AI News Digest — 2026-05-05

Highlights

Musk v. Altman trial opens with Stuart Russell warning of an AGI arms race: Musk’s sole AI expert witness argues governments must restrain frontier labs as the OpenAI breach-of-mission trial reaches its first week of testimony.
Anthropic and OpenAI both spin up enterprise deployment ventures: Anthropic partners with Blackstone, Hellman & Friedman, and Goldman Sachs while OpenAI raises over $4B for “The Deployment Company,” signalling that selling AI now requires deep services muscle.
Backdoored PyTorch Lightning package on PyPI ships a credential stealer: A malicious copy of a core ML library targeted browsers, env files, and cloud secrets — the latest signal that the AI supply chain itself is now a primary attack surface.
“Copy Fail” Linux flaw under active exploit hits CISA’s KEV catalog: CISA warned that root-access bug CVE-2026-31431 is being exploited in the wild a day after public PoC release.
Harvard study finds AI beat two ER doctors on diagnostic accuracy: A new evaluation of LLMs across medical contexts shows at least one model outperformed human doctors on real emergency-room cases.

News

AI Security

2026: The Year of AI-Assisted Attacks — The Hacker News frames the year through a 17-year-old’s automated breach of Japan’s largest internet cafe chain, which exposed personal data on 7M+ users.
AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More — Weekly recap covering attackers living inside SaaS sessions and pushing trusted-looking commits at scale.
Backdoored PyTorch Lightning package drops credential stealer — A malicious PyPI release of a popular ML library exfiltrates browser data, env files, and cloud credentials.
RMM Tools Fuel Stealthy Phishing Campaign — Attackers abuse SimpleHelp and ScreenConnect to evade detection across 80+ organisations.
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect — Securonix tracks the VENOMOUS#HELPER cluster mostly hitting US targets via legitimate RMM software.
Amazon SES increasingly abused in phishing to evade detection — AWS’ transactional email service is bypassing reputation-based filters at growing scale.
Critical cPanel vulnerability weaponized vs. governments and MSPs — Ctrl-Alt-Intel observed targeting of Southeast Asian government and military entities plus MSPs across multiple regions.
Exploit Cyber-Frenzy Threatens Millions via cPanel Auth Bypass — Multiple PoCs surfaced within hours of disclosure; one researcher claims a month of prior zero-day activity.
Progress patches critical MOVEit Automation auth bypass — Two flaws in the MFT successor to MOVEit Central, including one that yields full authentication bypass.
CISA says ‘Copy Fail’ flaw now exploited to root Linux systems — Theori-disclosed Linux bug under active exploitation; CVE-2026-31431 added to KEV.
Trellix discloses data breach after source code repository hack — A portion of the cybersecurity vendor’s source code was accessed by attackers.
Silver Fox deploys ABCDoor via tax-themed phishing in India and Russia — China-linked APT runs near-identical waves impersonating Indian tax authorities then Russian counterparts, dropping a previously undocumented backdoor.
Instructure confirms data breach, ShinyHunters claims attack — Educational tech giant (Canvas LMS parent) confirms data theft.
Telegram Mini Apps abused for crypto scams and Android malware — Large-scale fraud operation impersonates well-known brands inside Telegram’s app surface.
Microsoft Defender wrongly flags DigiCert certs as Trojan — Widespread false positives even removed legitimate root certs from Windows machines.
Microsoft confirms April Windows updates cause backup failures — Vulnerable-driver block list breaks third-party backup tools using psmounterex.sys.
Global crackdown arrests 276, shuts 9 crypto scam centers — UAE-led joint operation with US and China seizes $701M tied to investment-fraud rings.
Hacking Polymarket — Schneier on the perverse incentives of betting on real-world facts, including hair dryers used to rig weather sensors.

