AI News Digest — 2026-04-29

Highlights

Anthropic’s Mythos reshapes the cybersecurity landscape: Bruce Schneier argues Anthropic’s new Claude Mythos Preview — which can autonomously find and weaponize software vulnerabilities — collapses the patch-and-protect window that defenders have long relied on.
Google signs Pentagon AI deal for “any lawful government purpose”: Google inked a classified contract giving the DoD broad access to its AI models a day after 600+ employees demanded Sundar Pichai block the deal, and after Anthropic refused similar work.
Microsoft and OpenAI end exclusivity; OpenAI lands on AWS: Within a day of renegotiating the Azure-exclusive pact, OpenAI’s GPT models, Codex, and Managed Agents went live on AWS — a dramatic restructuring of the cloud-AI landscape.
Musk v. Altman OpenAI trial opens with bitter testimony: Elon Musk took the stand to argue he is trying to “save humanity,” kicking off a trial expected to expose the secrets of OpenAI’s founding power struggle.
Critical flaws in AI infrastructure exploited in the wild: Hugging Face’s LeRobot platform has an unpatched CVSS-9.3 unauthenticated RCE, while attackers are actively exploiting a pre-auth SQLi in the LiteLLM gateway (CVE-2026-42208) — AI tooling itself is now a target surface.

News

AI Security

GitHub CVE-2026-3854 RCE via single git push — The Hacker News reports a CVSS-8.7 command-injection flaw on GitHub.com and Enterprise Server that lets an authenticated user with push access achieve remote code execution. (link)
LiteLLM pre-auth SQLi actively exploited — Attackers are targeting sensitive data in the LiteLLM open-source LLM gateway via CVE-2026-42208. (link)
Hugging Face LeRobot unauthenticated RCE — CVE-2026-25874 (CVSS 9.3) stems from untrusted-data deserialization in the 24k-star robotics platform. (link)
Microsoft Entra ID role flaw enables takeover — A privileged AI-agent administrator role could be abused for privilege escalation and identity takeover, per Silverfort. (link)
Microsoft Windows Shell CVE-2026-32202 actively exploited — Microsoft revised its advisory for the spoofing flaw to confirm in-the-wild attacks. (link)
VECT 2.0 ransomware destroys files instead of encrypting — A nonce-handling bug means files over ~131KB are wiped on Windows, Linux, and ESXi — even paying victims can’t recover. (link)
GlassWorm VS Code extensions return — A new wave of self-propagating malware is hitting Open VSX as benign-looking extensions. (link)
Vidar tops the infostealer market — Vidar has filled the vacuum left by last year’s Lumma and Rhadamanthys takedowns. (link)
Feuding ransomware groups leak each other’s data — A spat between 0APT and KryBit exposed both gangs’ infrastructure to defenders. (link)
Vimeo confirms Anodot breach exposed user data — Customer data was accessed via the third-party anomaly-detection vendor. (link)
LAPSUS$ leaks Checkmarx’s stolen GitHub data — The application-security firm confirmed the exposure of its private repository. (link)
Brazilian LofyGang resurfaces with Minecraft LofyStealer — A cybercrime group returns after three years, distributing malware disguised as a “Slinky” Minecraft hack. (link)
US charges Scattered Spider hacker arrested in Finland — A 19-year-old dual US/Estonian citizen faces federal charges over the prolific hacking collective. (link)
Chinese Silk Typhoon hacker extradited from Italy — Xu Zewei faces US charges over COVID-research cyberattacks attributed to the state-sponsored group. (link)
NSA chief during Snowden affair reflects 13 years later — Chris Inglis on what CISOs should learn about insider threat and “enculturation.” (link)
OPSEC playbooks now circulate among threat actors — Flare details how attackers publish structured guides on identity separation and long-term evasion. (link)
Schneier on the Mythos era of cybersecurity — A long-form analysis of how autonomous exploit generation rewrites incident-response timelines. (link)
The Verge on AI bug-finding “script kiddies” — How DARPA’s AIxCC primed both defenders and attackers for autonomous vulnerability discovery. (link)
“After Mythos” — patching alone no longer fits — The Hacker News on why network-detection-and-response is becoming the last line of defense in a zero-window era. (link)
Microsoft to deprecate legacy TLS in Exchange Online — POP/IMAP clients on old TLS versions will be blocked starting July 2026. (link)

