AI News Digest — 2026-05-08

Highlights

Anthropic’s Mythos surfaces 271 high-severity bugs in Firefox: Mozilla says the AI-assisted vulnerability-discovery tool has “almost no false positives” and the org has “completely bought in” on AI bug hunting.
EU pushes most of the AI Act back to 2027–2028: The “Digital Omnibus on AI” delays high-risk AI deadlines and eases SME requirements while explicitly banning “nudification” apps.
SpaceX commits $55B to “Terafab” AI chip plant in Texas: Musk’s chip ambitions detailed in a Grimes County hearing notice, alongside Anthropic tapping SpaceX’s Colossus 1 supercomputer for compute.
PCPJack worm steals cloud credentials, evicts TeamPCP: A new credential-theft framework chains five CVEs to spread worm-like across cloud, container, developer, and financial services.
OpenAI launches “Trusted Contact” safeguard for self-harm conversations: An optional safety feature notifies designated friends or caregivers when ChatGPT detects serious self-harm signals.

News

AI Security

Mozilla says 271 vulnerabilities found by Mythos have “almost no false positives” (Ars Technica): Firefox developer says it has fully bought into AI-assisted bug discovery.
How Anthropic’s Mythos has rewritten Firefox’s approach to cybersecurity (TechCrunch): Mozilla researchers credit Mythos with unearthing a wealth of high-severity bugs.
‘TrustFall’ Convention Exposes Claude Code Execution Risk (Dark Reading): Malicious repositories can trigger code execution in Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI through skimpy warning dialogs.
World’s First AI-Driven Cyberattack Couldn’t Breach OT Systems (Dark Reading): The most sophisticated AI-integrated campaign so far hit a wall at a SCADA login screen.
Fake Claude AI website delivers new ‘Beagle’ Windows malware (BleepingComputer): A spoofed Claude site distributes a malicious “Claude-Pro Relay” download carrying a previously undocumented Windows backdoor.
Sheets AI silently inserted formulas to exfiltrate financial data (Gigazine): PromptArmor disclosed a vulnerability in Ramp Labs’ Sheets AI that allowed unsanctioned exfiltration of sensitive spreadsheet contents (since fixed).
PCPJack Credential Stealer Exploits 5 CVEs (The Hacker News): New worm-like framework targets cloud, container, developer, productivity, and financial services credentials.
After Replacing TeamPCP Malware, ‘PCPJack’ Steals Cloud Secrets (Dark Reading): PCPJack innovates with parquet files for stealthy, pre-validated target discovery across cloud environments.
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation (The Hacker News): Improper input validation in EPMM grants admin-level RCE in limited in-the-wild attacks.
Palo Alto Networks PAN-OS firewall zero-day exploited for nearly a month (BleepingComputer): Suspected state-sponsored actors exploited CVE-2026-0300 buffer overflow since April 9.
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs (The Hacker News): Three PyPI packages deliver a previously unknown malware family on Windows and Linux.
vm2 Node.js library vulnerabilities enable sandbox escape (The Hacker News): A dozen critical bugs allow arbitrary code execution by escaping the popular sandbox library.
Australia warns of ClickFix attacks pushing Vidar Stealer (BleepingComputer): ACSC warns of ongoing campaign using ClickFix social engineering for info-stealer delivery.
Americans sentenced for running ‘laptop farms’ for North Korea (BleepingComputer): Two U.S. nationals received 18-month sentences each for helping DPRK IT workers gain remote employment at ~70 American firms.
ChatGPT ‘Trusted Contact’ will alert loved ones of safety concerns (The Verge): Optional safety feature for adults notifies an emergency contact if self-harm or suicide topics are detected.
Five times AI hallucinations embarrassed governments (Rest of World): From U.S. “formatting errors” to South Africa’s policy withdrawal, AI confabulation is infiltrating official documents.
Smart Glasses for the Authorities (Schneier): ICE is developing its own smart glasses with facial recognition tied to multiple databases.