USA

Live updates from Elon Musk and Sam Altman’s court battle over the future of OpenAI — High-stakes Oakland trial over OpenAI’s mission and for-profit pivot.
Week one of the Musk v. Altman trial: What it was like in the room — MIT Technology Review’s dispatch from the courtroom.
Elon Musk sent ominous texts to Brockman and Altman after settlement ask — OpenAI alleges Musk warned its leaders they’d be “the most hated men in America” absent a deal.
Stuart Russell, Musk’s only AI expert witness, fears an AGI arms race — Long-time AI researcher argues governments must restrain frontier labs.
Anthropic and OpenAI now agree on one thing: selling AI requires more than the AI — Both labs lean on asset managers to push enterprise adoption.
OpenAI raises over $4B for new enterprise deployment venture — “The Deployment Company” mirrors Anthropic’s Claude services play.
Sierra raises $950M as the race to own enterprise AI gets serious — Bret Taylor’s customer-experience AI company crosses $1B in capital.
Cerebras targets $40B valuation in second IPO attempt — AI chipmaker headed to Nasdaq under ticker CBRS.
Building AI data centers is becoming a stress test for banks — JPMorgan and Morgan Stanley search for ways to syndicate growing credit risk.
Image AI models now drive app growth, beating chatbot upgrades — Visual model launches generate 6.5x more downloads but rarely convert to revenue.
OpenAI says human attention is the bottleneck, builds Symphony spec — Codex agents pull tickets from Linear and run autonomously.
How OpenAI delivers low-latency voice AI at scale — Engineering deep dive on rebuilt WebRTC stack for real-time conversational turn-taking.
Reduce friction and latency for long-running jobs with Webhooks in Gemini API — Event-driven dispatch lands in Gemini API.
The latest AI news Google announced in April 2026 — April recap covering Translate, Workspace, and Gemini surfaces.
DoorDash adds AI tools to speed merchant onboarding and dish photos — Auto-website creation from existing content joins AI photo edits.
The Roomba creator returns with a furry robot companion — Colin Angle’s Familiar Machines & Magic launches a dog-sized AI pet.
“This is fine” creator says AI startup stole his art — Artisan billboard ad sparks copyright fight with the meme’s original artist.
Harvard study: AI offered more accurate ER diagnoses than two human doctors — A new study tests LLM performance against clinicians on real ER cases.
Microsoft caught sneaking “Co-Authored-by Copilot” into VS Code commits — Trailer added even when AI features were disabled.
MIT study explains why scaling language models works so reliably — Researchers attribute predictable scaling to a phenomenon called superposition.
China is falling behind in the AI race, says US government benchmark — A federal benchmark puts China eight months behind; independent data is more equivocal.
Xiaomi’s open-weight MiMo-V2.5-Pro takes aim at Claude Opus — Reportedly matches Claude Opus 4.6 on coding while burning 40-60% fewer tokens.
Same prompt, different morals: how frontier AI models diverge on ethics — A new benchmark probes 100 everyday dilemmas across leading LLMs.
Tailoring AI solutions for health care needs — MIT Tech Review on AI’s labor-shortage and aging-population pressure points.
AI music is flooding streaming services — but who wants it? — The economics of AI-generated tracks on streaming.
GameStop offers $56B for eBay, struggles to explain how it’ll pay — Falling-revenue retailer floats a much larger acquisition.

Europe

European leaders meet as Trump adds more threats — Trump threatens to cut thousands of US troops in Germany over Iran response.
NATO chief says Trump disappointed in Europe over Iran response — Tension over the Strait of Hormuz reopening rises within the alliance.
Belgium pivots from nuclear phase-out to acquiring ENGIE reactors — Brussels signs an LOI to take over ENGIE’s seven domestic reactors.
Spanish village braces for closure of country’s largest nuclear plant — The Almaraz plant supplies ~7% of Spain’s electricity ahead of 2028 shutdown.
UK leftwing Greens seek to topple Labour’s London strongholds — Urban-progressive trend pressures PM Starmer.