USA

OpenAI products go live on AWS within 24 hours of MS deal change — Amazon announced a slate of GPT, Codex, and a new Managed Agents service. (link · OpenAI)
Microsoft and OpenAI renegotiate exclusivity — Reuters via Yomiuri reports the new terms clear OpenAI to court Amazon and other rivals. (link)
Google signs classified Pentagon AI deal — Reportedly grants the DoD use of Google models for “any lawful government purpose” after an Anthropic refusal. (link · Verge · Decoder)
Musk takes the stand against OpenAI — Musk testified that all he wants to do is “save humanity”; jurors had pre-existing strong opinions of him. (link · Verge jury · Vergecast)
OpenAI misses Q1 2026 revenue targets — Anthropic and Google are gaining ground while internal tensions over spending grow. (link)
Anthropic launches Claude creative connectors — Direct integrations into Photoshop, Blender, Ableton, Affinity, Autodesk, and more. (link)
Amazon adds AI audio Q&A to product pages — A new “Join the chat” feature delivers AI-generated audio answers about products. (link)
YouTube AI search rolls out to US Premium subscribers — Opt-in feature delivers guided answers; sister “Ask YouTube” turns search into a chat. (link · Decoder)
GitHub Copilot moves to token-based billing — From June 1, 2026 charges shift from premium-request counts to actual usage. (link)
Mistral launches Workflows for enterprise AI orchestration — Aimed at productionizing AI processes inside companies. (link)
Lovable ships its vibe-coding app on iOS and Android — Users can build web apps and sites on the go. (link)
Otter expands enterprise search across tools — Connects Gmail, Google Drive, Notion, Jira, and Salesforce alongside meeting data. (link)
Red Hat container hardens enterprise OpenClaw deployments — Tank OS gives agent fleets a more reliable, safer runtime. (link)
NVIDIA introduces Nemotron 3 Nano Omni — Long-context multimodal model for documents, audio, and video agents. (link)
Neurable seeks to license non-invasive BCI for wearables — The startup pitches a consumer “mind-reading” sensor stack. (link)
Taylor Swift trademarks her voice and likeness — Filings target audio and image deepfakes; lawyers call it a long shot. (link)
“Talkie” — a 13B model trained only on pre-1931 text — Doubts a Second World War occurred and pictures 2026 as steamships and penny novels. (link)
Researchers find AI text is making the web more uniform and cheerful — Internet Archive analysis shows just how saturated public-web text has become. (link)
Humanitarian aid turns to AI as crises outpace capacity — Purpose-built agents are being used to triage assistance for vulnerable populations. (link)
Trump administration fires entire National Science Board — The 1950-era panel advised Congress and the president on science policy. (link)
Google Translate turns 20 — Google highlights new live-translation features alongside the anniversary. (link)

Europe

EU pushes Google to open Android to rival AI services — Brussels wants third-party access to voice activation and other core Android hooks; Google calls it “undue interference.” (link)

Japan (AI & Tech)

Fujitsu CEO warns Japan’s AI is falling behind — Takahito Tokita’s SusHi Tech 2026 keynote sounded the alarm on the country’s current trajectory. (link)
NTT to triple data-center capacity for AI — President Akira Shimada says inference workloads are driving the buildout to 3× current power capacity by FY2033. (link)
Tokyo Electron exec on what’s really behind the AI chip shortage — A frank look at the supply-side dynamics from a major equipment maker. (link)
SusHi Tech Tokyo 2026 spotlights AI and robotics — Business leaders and researchers debate the next phase of AI; experts praise Japan’s high public acceptance. (link · next phase)
DeNA, GO, GO Drive open-source 100+ AI study materials — The three Japanese firms publish their internal AI training decks for free. (link)
Singapore emerges as AI’s “neutral ground” — ITmedia analyzes how the city-state is becoming the third pole as US-China tech rivalry intensifies. (link)
Zoom doubles down on conversational AI in Japan — Marketing exec explains how Zoom plans to differentiate from Teams and Meet by focusing on phone calls and cost-performance. (link)
“Vibe coding” security risks — three things companies must do — ITmedia walks through the new attack surface created by AI-generated code. (link)
OpenAI ends Microsoft exclusivity, lands on Amazon Bedrock — ITmedia covers the reshaped distribution map for OpenAI’s products. (link)
OpenAI builds “Symphony” to manage Codex agents at scale — Internal teams reportedly saw 5× pull-request volume after deploying the orchestration tool. (link)
Xiaomi releases MiMo-V2.5-Pro as open weights — Positioned as surpassing Gemini 3.1 Pro and approaching Claude Opus 4.6. (link)
Alibaba’s HappyHorse 1.0 video AI opens to all — Reportedly tops Artificial Analysis benchmarks and supports Japanese-language dialogue. (link)
Google Research’s TurboQuant explained — A first-principles walkthrough of the new compression technique aimed at slashing AI memory footprints. (link)
WordPress.com launches Studio Code agentic CLI — Free beta for an AI coding tool focused on WordPress development. (link)
OpenAI reportedly developing an AI-first iPhone competitor — Supply-chain analyst Ming-Chi Kuo says hardware work is underway. (link)
Pre-Stuxnet US sabotage malware “fast16” discovered — SentinelOne attributes the find to an earlier-generation sabotage tool predating the 2010 Stuxnet operation. (link)
Samsung Galaxy Glasses leaked — Samsung’s smart-glasses for late-2026 release have surfaced with apparent specs. (link)
Beijing blocks Meta’s $2B Manus acquisition — China’s state planner cancels the AI-startup deal months after closing; Meta scrambles to unwind. (link · Decoder)
Canva’s AI silently swapped “Palestine” for other terms — A bug in Canva’s auto-rewrite feature replaced the word in user-facing text. (link)
Compromised Elementary Python CLI used to steal user credentials — A 1M+ download/month open-source package was tampered with via a developer-account workflow flaw. (link)

