OpenAI's Frontier platform launched February 5, 2026, helps enterprises build, deploy and manage AI agents with shared context, onboarding, hands-on learning, and clear permissions. The platform connects siloed data warehouses, CRM systems, and internal applications while providing explicit permissions and guardrails.

Source: PYMNTS.com

Qatar's Ministry of Commerce and Industry launched an "AI Agent Factory" platform on February 7, 2026, in collaboration with Microsoft. The integrated digital platform is designed to develop, manage, and deploy intelligent solutions based on AI agents to enhance government service efficiency and modernize work processes.

Source: Qatar News Agency

Security researchers discovered three vulnerabilities in Anthropic's Git MCP server that enable file access and remote code execution through prompt injection, published February 6, 2026. The flaws affect mcp-server-git and demonstrate how AI systems connecting to external data sources can be exploited, with CoSAI releasing a security white paper detailing over 40 MCP threats.

Source: Adversa AI

Published February 5, 2026, this digest highlights the "BodySnatcher" vulnerability in ServiceNow and persistent "ZombieAgent" exploits as primary attack vectors. AgentAudit, a new GitHub Action for automated security testing, was released to scan agent endpoints for prompt injection and data exfiltration vulnerabilities within CI/CD pipelines.

Source: Adversa AI

A critical vulnerability CVE-2026-21858 with severity rating 10.0 was discovered in n8n AI workflow platform, published January 7, 2026. The flaw allows unauthenticated attackers to completely take over local n8n deployments and extract sensitive corporate data. N8n patched the issue in version 1.121.0 along with other critical RCE vulnerabilities CVE-2025-68613, CVE-2025-68668, and CVE-2026-21877.

Source: CSO Online

Ginkgo Bioworks partnered with OpenAI to demonstrate GPT-5's capabilities in autonomous laboratory research, achieving a 40% reduction in cell-free protein synthesis costs. The system executed over 580 plates and 36,000 experimental conditions across six iterative cycles over two months.

Source: PR Newswire

OpenAI released GPT-5.3 Codex on February 5, 2026, just minutes after Anthropic's competing release. The new model is 25% faster than GPT-5.2 and was notably the first OpenAI model instrumental in creating itself through self-debugging during development.

Source: TechCrunch

GPT-5.3-Codex was released on February 5, 2026, focusing on agent-style development workflows with tool usage and computer operation capabilities. The model runs 25% faster and achieves state-of-the-art performance on SWE-Bench Pro and Terminal-Bench 2.0 benchmarks.

Source: Laravel News

Fortune reports on OpenAI's cautious rollout of GPT-5.3-Codex due to cybersecurity concerns, as the model represents their first to hit 'high' cybersecurity risk classification. The company is delaying full API access and implementing trusted access programs for vetted security professionals.

Source: Fortune

The New Stack reports that GPT-5.3-Codex is unique as OpenAI's first model that helped debug its own training process and manage its deployment. The model is designated as 'high-capability' for cybersecurity tasks and focuses on both coding and broader professional computer tasks.

Source: The New Stack

A critical vulnerability CVE-2026-25049 (CVSS 9.4) in the n8n workflow automation platform allows authenticated users to execute arbitrary system commands. The flaw bypasses safeguards from a previous critical defect CVE-2025-68613 and affects workflow expression evaluation, potentially allowing attackers to compromise servers and steal sensitive data.

Source: The Hacker News

CVE-2026-24423, affecting SmarterTools' SmarterMail email server, is being exploited in ransomware attacks. CISA added this vulnerability to its Known Exploited Vulnerabilities catalog on February 6, 2026, ordering federal agencies to address it by February 26, 2026.

Source: Help Net Security

CISA added CVE-2025-40551 (CVSS 9.8), a deserialization vulnerability in SolarWinds Web Help Desk, to its Known Exploited Vulnerabilities catalog on February 4, 2026. The flaw allows remote code execution without authentication and is being actively exploited in attacks.

Source: The Hacker News

Russian threat actor APT28 exploited CVE-2026-21509, a Microsoft Office security feature bypass, in Operation Neusploit targeting diplomatic and transport sectors. The campaign started January 29, 2026, targeting Ukraine, Slovakia and Romania after Microsoft disclosed the flaw.

