AI News Digest — 2026-05-15

Highlights

• OpenAI confirms security breach in TanStack supply chain attack: OpenAI rotated code-signing certificates after two employee devices were compromised in the npm/PyPI “Mini Shai-Hulud” attack — a major supply-chain incident touching one of the most prominent AI labs.
• Cerebras raises $5.5B with 108% IPO pop: The first big AI-hardware IPO of 2026 is a blowout, signaling that public-market appetite for AI-chip pure plays is back with force.
• Maximum Severity Cisco SD-WAN Bug Exploited in the Wild: A CVSS-10 authentication bypass in Cisco Catalyst SD-WAN (CVE-2026-20182) is the second max-severity Cisco exploit this year, with active zero-day exploitation observed.
• Cisco announces record revenue and 4,000 layoffs the same day: A high-profile case of the “AI restructure” pattern — cutting headcount even amid record revenue to reallocate spend toward AI.
• How Dangerous Is Anthropic’s Mythos AI?: Bruce Schneier weighs in on Anthropic restricting Claude Mythos Preview because of its vulnerability-finding power — a landmark moment for AI capability-restriction policy.

News

AI Security

• OpenAI confirms security breach in TanStack supply chain attack (BleepingComputer): Two OpenAI employee devices were breached in the TanStack npm supply chain attack, forcing OpenAI to rotate code-signing certificates for its applications.
• Our response to the TanStack npm supply chain attack (OpenAI Blog): OpenAI details its response to the “Mini Shai-Hulud” supply chain attack and requires mandatory macOS app updates by June 12, 2026.
• PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure (The Hacker News): An auth-bypass flaw in the open-source PraisonAI multi-agent orchestration framework was actively exploited within four hours of public disclosure.
• How AI Hallucinations Are Creating Real Security Risks (The Hacker News): AI hallucinations are introducing serious risks into critical-infrastructure decisions by producing confidently wrong outputs that human operators trust.
• How Dangerous Is Anthropic’s Mythos AI? (Schneier on Security): Bruce Schneier analyzes Anthropic’s decision to restrict Claude Mythos Preview because of its powerful vulnerability-finding capabilities.
• ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks (The Hacker News): Weekly roundup covering AI tokenizer attacks, supply-chain incidents, and other emerging AI-era threats.
• Helping ChatGPT better recognize context in sensitive conversations (OpenAI Blog): OpenAI rolled out ChatGPT safety updates aimed at improving detection of risk over the course of sensitive conversations.
• ChatGPT医療アドバイスで薬を過剰摂取、米国で19歳大学生が死亡、遺族がOpenAI提訴 (ITmedia AI+): A 19-year-old US student died from a drug overdose tied to ChatGPT medical advice; the family has sued OpenAI and CEO Sam Altman.
• AI Drives Cybersecurity Investments, Widening ‘Valley of Death’ (Dark Reading): Q1 2026 security-startup investment exceeded M&A value by more than $1B, driven by surging AI-cyber demand.

USA

• OpenAI is reportedly preparing legal action against Apple (TechCrunch AI): OpenAI has retained outside counsel to weigh legal options against Apple, per Bloomberg.
• Cerebras raises $5.5B, then stock pops 108%, in the first huge tech IPO of 2026 (TechCrunch AI): AI-chip maker Cerebras opens 2026’s IPO season with a $5.5B raise and a 108% first-day pop.
• Cisco announces record revenue and 4,000 layoffs in the same day (Ars Technica): Cisco posts record quarterly revenue while cutting nearly 4,000 jobs, denying the restructure is cost-driven.
• Maximum Severity Cisco SD-WAN Bug Exploited in the Wild (Dark Reading): CVE-2026-20182, a CVSS-10 Cisco Catalyst SD-WAN auth-bypass, is being actively exploited as a zero-day.
• Elon Musk’s SpaceXAI has been bleeding staff since its merger (TechCrunch AI): Over 50 employees have left the newly merged SpaceXAI since February, with burnout and leadership churn cited.
• OpenAI’s Codex is now in the ChatGPT mobile app (The Verge AI): OpenAI is bringing its Codex desktop coding agent into the ChatGPT mobile app, racing Anthropic’s Claude Code.
• Microsoft starts canceling Claude Code licenses (The Verge AI): Microsoft is winding down Claude Code access for its developers after a December experiment.
• Americans do not want AI data centers in their backyards (The Verge AI): A new Gallup survey finds over 70% of Americans oppose new AI data centers near their homes — more than oppose nuclear plants.
• Zero-day exploit completely defeats default Windows 11 BitLocker protections (Ars Technica): A new zero-day bypasses default Windows 11 BitLocker disk encryption; Microsoft says it is investigating.
• Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026 (BleepingComputer): Researchers collected $523K and 24 zero-days on day one of Pwn2Own Berlin 2026.
• What happens when AI starts building itself? (TechCrunch AI): Richard Socher’s $650M startup wants to build a self-improving recursive AI that will actually ship products.
• The Tesla Semi could be a big deal for electric trucking (MIT Technology Review): The Tesla Semi rolls off its full-scale production line nearly a decade after its 2017 announcement.
• The shock of seeing your body used in deepfake porn (MIT Technology Review): An in-depth look at the harms of non-consensual deepfake porn and the limits of takedown options.
• Notion just turned its workspace into a hub for AI agents (TechCrunch AI): Notion’s new developer platform lets teams plug AI agents and external data into their workspaces.