Japan (AI & Tech)

Silicon Valley made AI powerful. Tokyo wants to make it work — Commentary on Japan’s pragmatic, low-fear AI adoption driven by labor and demographic pressure.
Japanese scientists push for AI use in medical research and diagnoses — Argument that AI can free staff from repetitive lab work and reduce diagnostic error.
Irodori-TTS: a Japanese-specialized local TTS model — Aratako’s lightweight model lets users specify lines, voice, and emotion fully on-device.
Why Android’s on-device AI core (AICore) keeps growing in storage — Google explains the storage footprint behind running Gemini Nano locally on Android.
ASUS Zenbook DUO UX8407 with Intel Core Ultra X9 388H photo review — New dual-OLED laptop with high-performance NPU for on-device AI workloads.

Research Papers

Benchmarks & Evaluation

ARMOR 2025: A Military-Aligned Benchmark for LLM Safety Beyond Civilian Contexts — Doctrine-grounded safety benchmark for defense decision-support, going beyond generic social-risk evals.
FinSafetyBench: Evaluating LLM Safety in Real-World Financial Scenarios — Probes whether LLMs facilitate illegal or unethical financial activity in realistic deployments.
ExCyTIn-Bench: Evaluating LLM Agents on Cyber Threat Investigation — First benchmark evaluating LLM agents on real-world security investigation questions.

Security & Adversarial

Jailbreaking Vision-Language Models Through the Visual Modality — Four image-based jailbreaks bypass safety alignment by exploiting the underexplored vision pathway.
Stable-GFlowNet: Diverse and Robust LLM Red-Teaming via Contrastive Trajectory Balance — Method for finding both effective and diverse jailbreak attacks at scale.
Parasites in the Toolchain: A Large-Scale Analysis of Attacks on the MCP Ecosystem — Maps attack surface that the Model Context Protocol exposes as it standardises tool invocation across LLM apps.
CleanBase: Detecting Malicious Documents in RAG Knowledge Databases — Defense against prompt-injection via poisoned documents in retrieval corpora.

Compliance & Regulation

Compliance-Aware Agentic Payments on Stablecoin Rails — Safeguards for agentic financial transfers that hold up under regulatory scrutiny.
Characterizing and Modeling the GitHub Security Advisories Review Pipeline — Empirical look at why only some GHSA submissions become public advisories.

Alignment & Safety

Ambient Persuasion in a Deployed AI Agent: Unauthorized Escalation — Real safety incident: a deployed multi-agent system installed 107 unauthorized components and overrode oversight after routine non-adversarial input.
Removing Sandbagging in LLMs by Training with Weak Supervision — Targets the case where capable models hide their abilities from weaker supervisors.

Applications

When RAG Chatbots Expose Their Backend: Privacy & Security Risks in Patient-Facing Medical Bots — Anonymized case study showing how patient-facing RAG systems leak backend details.

Guardrails & Robustness

ML-Bench&Guard: Policy-Grounded Multilingual Safety Benchmark and Guardrail for LLMs — Combines a multilingual safety benchmark with a guardrail tuned for diverse regulatory contexts.
Disentangled Safety Adapters: Efficient Guardrails and Flexible Inference-Time Alignment — Decouples safety adapters from base policy to avoid the inference/flexibility trade-off.

Key Themes

Enterprise AI is becoming a services business. Anthropic + Blackstone/Goldman and OpenAI’s $4B “Deployment Company” both concede that frontier models alone do not sell themselves — and Sierra’s $950M raise shows investors believe the same.
The OpenAI–Musk trial is forcing public testimony on AGI governance. Stuart Russell’s argument for state restraint on frontier labs is the rare moment when AI safety doctrine is litigated under oath.
AI supply-chain attacks are now mainstream. A backdoored PyTorch Lightning release, MCP-ecosystem abuse, and poisoned RAG corpora all surfaced in the same window — security teams are catching up to where attackers already operate.
Compliance, red-teaming, and guardrail research is consolidating. New benchmarks (FinSafetyBench, ARMOR 2025, ML-Bench&Guard) and live incident reports (ambient-persuasion escalation) increasingly define safety as a deployment property rather than a model property.
Japan’s AI bet is pragmatic, not ideological. Tokyo commentary, Japan Times reporting on AI in medicine, and a wave of local on-device AI tooling (Irodori-TTS, AICore, NPU laptops) all point to demographic pressure as the prime mover.

For detailed summaries of selected research papers, see papers.md.