Experts confirm 'Fast16,' linked to Stuxnet, actively sabotaged nuclear weapons testing simulation software — extending nation-state cyberweapon doctrine to the modeling layer.
Vercel CEO: April 2026 breach caused by AI-accelerated attackers with surprising velocity and deep product knowledge. Initial vector: compromised AI customer-service platform context.ai.
UK AISI: AI cyber task horizon doubling every 4.5 months. Mythos and GPT-5.5 appear token-limited, not ability-limited. Findings align with METR.
GTIG confirms AI-discovered zero-day actively exploited in the wild. AI-vs-AI offense/defense dynamic now operational, not theoretical.
OpenAI's Daybreak combines frontier models and Codex to automate vulnerability detection, backlog triage, and continuous software security at enterprise scale.
OpenAI's Daybreak platform uses Codex and frontier models to automate vulnerability detection and patching, competing directly with established SAST tooling.
METR puts Claude Mythos at a 16-hour task horizon, 2× the next best. Palo Alto Networks: 3 weeks AI-assisted equaled a year of manual penetration testing.
Palo Alto Networks confirms Claude Mythos completed three weeks of penetration testing equivalent to a full year of manual analysis, with broader coverage.
Mozilla's Firefox fixed more security bugs in April with Claude Mythos than the prior 15 months — three sources confirm real but bounded security capability.
Canvas forced offline by ShinyHunters data extortion attack — thousands of schools and universities across the US disrupted.
Mozilla: Claude Mythos helped Firefox fix more security bugs in April than the past 15 months combined, per Mozilla's new blog post.
OpenAI rolls out GPT-5.5-Cyber to critical infrastructure defenders in limited preview — GPT-5.5 with Trusted Access for Cyber.
Coupang Q1 2026: $8.5B revenue (+8% YoY), $266M net loss — largest since Q4 2021. Breach fallout accounting for the loss despite strong topline growth. Via Korea Herald.
Axios reports the NSA is using Claude Mythos Preview for vulnerability discovery despite Anthropic's supply-chain risk status and an ongoing Pentagon legal fight.
The White House is blocking Anthropic's Mythos expansion to 70 organizations, exposing a critical gap: AI cybersecurity risk is entirely self-reported.
Anthropic restricted Mythos via self-assessment, but OpenAI and Google face no external governance at the same threshold — cyberrisk assessment is entirely self-reported.
Sam Altman announces GPT-5.5-Cyber, a frontier cybersecurity model, will roll out to critical defenders within days with government-coordinated access controls.
Decepticon is an open-source autonomous AI red-team agent that reasons through attack paths and tests business logic—governed by strict scope, isolation, and logging requirements.
China's 360 Group used an AI agent to find ~1,000 previously unknown vulnerabilities including in Microsoft Office, marking a new phase in AI-assisted offensive security research.
Curated AI insights — sent when there's something worth your inbox.