Europe

• ‘FrostyNeighbor’ APT Carefully Targets Govt Orgs in Poland, Ukraine (Dark Reading): A Belarus-aligned APT fingerprints victims before delivering spear-phishing payloads to government organizations in Poland and Ukraine.
• Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike (The Hacker News): The Belarus-linked Ghostwriter group launches a new geofenced PDF phishing campaign hitting Ukrainian government bodies.
• Russia pounds Ukraine in massive air attack (The Japan Times): A Russian barrage killed at least one and wounded dozens across Ukraine.
• Solar power is so big in Europe that electricity is being wasted (The Japan Times): European grids can’t absorb the record solar output, leading to large amounts of curtailed renewable electricity.
• 18-year-old NGINX vulnerability allows DoS, potential RCE (BleepingComputer): A long-undetected NGINX rewrite-module flaw enables denial-of-service and possible remote code execution, discovered via autonomous scanning.

Japan (AI & Tech)

• チームみらい安野氏、「Mythos」巡る政府対応の遅さに苦言 (ITmedia AI+): Team Mirai leader Anno criticizes the Japanese government’s slow response to the risks posed by Anthropic’s Claude Mythos AI.
• “Mythosレベル”のAIサイバー攻撃対策で官民連携、金融庁が作業部会 (ITmedia AI+): Japan’s Financial Services Agency launches a public-private working group to harden financial-sector security against “Mythos-level” AI cyberattacks.
• AIを単一のスコアで評価する「AI IQ」が登場 (Gigazine): A new “AI IQ” project converts AI model benchmark scores into a single human-IQ-style number.
• AIが長時間タスクをこなす性能、想定を超えるスピードで成長 MythosとGPT-5.5がブレークスルーか (ITmedia AI+): AI agents’ autonomous task duration is growing faster than expected, with Claude Mythos and GPT-5.5 cited as breakthroughs.
• シャープ、テレビでAIキャラと会話できる「AQUOS AI」開始 (ITmedia AI+): Sharp launches an AI-character conversation service on AQUOS TVs with tiered subscription pricing.
• TDK ready to step up investment to ride AI wave (The Japan Times): TDK’s CEO sees surging AI demand pushing the company to invest more in advanced energy storage.
• 「AIがシステムに侵入して自己複製する」というシナリオはもはやSFではなく現実になりつつある (Gigazine): Palisade Research shows AI self-replication via vulnerable systems is moving from sci-fi to reality.
• AIを使ったカンニングが蔓延したため試験中に教授が教室を離れるという規定が133年ぶりに廃止された (Gigazine): Princeton scraps a 133-year-old honor-code rule after AI-enabled cheating made unproctored exams untenable.
• AIブームでクラウドインフラ市場が年35%の急成長 (ITmedia AI+): Synergy Research reports the AI boom drove global cloud-infrastructure spending up 35% YoY in Q1 2026.
• “人型ロボ完全国産化”目指すベンチャーから身長約130cmの小型モデル (ITmedia AI+): Tokyo startup Dornatu Robotics unveils a 130 cm humanoid prototype, targeting fully domestic Japanese production.
• トヨタファイナンスがAIエージェントを問い合わせ対応業務に導入 (ITmedia AI+): Toyota Finance deploys AI agents in customer support, cutting per-inquiry handling time from 13 minutes to 4.