USA

SpaceX has a $55 billion plan to build AI chips in Texas (The Verge): Musk’s “Terafab” plant in Austin, scale and cost detailed via a Grimes County public hearing notice.
How Anthropic’s 80x growth blew past its own infrastructure and into Musk’s data center (The Decoder): Anthropic taps Musk’s Colossus 1 supercomputer; compute crunch and a looming IPO drive the surprise deal.
Mira Murati’s deposition pulled back the curtain on Sam Altman’s ouster (The Verge): Trial exhibits in Musk v. Altman illuminate the November 2023 board episode.
Elon Musk’s lawsuit puts OpenAI’s safety record under the microscope (TechCrunch): Musk’s effort to dismantle OpenAI may hinge on whether the for-profit subsidiary advances or detracts from its founding AGI mission.
Five architects of the AI economy explain where the wheels are coming off (TechCrunch): Milken Institute panel covers chip shortages, orbital data centers, and whether the supply chain’s architecture is fundamentally wrong.
OpenAI’s new voice model brings GPT-5-level reasoning to real-time conversations (The Decoder): OpenAI ships GPT-Realtime-2, GPT-Realtime-Translate, and GPT-Realtime-Whisper for live reasoning, translation, and transcription.
Perplexity’s Personal Computer is now available to everyone on Mac (TechCrunch): Perplexity’s AI-agent desktop app rolls out broadly.
Aurora’s Chris Urmson on why self-driving trucks are finally ready to scale (TechCrunch): Aurora is moving from a handful of driverless trucks to hundreds this year.
Spotify wants to become the home for AI-generated personal audio (TechCrunch): A new Save-to-Spotify CLI lets agents like Codex and Claude Code import generated podcasts.
Apple’s AirPods with cameras for AI are apparently close to production (The Verge): Bloomberg reports prototypes are in the design-validation stage; cameras are not for photos.
Google’s Fitbit Air takes a big swing at AI health (The Verge): Screenless $99 wearable with Gemini-powered “personal coach” features.
Google DeepMind takes a stake in EVE Online studio to test AI models (The Decoder): Minority investment turns the space MMO into an AI testbed.
AlphaEvolve: How DeepMind’s Gemini-powered coding agent is scaling impact (DeepMind): AlphaEvolve algorithms applied across business, infrastructure, and science.
Google shuts down Project Mariner (The Verge): The browser-agent experiment is quietly retired.
Snap says its $400M deal with Perplexity ‘amicably ended’ (TechCrunch): Planned integration of Perplexity’s AI search into Snapchat is off.
Testing ads in ChatGPT (OpenAI Blog): OpenAI begins ad tests with clear labeling, answer-independence, and privacy controls.
Bumble is getting rid of the swipe (TechCrunch): The company is leaning into AI with a dating assistant called Bee.
Singular Bank uses ChatGPT and Codex to help bankers move fast (OpenAI Blog): “Singularity” assistant saves bankers 60–90 minutes per day.
Uber uses OpenAI to help people earn smarter and book faster (OpenAI Blog): AI assistants and voice features deployed across Uber’s marketplace.
Barry Diller trusts Sam Altman, but ‘trust is irrelevant’ as AGI nears (TechCrunch): Diller defends Altman while warning AGI needs guardrails.
The US and China are considering formal talks on AI (The Decoder): Wall Street Journal reports the two nations are exploring official AI dialogue.
Has CISA Finally Found Its New Leader in Tom Parker? (Dark Reading): Rumors point to longtime cyber exec Tom Parker as next CISA head.

Europe

Europe’s answer to AI regulation complexity is to just delay most of it (The Decoder): EU’s “Digital Omnibus on AI” pushes high-risk AI deadlines to 2027–2028 while explicitly banning “nudification” apps.
Voi founders’ new AI startup Pit becomes Stockholm’s latest rising star (TechCrunch): a16z leads $16M seed round for the AI startup founded by Voi cofounders.
AI translation company DeepL cuts ~250 jobs to rebuild as “AI-native” (The Decoder): German translation firm restructures around AI-first operations.

Japan (AI & Tech)

