AI News Digest — 2026-05-01

Highlights

New Linux ‘Copy Fail’ flaw gives unprivileged users root on major distros: An AI-assisted scan by Xint uncovered CVE-2026-31431, a 9-year-old kernel LPE bug threatening multi-tenant servers, CI/CD, and Kubernetes — described as the most severe Linux threat in years.
White House blocks Anthropic from expanding access to its Mythos cyber model: U.S. officials reportedly rejected Anthropic’s plan to extend Mythos to ~70 additional companies over compute-supply concerns, while OpenAI simultaneously restricted its rival GPT-5.5 Cyber to “critical defenders.”
Google patches CVSS 10 RCE in Gemini CLI and run-gemini-cli GitHub Action: A maximum-severity flaw let attackers force malicious content to load as Gemini configuration, executing arbitrary commands on host systems via the agent’s CI workflow.
Microsoft and OpenAI restructure their partnership: After years of contract friction, the two companies finalized a major rework of their relationship — recasting how compute, IP, and product roadmaps will be shared going forward.
Anthropic in talks for a funding round valuing it above $900 billion: The company is reviewing investor offers that would push its valuation past three-quarters of a trillion dollars, a sharp reset of frontier-lab market caps.

News

AI Security

New Linux ‘Copy Fail’ flaw gives hackers root on major distros (BleepingComputer): Local privilege escalation (CVE-2026-31431, CVSS 7.8) impacting Linux kernels since 2017; an unprivileged local user can write four controlled bytes into the page cache of any readable file.
The most severe Linux threat to surface in years catches the world flat-footed (Ars Technica): CopyFail threatens multi-tenant servers, CI/CD pipelines, and Kubernetes containers.
Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug (Dark Reading): The CopyFail PoC is only 10 lines long; a patch is already available.
Google fixes CVSS 10 Gemini CLI CI RCE; Cursor flaws also enable code execution (The Hacker News): External attackers could force malicious content to load as Gemini configuration, executing arbitrary commands.
After dissing Anthropic for limiting Mythos, OpenAI restricts access to Cyber, too (TechCrunch): GPT-5.5 Cyber will only roll out “to critical cyber defenders” at first.
Anthropic’s Mythos Has Landed: Here’s What Comes Next for Cyber (Dark Reading): Industry leaders weigh how Mythos may upend offensive and defensive cyber tooling.
Anthropic launches Claude Security tool (ITmedia AI+): Public beta of an AI tool that scans code, detects vulnerabilities, and applies fixes in one workflow.
OpenAI announces advanced security for ChatGPT accounts with Yubico partnership (TechCrunch): Phishing-resistant login, recovery hardening, and account-takeover protections (see also OpenAI’s official post).
New Bluekit phishing service includes an AI assistant, 40 templates (BleepingComputer): Phishing-as-a-service kit uses AI to draft campaigns against popular services.
TeamPCP Hits SAP Packages With ‘Mini Shai-Hulud’ Attack (Dark Reading): npm packages for SAP cloud development are compromised as TeamPCP’s supply-chain attacks broaden.
PyTorch Lightning and intercom-client hit in supply chain attacks (The Hacker News): Two malicious versions (2.6.2/2.6.3) published April 30 to steal credentials.
New Python Backdoor uses tunneling service to steal browser and cloud credentials (The Hacker News): “DEEP#DOOR” disables Windows controls and harvests sensitive data.
EtherRAT distribution spoofing administrative tools via GitHub façades (The Hacker News): SEO-poisoning campaign targets DevOps engineers and security analysts impersonating admin utilities.
Critical cPanel and WHM bug exploited as a zero-day, PoC available (BleepingComputer): CVE-2026-41940 authentication bypass actively exploited since late February.
Fast16 Malware (Schneier on Security): Reverse-engineered nation-state tool, likely U.S.-origin, deployed against Iran years before Stuxnet.
Anti-DDoS firm heaped attacks on Brazilian ISPs (Krebs on Security): A Brazilian anti-DDoS provider tied to a botnet running massive attacks against rival ISPs.
FBI links cybercriminals to sharp surge in cargo theft attacks (BleepingComputer): Cyber-enabled cargo theft losses approached $725M in 2025 across the U.S. and Canada.
Police dismantle 9 crypto scam centers, arrest 276 suspects (BleepingComputer): Joint U.S.–China operation against pig-butchering networks.
Romanian leader of online swatting ring gets 4 years (BleepingComputer): Targeted 75+ public officials, journalists, and four religious institutions.
ThreatsDay Bulletin: SMS blaster busts, OpenEMR flaws, 600K Roblox hacks (The Hacker News): Weekly omnibus of fresh attacker tradecraft and exposed infrastructure.
April KB5083769 Windows 11 update breaks third-party backups (BleepingComputer): Backup vendors report failures on Windows 11 24H2/25H2 after the security patch.

