim's computer from afar) and FallSpy (Android spyware that steals personal data). Researchers say the attackers show less sophistication than typical state-sponsored groups and may include current or former cybercriminals.
Okta, a company that provides identity security tools (software that verifies who users are and controls access to systems), reported strong earnings driven by increased demand from companies building agentic AI (AI systems that can independently perform tasks and make decisions). CEO Todd McKinnon emphasized that while agentic AI is boosting interest in Okta's security products, the company is preparing for long-term infrastructure needs rather than chasing short-term profits.
The European Union wants to increase discussions with the U.S. about advanced AI models that have cyber capabilities, particularly after Anthropic's Mythos model (a very powerful AI system) raised concerns about AI-powered cyberattacks. The EU has not yet received access to preview Mythos, and the White House has opposed expanding access to the model beyond the U.S. due to security concerns, though Anthropic says it is developing safeguards and expects to release Mythos-class models to customers within weeks.
Fix: Anthropic stated that 'Models of Mythos' capability require strong cyber safeguards before they can be generally released' and 'We're making swift progress on developing these safeguards and expect to be able to bring Mythos-class models to all our customers in the coming weeks.' No specific technical safeguards or implementation details are described in the source text.
CNBC TechnologyEmployees are using AI-driven development platforms (vibe coding, where non-programmers build working applications by describing what they want) to quickly build custom applications and connect them to company systems, then publish them on the public internet without involving security teams or implementing basic access controls. A study found over 2,000 such exposed applications containing sensitive data across major companies, sitting unprotected because traditional security tools like EDR (endpoint detection and response, software that monitors what happens on company devices) and DLP (data loss prevention, software that blocks sensitive information from leaving the company) were designed to catch different types of threats and don't detect these cloud-to-cloud connections or applications built in web browsers.
Organizations are rapidly adopting unauthorized AI tools without proper security oversight, creating 'shadow AI' (unsanctioned AI use that bypasses governance controls) that exposes sensitive data and creates new attack surfaces. Traditional security tools like firewalls and Zero Trust architecture (a security model that requires verification for every access request) cannot detect AI-specific threats such as prompt injection (tricking an AI by hiding malicious instructions in its input), leaving companies vulnerable to data leaks, compliance failures, and attacks that exploit AI systems.
Fix: CrowdStrike Falcon AI Detection and Response (AIDR) is designed to provide visibility, control, and protection for AI-driven environments and can identify and stop AI-specific threats such as prompt injection.
CrowdStrike BlogOpenAI is launching Rosalind Biodefense, a program that gives vetted developers access to GPT-Rosalind (a reasoning model trained for life sciences) to build defensive tools against biological threats like pandemics. The company is also expanding trusted access to this model for select U.S. government and allied partners working on public health and biodefense, supported by safety measures like capability assessments, expert red teaming, and security controls to prevent misuse.
IBM and Red Hat announced Project Lightwell, a $5 billion initiative to create an AI-powered 'security coordination layer' that helps enterprises discover and fix vulnerabilities (security weaknesses) in open source software faster. The clearinghouse will deliver validated patches directly into existing software supply chains without requiring upgrades, starting with Java/Maven code and eventually expanding to other programming languages.
Fix: Project Lightwell will backport fixes (apply patches to older versions) to exact dependency versions that have already been tested and deployed, operate on configuration manifests like pom.xml so code remains in controlled enterprise environments, and deliver fixes across dependency chains. Enterprises will receive validated patches spanning Red Hat platforms and independent community code, and can share fixes upstream through a 'secure map' so the wider open-source community can incorporate them.
CSO OnlineAnthropic announced plans to release Claude Mythos-class models (powerful AI systems initially restricted due to security concerns) to the general public in the coming weeks. The company stated it has developed strong guardrails (safety measures to prevent misuse) and is making progress on safeguards before the public rollout, though it has not specified an exact timeline.
This document outlines best practices for evaluating frontier AI models (advanced AI systems at the cutting edge of capability) through independent third-party assessments. Modern frontier models are more complex than simple chatbots because they can use tools, maintain information across multiple steps, and operate within larger workflows, so evaluations must account for the "harness" (the surrounding setup and environment) that can significantly affect performance. Evaluation reports should clearly state what claim is being tested (such as whether a model can perform a capability, how robust its safety features are, or how it compares to other models) and provide evidence that the results are valid by addressing potential issues like reward hacking (exploiting shortcuts in scoring), contamination (overperforming due to exposure to similar tasks in training data), and sandbagging (deliberately underperforming when aware of being evaluated).
Palo Alto Networks PAN-OS has an authentication bypass vulnerability (a flaw that lets attackers skip security checks) that allows attackers to create unauthorized VPN (virtual private network, a secure tunnel for remote access) connections without proper credentials. This vulnerability is currently being actively exploited by attackers in real-world attacks.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Mitigation details are available at https://security.paloaltonetworks.com/CVE-2026-0257.
CISA Known Exploited Vulnerabilities