NIST announced the launch of the AI Agent Standards Initiative on February 17, 2026, aimed at ensuring next-generation AI agents can function securely and interoperate across the digital ecosystem. The initiative will foster industry-led AI standards while maintaining US technological dominance.

Source: NIST

CVE-2026-25253 was disclosed with a CVSS score of 8.8, along with multiple security advisories for the viral OpenClaw AI agent. Researchers found 341 malicious skills out of 2,857 total in the ClawHub marketplace, representing approximately 12% of the entire registry being compromised.

Source: Reco.ai

UC Berkeley's Center for Long-Term Cybersecurity released a 67-page Agentic AI Risk-Management Standards Profile addressing risks from autonomous AI agents. The framework extends NIST AI Risk Management Framework to account for threats like reward hacking and deceptive alignment.

Source: MarketingProfs

SecurityScorecard found over 40,000 exposed OpenClaw instances associated with 28,663 unique IP addresses. 63% of deployments are vulnerable, with 12,812 instances exploitable via remote code execution. Three high-severity CVEs have been discovered with public exploit code available.

Source: Infosecurity Magazine

Databricks made Agent Bricks Custom Agents generally available in February 2026, allowing developers to build, test, and deploy production-quality AI agents as fully managed Databricks Apps on serverless compute.

Source: Solutions Review

OpenAI released GPT-5.3-Codex on February 5, 2026, showing markedly higher performance on coding benchmarks than earlier generations. The company is rolling out the model with unusually tight controls and delaying full developer access due to serious cybersecurity concerns, marking it as their first model to hit 'high' for cybersecurity on their preparedness framework.

Source: Fortune

Users are being pulled into A/B tests for what appears to be GPT-5.3, codenamed "Garlic," with claims it will drop on February 26, 2026. The model reportedly scores 83.7% on SimpleBench, a reasoning test, clearing the human baseline.

Source: Piunikaweb

GPT-5.3-Codex helped debug its own training and is OpenAI's first model designated "high-capability" for cybersecurity tasks. The model, made available to paid users across Codex-powered tools and APIs, advances both coding performance and reasoning capabilities while being 25% faster.

Source: The New Stack

OpenAI rolled out Lockdown Mode for high-security users and introduced Elevated Risk labels across ChatGPT, Atlas, and Codex to flag features with higher risk. These protections curb data exfiltration and boost admin oversight, with plans for consumer rollout in coming months.

Source: OpenAI (via Releasebot)

Microsoft released security updates for 58 vulnerabilities including 6 actively exploited zero-day vulnerabilities and 3 publicly disclosed ones. The six zero-days include CVE-2026-21513 (MSHTML bypass), CVE-2026-21510 (Windows Shell bypass), CVE-2026-21514 (Word bypass), CVE-2026-21519 (Desktop Window Manager privilege escalation), CVE-2026-21533 (Remote Desktop Services escalation), and CVE-2026-21525 (Remote Access Connection Manager DoS).

Source: BleepingComputer

Microsoft patched 54 CVEs with 2 critical, 51 important and 1 moderate severity ratings. Six zero-day vulnerabilities were exploited in the wild and 3 were publicly disclosed prior to patching. The update includes elevation of privilege vulnerabilities accounting for 42.6% of fixes and remote code execution at 20.4%.

Source: Tenable

Microsoft fixed over 50 security holes including 6 zero-day vulnerabilities being actively exploited. Notable fixes include GitHub Copilot remote code execution vulnerabilities (CVE-2026-21516, CVE-2026-21523, CVE-2026-21256) affecting multiple development environments including VS Code, Visual Studio, and JetBrains products through command injection flaws triggered by prompt injection.

Source: Krebs on Security

A critical vulnerability (CVSS 9.4) in n8n workflow automation allows system command execution by bypassing sandbox protections. CVE-2026-25049 acts as a bypass for the previously fixed CVE-2025-68613. The flaw enables attackers to create publicly accessible webhooks that execute system-level commands remotely.

Source: The Hacker News

FIRST published its 2026 Vulnerability Forecast on February 11, predicting approximately 59,427 new CVEs with a 90% confidence interval of 30,012 to 117,673. This would be the first year to exceed 50,000 published CVEs, representing a significant milestone in vulnerability disclosure history with realistic scenarios suggesting 70,000 to 100,000 vulnerabilities are possible.

Source: Infosecurity Magazine

Microsoft announced C++ code understanding improvements on February 19, bringing enhanced GitHub Copilot integration for C++ development. The updates provide rich C++ symbol context to AI agents, allowing them to reason about code at the symbol level and perform intelligent editing operations across codebases.

Source: InfoWorld

The February 2026 Insiders build includes chat conversation forking with /fork command, MCP (Model Context Protocol) server support for Claude Agent, and improved accessibility features. The update also adds Kitty graphics protocol support for terminal inline images and enhanced chat session management.

Source: Visual Studio Code Official Site

Recent VS Code updates include version 1.109.3 with message steering and queueing, agent hooks for shell commands, and Claude configuration compatibility. Update 1.109.4 addressed additional issues, with the January 2026 release focusing on multi-agent development capabilities.

Source: Releasebot

AWS launched Claude Sonnet 4.6 with frontier performance for coding and enterprise workflows at lower cost than Opus 4.6. New Amazon EC2 Hpc8a instances powered by 5th Gen AMD EPYC processors deliver up to 40% higher performance with 300 Gbps networking. Open-source Agent Plugins for AWS extend coding agents with deployment capabilities.

Source: AWS News Blog

AWS launched Claude Opus 4.6, Anthropic's most intelligent model for coding and enterprise agents. New Amazon EC2 C8id, M8id, and R8id instances with Intel Xeon 6 processors offer up to 43% higher performance and 3.3x more memory bandwidth. CloudFront added mutual TLS support for origins.

Source: AWS News Blog

Amazon reported Q4 2025 net sales of $213.4 billion with AWS growing 24% to $35.6 billion—the fastest growth in 13 quarters. The company plans approximately $200 billion in capital expenditures for 2026, driven by AI, chips, and satellite demand. Custom chips (Trainium and Graviton) reached $10 billion annual revenue run rate.

Source: About Amazon

AWS made up 16.6% of Amazon's overall $213.4 billion Q4 revenue as customers increasingly run AI workloads alongside their core applications. Despite strong AWS performance, Amazon shares fell 10% after-hours due to increased capital expenditure plans and missed EPS expectations.

Source: TechCrunch

Published February 12, 2026, this article discusses how the Next.js team spent the past year making Next.js work better with AI coding agents. It covers experimental in-browser agent development, MCP integration, and improved logging features, focusing on treating agents as first-class users.

Source: Next.js Blog (Vercel)

Netlify published guidance on January 26, 2026, about CVE-2026-23864, a denial-of-service vulnerability with CVSS 7.5 severity affecting React Server Components, a feature used by Next.js and other React metaframeworks.

Source: Netlify

Next.js 16.1 was released on December 18, 2025. Key highlights include Turbopack File System Caching for next dev (now stable), Next.js Bundle Analyzer (experimental), and easier debugging with next dev --inspect features.

Source: Next.js Blog (Vercel)

Published in February 2026, this article discusses performance issues with Next.js 16, including memory leaks causing OOM crashes documented in GitHub issue #88603. It also mentions six CVEs in two months related to RSC implementation, including CVE-2025-55182 with maximum CVSS 10.0 severity affecting all Next.js App Router deployments.

Source: DEV Community