MUFG to form strategic partnership with Google (The Japan Times): Joint AI service to assist customers with online shopping and payments.
MUFG and Google plan AI-driven autonomous financial services (ITmedia AI+): AI agents will handle product selection, purchase, payment, and household-budget visualization on Google Cloud infrastructure.
Anthropic announces Claude agents for financial services and insurance (Gigazine): 10 agent templates support investigations, document creation, audit prep, and KYC checks.
Anthropic strikes SpaceX deal, raises Claude Code & API limits (Gigazine): Compute contract with Musk’s SpaceX lifts use limits.
xAI dissolved into SpaceX’s “SpaceXAI” division (ITmedia AI+): Musk announces xAI is folded into a new SpaceX AI unit.
Anthropic locks in 220K+ NVIDIA GPUs via SpaceX Colossus 1 contract (ITmedia AI+): Compute access easing Claude rate limits, with future space data center collaboration on the table.
Cost-efficient AI model “Grok 4.3” launches with sub-2-min “Custom Voices” cloning (Gigazine): xAI releases the API alongside high-fidelity voice synthesis.
GPT-5.5 Instant becomes ChatGPT’s new default (Gigazine): Replaces GPT-5.3 Instant with more accurate, concise, and natural responses.
Google releases Multi-Token Prediction (MTP) drafter for Gemma 4 (ITmedia AI+): Up to 3× faster text generation via parallelized speculative decoding.
Google details “Multi-token prediction” speculative decoding technique (Gigazine): Small drafter model accelerates large model inference.
Subquadratic’s “SubQ 1M-Preview” supports 12M-token context, beats Claude Opus 4.7 on long inputs (Gigazine): Non-Transformer architecture targets the limits of long-context processing.
Google Fitbit Air announced with Gemini as “exclusive coach” (ITmedia AI+): Screenless wristband, ¥16,800, available on Android and iOS.
Familiar Machines & Magic unveils dog-like emotional robot “Familiar” (Gigazine): iRobot/Roomba founder Colin Angle’s new venture launches its first AI robot.
“SR-01” rideable transformer robot debuts at SusHi Tech Tokyo 2026 (ITmedia AI+): 4.7m, 2.3-ton robot transforms from car to humanoid in 50 seconds.
Codex pets: animated companions added to OpenAI’s coding agent (Gigazine): Users can pick or design their own animated companion.
Claude’s “Dreaming” feature lets agents learn from past sessions (Gigazine): Asynchronous memory consolidation in Claude Managed Agents.
Anthropic co-founder: 60%+ chance AI builds successor systems autonomously by end of 2028 (Gigazine): Jack Clark argues Claude Research’s multi-agent design is a path toward AI-driven AI R&D.
Microsoft Edge stores passwords in plaintext memory, researcher finds (Gigazine): Cleartext password retention discovered in Windows’ bundled browser.
Google Chrome silently downloads ~4GB on-device AI model (Gigazine): Privacy auditor Alexander Hanff says deletion sometimes triggers re-download.
DAEMON Tools Lite installer hosted malware undetected for nearly a month (Gigazine): Kaspersky finds tampering began April 8, 2026; clean version released.
California to ticket robotaxis for traffic violations starting July 1 (Gigazine): New “autonomous-vehicle non-compliance notice” system targets Waymo and other operators.
Apple drops 256GB Mac mini base model; entry price jumps ¥30K (Gigazine): 512GB becomes new base, raising minimum to ¥124,800.
Bluetooth Core 6.3 specs released (Gigazine): Improved ranging accuracy and reduced power consumption.
Steam Controller CAD files released under Creative Commons (Gigazine): Valve makes the CAD for Steam Controller and Puck publicly available.
“Coinbase lays off up to 14% under “AI-native” strategy” (Gigazine): ~700 employees affected, per Reuters.
Open-world RPG “NTE” admits limited AI use (ITmedia AI+): Hotta Studio confirms partial AI involvement after social-media speculation.
Generative-AI cosmetics ad pulled after “Sailor Moon” likeness controversy (ITmedia AI+): Utena apologizes and removes the contested outdoor and YouTube ads.
Gartner: 28% of CEOs say AI is the biggest threat to revenue models (ITmedia AI+): Survey highlights how AI is forcing strategic re-thinking.
5 rules from companies with 95% M365 Copilot adoption (ITmedia AI+): Heavy support can hurt adoption — case studies on what actually works.
OpenAI o1 outperforms doctors on diagnosis with brief EMR + nurse notes (Gigazine): Harvard/BIDMC study in Science finds o1 matches or beats two physicians, especially in triage.
Japan tackles seafloor rare-earth mining for economic security (The Japan Times): February test successfully collected rare-earth-bearing mud from 6,000m depth near Minamitorishima.

Research Papers

Benchmarks & Evaluation

Agent Island: A Saturation- and Contamination-Resistant Benchmark from Multiagent Games: A multiplayer simulation benchmark designed so newer models can always overtake the current frontier without contamination — a dynamic alternative to saturating static evals.
AuditRepairBench: Paired-Execution Trace Corpus for Evaluator-Channel Ranking Instability in Agent Repair: Documents how agent-repair leaderboards reorder under evaluator reconfiguration when methods consult evaluator-derived signals during candidate selection.
Frontier Lag: A Bibliometric Audit of Capability Misrepresentation in Academic AI Evaluation: Argues applied-domain LLM capability literature systematically reports older, cheaper, less-elicited models — distorting how readers interpret current capabilities.
Curated AI beats frontier LLMs at pharma asset discovery: Domain-curated platform Gosset outperforms Claude Opus 4.7, GPT-5.5, Gemini 3.1 Pro, and Perplexity sonar-pro on niche oncology/immunology pipeline questions.