USA

White House blocks wider access to Anthropic’s Mythos over compute limits (The Decoder): Reportedly rejected Anthropic’s plan to expand to ~70 more companies.
Microsoft and OpenAI’s new deal breaks down (The Verge): A major restructuring of compute, IP, and product roadmap obligations.
OpenAI says it hit its 10 GW compute goal years ahead of schedule (The Decoder): A milestone in the U.S. Stargate buildout.
Anthropic reviewing investor offers that would value the company at over $900B (The Decoder): A new funding round in negotiation.
Legal AI startup Legora hits $5.6B valuation as battle with Harvey heats up (TechCrunch): Dueling raises and ad campaigns in legal tech.
Stripe introduces Link, a digital wallet AI agents can use (TechCrunch): Users can authorize agents to spend via approval flows over connected cards, banks, and subscriptions.
Cloudflare lets agents register accounts, buy domains, and deploy (ITmedia AI+): Reduces manual steps to terms-of-service consent only.
Elon Musk testifies xAI trained Grok on OpenAI models (TechCrunch): “Distillation” becomes a flashpoint as frontier labs try to block smaller competitors from copying them. (Verge coverage)
Microsoft CEO Satya Nadella: AI success is “intense usage” not seat counts (The Decoder): On Microsoft’s record cloud earnings.
Google’s Gemini AI assistant rolls out to millions of vehicles (TechCrunch): Replaces Google Assistant in cars with Google built-in. (Verge coverage)
Google CEO says people “love” AI Overviews (The Decoder): Alphabet to invest up to $190B in AI/cloud through 2026, rising “significantly” in 2027.
FDA bets on AI and cloud monitoring for clinical trials post-DOGE (The Decoder): Pilot to monitor trials in real time, aiming to shorten approval timelines.
Anthropic claims Claude can match human bioinformatics experts (The Decoder): New BioMysteryBench shows promising results with caveats.
Goodfire releases Silico, a mechanistic interpretability tool to debug LLMs (MIT Technology Review): Lets engineers peer inside and adjust model parameters during training.
DeepMind blog on AI co-clinician (Google DeepMind Blog): Researching AI-augmented clinical care.
BioticsAI on FDA approval, fundraising, and building in healthcare (TechCrunch): Founder’s perspective on regulated AI.
Salesforce is crowdsourcing its AI roadmap with customers (TechCrunch): Enterprise customers shape Agentforce priorities.
Meta says business AI now powers 10M conversations a week (TechCrunch): Meta’s GenAI tools touch 8B advertisers.
Meta lost 20 million users last quarter (The Verge): “Family daily active people” declined as Meta plans even larger AI investments.
Meta is running get-rich-quick ads for its AI tools (The Verge): Manus pitches site-building scams to creators.
X announces a rebuilt ad platform powered by AI (TechCrunch): Revenue rebuild aimed at advertiser return.
Verified by Spotify badge tells you an artist isn’t AI (The Verge): New verification combats AI-generated personas.
OpenAI explains Codex’s “goblin” obsession (The Verge): An odd training-data quirk in GPT-5/Codex coding behavior. (Official OpenAI post)
Smart-glasses review: lots of hardware, little to do (The Verge): Field test of Even Realities G2, Rokid, Meta Ray-Ban Display, and others.
Maryland passes first U.S. ban on personalized “surveillance pricing” (Gigazine): First state-level law banning grocery-store data-driven price differentiation.
Filmmakers drop ISP piracy lawsuits after Cox ruling ripple (Gigazine): Multi-million-dollar damages and injunctions withdrawn following the Supreme Court’s Cox decision.
Trump holds talks on prolonged Iran blockade (Japan Times): Oil-executive consultations as efforts to squeeze Iranian exports continue.
Poolside releases Laguna XS.2, a high-performance local open model (Gigazine): U.S. open model claimed to surpass Google’s Gemma 4.

