OpenAI launched Frontier, a new enterprise platform on February 5, 2026, designed to help companies build, deploy and manage AI agents. The platform provides AI 'coworkers' with shared context, onboarding, hands-on learning, and clear permissions and boundaries.

Source: PYMNTS.com

Kris Marszalek, CEO of Crypto.com, launched ai.com during Super Bowl 60 on February 9, 2026. The platform enables users to create personal AI agents for everyday digital tasks like managing schedules, shopping, and communications.

Source: Digital Watch Observatory

OpenAI launched Frontier, a platform for enterprises to build and deploy AI agents on February 5, 2026. The company also announced notable enterprise deals with ServiceNow and Snowflake as part of its enterprise adoption focus for 2026.

Source: TechCrunch

Security experts identified 'agent hijacking' as a primary attack vector for 2026, with vulnerabilities like 'BodySnatcher' in ServiceNow and 'ZombieAgent' exploits emerging. The transition from passive chatbots to autonomous agents has fundamentally altered the threat landscape.

Source: Adversa AI

Security researchers discovered three vulnerabilities in Anthropic's Git MCP server in February 2026 that enable file access and remote code execution through prompt injection. The flaws affect mcp-server-git and demonstrate how AI systems connecting to external data sources can be exploited.

Source: Adversa AI

OpenAI released GPT-5.3-Codex on February 5, 2026, marking their first model rated 'high' for cybersecurity risk. The model shows superior coding performance over competitors but requires tight access controls and delayed full API access due to potential cybersecurity concerns. OpenAI is implementing a 'Trusted Access for Cyber' framework with $10 million in API credits for defensive cybersecurity work.

Source: Fortune

Released February 5, 2026, GPT-5 achieved a 40% reduction in cell-free protein synthesis costs through autonomous laboratory experiments. The system executed over 36,000 experimental conditions across six iterative cycles, with GPT-5 handling experimental design, execution, and data interpretation with minimal human involvement.

Source: PR Newswire

GPT-5.3-Codex represents a milestone as OpenAI's first model that helped debug its own training and manage its own deployment. The model is designated as 'high-capability' for cybersecurity tasks and focuses on creating agents that can perform all tasks developers would do on a computer, advancing beyond just code writing and review.

Source: The New Stack

CVE-2026-25049 is a critical vulnerability in n8n workflow automation platform with CVSS 9.4 that allows attackers to execute arbitrary system commands by bypassing security safeguards. The flaw affects versions up to 1.123.2 and enables webhook-based exploitation for remote code execution and data theft.

Source: The Hacker News

BeyondTrust patched CVE-2026-1731, a critical remote code execution vulnerability in Remote Support and Privileged Remote Access solutions on February 2, 2026. The flaw affects versions 25.3.1 and prior for RS, and 24.3.4 and prior for PRA, with around 8,500 internet-facing deployments potentially vulnerable.

Source: Help Net Security

Microsoft's February 10, 2026 Patch Tuesday includes 8 critical vulnerabilities including RCE and privilege escalation flaws. One actively exploited zero-day CVE-2026-20805 (Desktop Window Manager information disclosure) has been added to CISA's KEV catalog with federal agencies required to patch by February 3, 2026.

Source: Zecurit

Russian APT28 (UAC-0001) is actively exploiting CVE-2026-21509, a Microsoft Office security feature bypass vulnerability, in targeted attacks since January 29, 2026. The campaign Operation Neusploit targets Ukraine, Slovakia and Romania using weaponized RTF documents to deploy MiniDoor and COVENANT Grunt malware.

Source: The Hacker News

F5 released February 2026 security updates addressing three moderate DoS vulnerabilities with CVSS scores up to 8.2. CVE-2026-1642 affects NGINX Plus, Open Source, and related products, while CVE-2026-22549 impacts BIG-IP Container Ingress Services, potentially causing service overload through crafted requests.