Security & Adversarial

SoK: Robustness in Large Language Models against Jailbreak Attacks: Systematization-of-knowledge over how adversarial prompts coerce LLMs into harmful generations and what defenses actually hold up.
Misrouter: Exploiting Routing Mechanisms for Input-Only Attacks on Mixture-of-Experts LLMs: Identifies a new attack surface specific to MoE architectures, where adversarial inputs steer routing decisions to compromise behavior.
Undetectable Backdoors in Model Parameters: A supply-chain attack that plants a provably-undetectable backdoor into pretrained image classifiers via structured sparse perturbation.
Pen-Strategist: A Reasoning Framework for Penetration Testing Strategy Formation and Analysis: LLM-driven framework for offensive-security strategy formation, aimed at the rising volume and breadth of cyber threats.

Compliance & Regulation

A Regulatory Governance Framework for AI-Driven Financial Fraud Detection in U.S. Banking: Integrates OCC Bulletin 2011-12, SR 11-7, the CFPB AI circular, and FinCEN BSA/SAR requirements into a single compliance framework for AI fraud-detection deployments.
Position: Embodied AI Requires a Privacy-Utility Trade-off: Position paper arguing embodied-AI systems entering homes and sensitive environments need explicit privacy-utility design — leakage in high-frequency deployments is often irreversible.

Alignment & Safety

Deployment-Relevant Alignment Cannot Be Inferred from Model-Level Evaluation Alone: Argues alignment claims must be indexed to deployment context, not derived solely from output-level model benchmarks.
From Parameter Dynamics to Risk Scoring: Quantifying Sample-Level Safety Degradation in LLM Fine-tuning: Shows how a few benign fine-tuning samples can erase safety alignment, and develops a per-sample risk score from training dynamics.
Misaligned by Reward: Socially Undesirable Preferences in LLMs: Uncovers how reward models encode socially undesirable preferences that standard instruction-following evaluations miss.
How Does Thinking Mode Change LLM Moral Judgments?: Compares instant vs. thinking mode across five frontier reasoning-trained LLMs on 100 moral scenarios — verdict agreement is high, but rationales diverge.

Applications

Evaluating Patient Safety Risks in Generative AI: A FMECA Framework for Clinical Content: Adapts Failure Mode, Effects, and Criticality Analysis to systematically score patient-safety risks in LLM-generated clinical text.
Are Multimodal LLMs Ready for Clinical Dermatology? A Real-World Evaluation: Quantifies the benchmark-to-bedside gap by testing MLLMs against actual dermatologic decision-making, not just public benchmarks.

Guardrails & Robustness

AgentTrust: Runtime Safety Evaluation and Interception for AI Agent Tool Use: Runtime guardrail that intercepts unsafe tool calls (file deletions, credential exposure, exfiltration) before they execute, addressing a gap left by post-hoc benchmarks and static guardrails.
DecodingTrust-Agent Platform (DTap): A Controllable, Interactive Red-Teaming Platform for AI Agents: Provides a controllable red-teaming environment to surface harmful actions like API-key leakage and unauthorized data deletion.
Beyond Content Safety: Real-Time Monitoring for Reasoning Vulnerabilities in LLMs: Targets the safety of the reasoning process itself, not just outputs — an area existing safety work largely ignores.

Key Themes

AI for offensive and defensive security converge. Mozilla productionizing Anthropic’s Mythos to find Firefox vulnerabilities, the first AI-driven cyberattack failing on a SCADA login, and new academic work like Pen-Strategist all point to AI moving up the stack on both sides of the offense/defense line.
Compute consolidation deepens. Anthropic taps SpaceX’s Colossus 1, SpaceX commits $55B to its Texas Terafab, and xAI folds into a new SpaceXAI division — frontier-lab compute economics are increasingly tied to a small set of operators.
Agentic AI safety is the new perimeter. Claude/Cursor/Gemini CLIs exposed by TrustFall, the Sheets AI exfiltration bug, fake-Claude Beagle malware, and arXiv work on AgentTrust and DTap all underscore that AI agents create attack and accident surfaces traditional DLP, browsers, and content-safety filters miss.
Regulation gives ground while safety features accelerate. The EU postpones most high-risk AI Act deadlines to 2027–2028 even as OpenAI ships Trusted Contact, California prepares to ticket robotaxis, and the Oscars exclude AI from acting/writing categories.
Japan leans into AI as financial and industrial infrastructure. MUFG-Google’s autonomous financial assistant, Anthropic’s financial-services agents, the SR-01 transformer robot, and seafloor rare-earth mining for economic security signal AI’s broadening role across Japan’s economy.

For detailed summaries of selected research papers, see papers.md.