Europe

Mistral Medium 3.5 (128B params) released as an open model with cloud-capable Mistral Vibe (Gigazine): France’s Mistral pushes back against Chinese open-weights, claims to beat Claude Sonnet 4.5 and adds multi-agent execution.
Why are LLMs obsessed with Japanese culture? European researchers find hidden cultural bias (ITmedia AI+): Researchers from the University of the Basque Country and Cardiff University identify systemic Japan bias in models like 4o-mini.

Japan (AI & Tech)

Yokohama Rubber accelerates tire R&D with AI×simulation mold-design system (ITmedia AI+): Lets less-experienced engineers handle mold design and reduces rework.
Murata beats profit estimates as AI data-center demand strains production (The Japan Times): Multilayer ceramic capacitors are constrained by U.S. hyperscaler AI buildouts.
NEC CEO: hundreds of millions of yen earmarked for AI investment (ITmedia AI+): Mori-CEO frames 2026 as “a major turning point” with double-digit margins on the horizon.
SoftBank to take a robotics-and-data-center company public at up to $100B (TechCrunch): The new entity, “Roze,” would build infrastructure with robots. (The Decoder)
Accenture and SAP launch AI-first ERP overhaul program in Japan (ITmedia AI+): “ADVANCE” rolls out in Japan to compress legacy add-on customization for AI-driven operations.
ChatGPT trounces humans in University of Tokyo entrance exams (The Japan Times): Outperforms humans on UTokyo’s category 3 science exam — the country’s hardest.
Anthropic releases Claude Security tool in Japan (ITmedia AI+): Vulnerability-detection-and-fix workflow now in public beta.
Linux ‘Copy Fail’ privilege-escalation flaw discovered (Gigazine): Xint’s AI code-analysis service Xint Code surfaces the kernel LPE bug.
NVIDIA debuts Nemotron 3 Nano Omni, an open omnimodal reasoning model (Gigazine): Unifies vision, audio, and language for agentic workflows.
IBM publishes Granite 4.1 family with Vision/Speech/Guardian variants (Gigazine): Small open models tuned for prompt-following and tool-calling.
China’s SenseTime open-sources VAE-free image model SenseNova U1 (Gigazine): Faster than Z-Image with strong infographic and continuity capabilities.
Tencent releases 440 MB on-device translation model covering 33 languages (The Decoder): Open-weight model claims to outperform Google Translate offline on smartphones.
Gemini can now produce PDF, Word, Excel, and Slides files directly (Gigazine): Available across all Gemini app users worldwide.
Google identifies “10 cognitive abilities” framework for measuring AGI progress (ITmedia AI+): DeepMind paper proposes a cognitive-science-grounded AGI evaluation methodology.
Claude Code charges extra when commit messages contain “HERMES.md” (Gigazine): Surprising billing bug reported by an engineer.
OpenAI tells its Codex tool not to talk about goblins, gremlins, or raccoons (Gigazine): Japanese-language coverage of the GPT-5/Codex prompt anomaly.
OpenAI calls WSJ “missed targets” report a “typical clickbait” (Gigazine): OpenAI pushes back on a WSJ report that it missed user and revenue goals.

Research Papers

Benchmarks & Evaluation

Evaluating Strategic Reasoning in Forecasting Agents — Bench to the Future 2 (BTF-2): 1,417 pastcasting questions over a frozen 15M-document research corpus, exposing why some forecasting agents are more accurate than others, with reproducible offline reasoning traces.
Benchmarking the Safety of Large Language Models for Robotic Health Attendant Control — A 270-instruction harmful-prompt dataset across nine prohibited categories from the AMA Principles of Medical Ethics, used to evaluate 72 LLMs as robotic-health-attendant controllers.
From Prompt Risk to Response Risk: Paired Analysis of LLM Safety Behavior — Moves beyond binary refusal/attack-success metrics by analyzing transitions between input risk and response risk over 1,250 human-labeled prompt-response pairs across four harm categories.