Research Papers

Benchmarks & Evaluation

ProEval: Proactive Failure Discovery and Efficient Performance Estimation for Generative AI Evaluation — A framework for cheap, proactive failure-mode discovery as model and benchmark counts explode. (link)
Quantifying and Mitigating Self-Preference Bias of LLM Judges — Shows the dominant LLM-as-a-Judge paradigm systematically favors its own outputs and proposes a bias-mitigation pipeline. (link)

Security & Adversarial

Evaluating Jailbreaking Vulnerabilities in LLMs Deployed as Assistants for Smart Grid Operations — Builds a NERC-aligned benchmark exposing how LLM grid assistants buckle under prompt-based attacks. (link)
From Stateless Queries to Autonomous Actions: A Layered Security Framework for Agentic AI Systems — Threat-model and defense layering aimed at planning, persistent memory, tool use, and peer-agent coordination. (link)
PARASITE: Conditional System Prompt Poisoning to Hijack LLMs — A supply-chain attack that hides triggers in third-party system prompts pulled from public marketplaces. (link)

Compliance & Regulation

ComplianceNLP: Knowledge-Graph-Augmented RAG for Multi-Framework Regulatory Gap Detection — Targets the 60,000+ regulatory events that financial institutions track annually; aims to surface compliance gaps automatically. (link)

Alignment & Safety

Jailbreaking Frontier Foundation Models Through Intention Deception — Demonstrates that learned safety boundaries don’t generalize against attackers who hide adversarial intent. (link)
Structural Enforcement of Goal Integrity in AI Agents via Separation-of-Powers Architecture — Borrows constitutional design to prevent agents from constructing and executing internal misaligned goals. (link)

Guardrails & Robustness

LAVA: Layered Audio-Visual Anti-tampering Watermarking for Robust Deepfake Detection and Localization — Couples audio and visual watermark layers to harden deepfake detection on short-form video. (link)
MERIT: Modular Framework for Multimodal Misinformation Detection with Web-Grounded Reasoning — Decomposes verification into visual forensics, cross-modal alignment, and retrieval-augmented claim checking. (link)

Applications

One Size Fits None: Heuristic Collapse in LLM Investment Advice — Finds LLMs collapse to a few generic strategies regardless of user financial context — a real-world risk in retail advice. (link)
AI Safety Training Can be Clinically Harmful — Warns that generic safety training degrades LLM mental-health support; only 16% of LLM-based chatbot interventions have undergone rigorous clinical testing. (link)

Key Themes

AI infrastructure is now a primary attack surface. Critical RCE in Hugging Face LeRobot, exploited SQLi in LiteLLM, supply-chain compromise of an Elementary Python package, and a Microsoft Entra ID role flaw aimed at AI agents — the tooling stack itself is the perimeter.
Autonomous offense is here. Anthropic’s Claude Mythos Preview and Project Glasswing collapse the patch window; commentators across Schneier, The Verge, and The Hacker News are converging on “zero-window” defense playbooks.
The OpenAI–Microsoft monopoly era ends. Renegotiated terms put OpenAI on AWS Bedrock within a day, while OpenAI misses Q1 revenue targets and faces growing pressure from Anthropic and Google.
AI militarization accelerates. Google takes Pentagon classified work that Anthropic refused, despite open dissent from 600+ employees; legal experts note the “safety clauses” are not legally binding.
Agentic safety dominates the research agenda. New papers tackle jailbreaks via intention deception, separation-of-powers goal integrity, layered agent security, and context-fragmented multi-agent violations.
Japan’s AI position is at an inflection point. Fujitsu’s CEO warns Japan is falling behind, NTT is tripling data-center capacity for inference, and SusHi Tech 2026 frames the next phase as one Japan must actively invest in.

For detailed summaries of selected research papers, see papers.md.