Source: ZeroWL Blog

Released February 4 and also known as the January 2026 release, VS Code 1.109 can be downloaded for Windows, Linux, and macOS at code.visualstudio.com. Microsoft with this release said it was evolving VS Code to become "the home for multi-agent development." New session management capabilities allow developers to run multiple agent sessions in parallel across local, background, and cloud environments, all from a single view. Agent Skills, now generally available and enabled by default, allow developers to package specialized capabilities or domain expertise into reusable workflows.

Source: InfoWorld

VS Code now respects metered network connections. When connected via mobile data or tethering, VS Code postpones automatic updates for itself and extensions. Claude Agent now renders subagent invocations. When the Claude Agent spawns subagents to help complete tasks, you can now see the tool calls and progress from those subagents during streaming.

Source: Visual Studio Code Official Updates

"The problem: these recommended extensions didn't exist on Open VSX," Koi security researcher Oren Yomtov said. "The namespaces were unclaimed. Anyone could register them and upload whatever they wanted." In other words, an attacker could weaponize the absence of these VS Code extensions and the fact that the AI-powered IDEs are VS Code forks to upload a malicious extension to the Open VSX registry, such as ms-ossdata.vscode-postgresql.

Source: The Hacker News

AWS announced Claude Opus 4.6—Anthropic's most intelligent model—is now available in Amazon Bedrock with industry-leading performance for agentic tasks. New Amazon EC2 instances (C8id, M8id, R8id) powered by custom Intel Xeon 6 processors were introduced, along with AWS Network Firewall price reductions and Amazon DynamoDB global tables supporting multi-account replication.

Source: AWS News Blog

Amazon Bedrock enhanced agent workflows with server-side tools allowing web search, code execution, and database updates within AWS security boundaries. Amazon SageMaker Unified Studio added AWS PrivateLink support for private VPC connectivity. Amazon S3 now supports changing object encryption without data movement using the UpdateObjectEncryption API.

Source: AWS News Blog

Amazon announced a $200 billion capital expenditure investment throughout fiscal year 2026, primarily focused on AWS infrastructure. Amazon will invest $200 billion in capital expenditures throughout its fiscal year 2026, with a primary focus on AWS, and AWS segment sales grew 24% year over year to $35.6 billion for the period ending Dec. 31, 2025. The investment targets AI infrastructure, chips, robotics, and low Earth orbit satellites.

Source: CIO Dive

Amazon EC2 G7e instances became generally available with NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs delivering 2.3x better inference performance compared to G6e instances. Amazon Corretto January 2026 Quarterly Updates included security and critical updates for LTS versions, with Corretto 25.0.2, 21.0.10, 17.0.18, 11.0.30, and 8u482 now available.

Source: AWS News Blog

AWS updated the AWS Customer Agreement on February 1, 2026, addressing that customers located in Mexico using credit card payment methods will contract with Amazon Web Services Mexico, S. de R.L. de C.V. Similar updates were made for Taiwan customers using invoicing payment methods with Amazon Web Services Taiwan Limited.

Source: AWS

Netlify announced awareness of CVE-2026-23864, a CVSS 7.5 DoS vulnerability affecting React Server Components in Next.js and other React metaframeworks. The vulnerability can cause memory exhaustion on affected systems.

Source: Netlify

A coordinated Node.js security update was released affecting versions 25.x, 24.x, 22.x, and 20.x. The release addresses multiple vulnerabilities including high-severity issues with memory handling, permission enforcement, and protocol processing that can impact Next.js applications.

Source: NodeSource

Node.js released security patches for multiple CVEs including CVE-2025-55131 (High) for race conditions in buffer allocation, CVE-2025-55130 (High) for filesystem permission bypass, and CVE-2025-59465 (High) for HTTP/2 server crashes. These affect Next.js applications using affected Node.js versions.

Source: Node.js Official

Within hours of CVE-2025-55182 disclosure on December 3, 2025, Amazon observed active exploitation by China state-nexus groups including Earth Lamia and Jackpot Panda. AWS deployed automated protections but emphasizes immediate patching is required for Next.js applications.

Source: AWS Security Blog

Published January 20, 2026, detailing how Turbopack uses incremental computation to scale development and builds for massive Next.js applications. The post explains architectural decisions and performance improvements in the latest Turbopack implementation.

Source: Next.js Official Blog