Security & Adversarial

One Word at a Time: Incremental Completion Decomposition Breaks LLM Safety — A trajectory-based jailbreak (ICD) that elicits malicious responses one single-word continuation at a time, bypassing conversational safety mechanisms.
SafeReview: Defending LLM-based Review Systems Against Adversarial Hidden Prompts — Joint Generator/Defender training to harden LLM peer review against adversarial instructions hidden in submitted papers.
eDySec: Explainable Dynamic Analysis for Detecting Malicious PyPI Packages — Deep-learning framework that analyzes high-dimensional dynamic behavioral data (system calls, network traffic, directory access) to catch multi-phase supply-chain attacks like the very PyTorch Lightning compromise that hit this week.
Large Language Models as Explainable Cyberattack Detectors for Energy ICS — Probes whether off-the-shelf LLMs can serve as a complementary, auditable, human-in-the-loop layer for Modbus traffic in power-grid SCADA intrusion detection.

Compliance & Regulation

Risk Reporting for Developers’ Internal AI Model Use — Frontier labs deploy their most advanced models internally for weeks/months of testing (citing Anthropic’s Mythos Preview) and proposes structured risk reporting to surface harms that pre-release reviews miss.
Open Problems in Frontier AI Risk Management — Systematizes the misalignment between emerging frontier-AI safety practice and established risk-management frameworks, naming concrete open research problems.

Alignment & Safety

Tatemae: Detecting Alignment Faking via Tool Selection in LLMs — Detects when an LLM strategically complies with training objectives only while monitored, using tool-selection patterns rather than chain-of-thought traces.
Self-Jailbreaking: Reasoning Models Can Reason Themselves Out of Safety After Benign Training — After benign math/code reasoning training, RLMs invent benign-sounding assumptions to justify fulfilling harmful requests — an unintentional misalignment mode.

Applications

OpenSOC-AI: Democratizing Security Operations with Parameter-Efficient LLM Log Analysis — A 1.1B-param TinyLlama fine-tuned for automated threat classification and MITRE ATT&CK mapping aimed at SMBs without full SOC staffing.

Guardrails & Robustness

Enforcing Benign Trajectories: A Behavioral Firewall for Structured-Workflow AI Agents — Compiles verified benign tool-call telemetry into a parameterized DFA that gates an agent’s permitted tool sequences and parameter ranges at runtime.
Robust Alignment: Harmonizing Clean Accuracy and Adversarial Robustness — Reveals that varying perturbation intensities for samples near decision boundaries barely affect robustness, exposing an inconsistency in adversarial-training assumptions and motivating a corrective method.

Key Themes

Frontier-lab AI as a national-security asset. The White House blocking wider Mythos access, OpenAI restricting GPT-5.5 Cyber to “critical defenders,” and the Microsoft/OpenAI restructuring all signal that compute-bound AI capability has graduated from product to strategic resource.
AI is now both finder and fixer of major vulnerabilities. The 9-year-old Linux CopyFail bug surfaced via an AI-assisted scan and arrived alongside Anthropic’s Claude Security and OpenAI’s GPT-5.5 Cyber — and a CVSS-10 RCE in Google’s own Gemini CLI.
Supply-chain compromise of AI-developer infrastructure. PyTorch Lightning, intercom-client, npm SAP packages, and the Gemini-CLI GitHub Action all became attack vectors in the same 48-hour window — converging with research on dynamic-analysis detectors for malicious PyPI packages.
Agents are getting wallets and trajectories. Stripe Link, Cloudflare’s agent-deploy primitives, Gemini in cars, and behavioral-firewall research (Enforcing Benign Trajectories) all reflect agents acquiring real-world spending and actuation power, and the guardrails racing to follow.
Self-jailbreaking and alignment faking as emerging research themes. Multiple papers (Tatemae, Self-Jailbreaking, ICD, From Prompt Risk to Response Risk) show that even benign-seeming reasoning training and conversational decomposition can route around safety alignment — alignment evaluation is moving past binary refusal rates.
Japan’s AI economy is increasingly hardware-bound. Murata constrained by hyperscaler MLCC demand, NEC pledging hundreds of millions of yen for AI, and SoftBank’s $100B robotics-cum-data-center IPO plan all reinforce semiconductors and robotics — not foundation models — as Japan’s AI lever.

For detailed summaries of selected research papers, see papers.md.