Source: Technology News - bez-kabli.pl

The February 2026 Insiders build (v1.110) was released on February 6, 2026, with terminal performance improvements through xterm.js updates. Key features include Claude Agent terminal output viewing, support for queuing prompts in chat conversations while previous tasks are running, and improved accessibility for screen readers.

Source: Visual Studio Code Official

Koi Security discovered that AI-powered IDE forks of VS Code recommend missing extensions with unclaimed namespaces in Open VSX, allowing attackers to register these namespaces and upload malicious extensions. When developers see 'Recommended: PostgreSQL extension' messages and install them, they unknowingly deploy rogue extensions that can steal sensitive data, credentials, secrets, and source code.

Source: The Hacker News

The January 2026 update (version 1.109) rolled out to Windows, Mac, and Linux with improvements to AI chats and inline code suggestions, including real-time reasoning process visibility for Anthropic Claude models. Microsoft removed the winpty terminal backend, so terminal sessions no longer work on Windows 10 versions before 1809 (Fall 2018 update).

Source: How-To Geek

Microsoft officially deprecated the IntelliCode AI-assisted code completion extensions for Visual Studio Code and recommends C# developers use GitHub Copilot Chat instead. The deprecated extensions include IntelliCode, IntelliCode Completions, IntelliCode for C# Dev Kit, and IntelliCode API Usage Examples, with Microsoft recommending users uninstall and switch to GitHub Copilot Chat.

Source: InfoWorld

Amazon Bedrock enhanced support for AI agent workflows with server-side tools and extended 1-hour prompt caching, improving performance and reducing costs. Amazon SageMaker Unified Studio added AWS PrivateLink support for enhanced VPC connectivity security. Amazon S3 introduced UpdateObjectEncryption API to change encryption types without data movement.

Source: AWS News Blog

AWS updated its Customer Agreement on February 1, 2026, addressing contracting changes for Mexico-based customers using credit card payment methods. Customers in Mexico now contract with Amazon Web Services Mexico, S. de R.L. de C.V., a subsidiary of Amazon.com, Inc.

Source: AWS Agreement Changes

Amazon announced a $200 billion capital expenditure investment for fiscal year 2026, primarily focused on AWS infrastructure expansion. AWS saw 24% year-over-year growth to $35.6 billion in Q4 2025, with funds earmarked for AI chips, robotics, and low Earth orbit satellites to meet increasing demand.

Source: CIO Dive

Amazon EC2 G7e instances became generally available with NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs, delivering up to 2.3x better inference performance. Amazon Corretto received quarterly security updates for multiple LTS versions, and Amazon ECR now supports cross-repository layer sharing to reduce storage costs.

Source: AWS News Blog

Two additional vulnerabilities identified in React Server Components: high-severity Denial of Service (CVE-2025-55184) and medium-severity Source Code Exposure (CVE-2025-55183). The initial fix for CVE-2025-55184 was incomplete, requiring a complete fix under CVE-2025-67779. All Next.js 13.x, 14.x, 15.x and 16.x users should upgrade immediately.

Source: Next.js Official Blog

Critical vulnerability (CVSS 10.0) identified in React Server Components protocol allowing remote code execution. Affects Next.js applications using App Router with React Server Components. No workaround available - upgrading to patched version required with secret rotation recommended.

Source: Next.js Official Blog

CVE-2025-55184 is a denial-of-service vulnerability in React Server Components closely related to React2Shell. Specially crafted requests can trigger infinite loops making servers unresponsive. An incomplete initial patch led to follow-up vulnerability CVE-2025-67779, requiring teams to upgrade again.

Source: Aikido Security

Critical vulnerability CVE-2025-55182 (CVSS 10.0) disclosed affecting React Server Components. Additional high-severity DoS vulnerability CVE-2026-23864 (CVSS 7.5) reported on January 26, 2026. All users should upgrade to latest patched versions immediately with specific version requirements for Next.js 14.2.35 and newer.

Source: React Official Blog