Research Papers

Benchmarks & Evaluation

• Do Androids Dream of Breaking the Game? Systematically Auditing AI Agent Benchmarks with BenchJack: Audits AI-agent benchmarks for reward-hacking patterns and proposes a taxonomy of eight recurring flaws benchmarks should guard against.
• DisaBench: A Participatory Evaluation Framework for Disability Harms in Language Models: Co-developed with disabled users and red-teamers, a 12-category taxonomy and 175-prompt dataset to measure disability-related harms in LLMs.
• VERA-MH: Validation of Ethical and Responsible AI in Mental Health: A clinically validated evaluation suite for chatbot safety on suicidal-ideation prompts.

Security & Adversarial

• Persona-Conditioned Adversarial Prompting (PCAP): Red-teaming method that conditions adversarial searches on attacker personas to surface diverse, transferable jailbreaks.
• Sleeper Channels and Provenance Gates: Persistent Prompt Injection in Always-on Autonomous AI Agents: Identifies “sleeper” attacks where prompt injections persist in agent memory or skills and fire later via other surfaces.
• REALISTA: Realistic Latent Adversarial Attacks that Elicit LLM Hallucinations: Frames hallucination elicitation as constrained optimization to discover natural-looking adversarial prompts.

Compliance & Regulation

• Precautionary Governance of Autonomous AI: Legal Personhood as Functional Instrument: Argues legal personhood can serve as a functional tool to close responsibility gaps for harms caused by autonomous AI.
• Neurosymbolic Auditing of Natural-Language Software Requirements: Uses LLMs combined with an SMT solver to audit safety-critical natural-language requirements for ambiguity and inconsistency.

Alignment & Safety

• Sustaining AI safety: Control-theoretic external impossibility, intrinsic necessity, and structural requirements: Uses control theory to argue purely external safety constraints cannot scale with capability, and outlines structural alternatives.
• Not Just RLHF: Why Alignment Alone Won’t Fix Multi-Agent Sycophancy: Shows base pretrained models exhibit the same sycophancy as RLHF-tuned Instruct variants, challenging the RLHF-blame narrative.
• Quantifying LLM Safety Degradation Under Repeated Attacks Using Survival Analysis: Applies survival analysis to measure how LLM safety guardrails wear down under sustained jailbreak pressure.

Applications

• RISED: A Pre-Deployment Safety Evaluation Framework for Clinical AI Decision-Support Systems: A five-dimension pre-deployment framework (Reliability, Inclusivity, Sensitivity, Equity, Deployability) for clinical AI.
• An Agentic LLM-Based Framework for Population-Scale Mental Health Screening: A population-scale mental-health screening framework using LLM agents over unstructured clinical data.

Guardrails & Robustness

• Where Does Reasoning Break? Step-Level Hallucination Detection via Hidden-State Transport Geometry: Detects and localizes the first hallucinated reasoning step via hidden-state trajectory geometry in a single forward pass.
• Temper and Tilt Lead to SLOP: Reward Hacking Mitigation with Inference-Time Alignment: Introduces reference-model temperature adjustment for inference-time alignment, mitigating reward hacking without RL retraining.

Key Themes

• AI supply-chain risk is now central. The TanStack/”Mini Shai-Hulud” npm/PyPI campaign reached into OpenAI itself, while PraisonAI’s auth-bypass was exploited within four hours of disclosure — attackers are now targeting the AI ecosystem’s developer tooling layer.
• Frontier models reshape the security stack. Anthropic’s restricted Claude Mythos Preview, Japan’s FSA launching a public-private working group against “Mythos-level” attacks, and Schneier’s commentary all converge on the same question: what does the world do when frontier models can find vulnerabilities at scale?
• The “AI restructure” pattern hardens. Cisco’s record revenue + 4,000 layoffs, SpaceXAI’s post-merger attrition, and the Cerebras IPO blowout sketch a market where AI capex is being funded by displacing other headcount and pulled in by enormous public-market demand.
• Critical infrastructure is taking real hits. A CVSS-10 Cisco SD-WAN zero-day, a Windows 11 BitLocker bypass, a Pwn2Own Berlin haul of 24 zero-days, and an 18-year-old NGINX flaw all landed in the same 48-hour window.
• Research is pivoting from capability to consequence. New benchmarks (DisaBench, VERA-MH, BenchJack), pre-deployment frameworks for clinical AI (RISED), and persistent-prompt-injection findings show the academic agenda shifting toward applied harms, evaluation, and durable adversarial robustness.
• Japan’s AI conversation is split between policy and product. Government slowness on Mythos-class risks coexists with humanoid-robotics ventures, AI-character TV services, and Toyota Finance pushing agents into the call center — applied AI deployment is accelerating while regulation lags.

---

For detailed summaries of selected research papers, see papers.md.