Microsoft Agent 365 is now generally available for commercial customers. Context mapping capabilities, policy-based controls, plus runtime blocking and alerts will be available in Agent 365 through Intune and Defender public preview in June 2026. The public preview of Agent 365 registry sync with AWS Bedrock and Google Cloud connections enables IT teams to automatically discover, inventory, and perform basic lifecycle governance across these platforms.

Source: Microsoft Security Blog

Google launches AI agent suite at Cloud Next 2026 with Workspace Studio, A2A protocol at 150 orgs, and Project Mariner. Google's Agent2Agent (A2A) protocol has reached 150 organisations in production routing real tasks between agents, and is now governed by the Linux Foundation's Agentic AI Foundation with version 1.2 including cryptographic signatures. Project Mariner, Google DeepMind's web-browsing agent powered by Gemini 2.0, scores 83.5% on the WebVoyager benchmark and is available to Google AI Ultra subscribers in the United States.

Source: The Next Web

CVE-2026-32173 (CVSS 8.6) in the Azure SRE Agent exposed live command streams, allowing any Entra ID account holder access via an unauthenticated WebSocket endpoint. Prompt injection has escalated from a model-level to an infrastructure-level threat, with disclosures regarding browser agents, MCP poisoning, and memory corruption. Following disclosure of ShareLeak (CVE-2026-21520) and PipeLeak, a remediation matrix covers five vulnerability classes.

Source: Adversa AI

The Open Worldwide Application Security Project (OWASP) GenAI Security Project released the OWASP Top 10 for Agentic Applications for 2026, the first peer-reviewed framework dedicated to autonomous, tool-using AI agents. Security researchers identified critical one-click remote code execution flaws including CVE-2026-25253, where attackers may seize control of an agent session with potential impact extending beyond the application if the agent runs with full administrative privileges.

Source: Federal News Network

ChatGPT's default model has been updated to GPT-5.5 Instant, bringing accuracy improvements with fewer hallucinations, especially in medicine, law, and finance.

Source: MacRumors

OpenAI released GPT-5.5 Instant on May 5, 2026, replacing GPT-5.3 Instant as the default ChatGPT model with reduced hallucinations in sensitive areas such as law, medicine, and finance.

Source: Rocket News

OpenAI gave the U.S. government early access to its GPT-5.5 model for national security testing, according to OpenAI executive Chris Lehane on May 5, 2026.

Source: WTAQ

GPT-5.5 Instant delivers 52.5% fewer hallucinated claims than GPT-5.3 Instant on high-stakes prompts covering medicine, law, and finance, with a 37.3% improvement rate, available to all users as of May 5, 2026.

Source: Future Tools

CISA added CVE-2026-31431, a local privilege escalation flaw (CVSS 7.8) impacting various Linux distributions, to its Known Exploited Vulnerabilities catalog citing evidence of active exploitation. Federal Civilian Executive Branch agencies have been advised to apply fixes by May 15, 2026.

Source: The Hacker News

CVE-2026-31431 (Copy Fail) is a high-severity local privilege escalation vulnerability affecting the Linux kernel's cryptographic subsystem caused by a logic flaw within the algif_aead module. The vulnerability enables root privilege escalation across cloud environments and Kubernetes workloads, with a working exploit already in the wild.

Source: Microsoft Security Blog

Widget Options WordPress plugin for WordPress versions up to 4.2.2 is vulnerable to Remote Code Execution via the Display Logic feature due to unsafe eval() usage, allowing authenticated Contributor-level attackers to execute code on the server. Published May 2, 2026.

Source: Atlas Cybersecurity

LabOne Q serialization framework contains unsafe class-loading mechanism that accepts arbitrary class names during deserialization, allowing attackers to craft serialized files that execute arbitrary Python code. Published May 1, 2026.

Source: Atlas Cybersecurity

CISA added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities catalog. CVE-2024-57726 (CVSS 9.9) is a missing authorization vulnerability in SimpleHelp allowing low-privileged technicians to create API keys with excessive permissions.

Source: The Hacker News

Visual Studio Code releases 1.118 with bigger Copilot agent workflows, including remote control for CLI sessions, semantic codebase search, stronger enterprise controls, chat history insights, and lower token usage, plus improvements to webviews, TypeScript 7 support, and remote development.

Source: Releasebot

AWS launched Amazon Quick—an AI assistant for work with a desktop app and expanded integrations—and expanded Amazon Connect into four agentic AI solutions for supply chain, hiring, customer experience, and healthcare. AWS and OpenAI are bringing the latest OpenAI models to Amazon Bedrock, launching Codex on Amazon Bedrock, and launching Amazon Bedrock Managed Agents, powered by OpenAI (all in limited preview).

Source: Amazon Web Services Blog

Amazon EC2 M8in and M8ib instances are now generally available with custom 6th-gen Intel Xeon Scalable processors and 6th-gen AWS Nitro cards, delivering up to 43% higher performance over M6in and M6ib. M8in offers 600 Gbps network bandwidth, while M8ib delivers up to 300 Gbps EBS bandwidth.

Source: AWS Weekly Roundup

AWS launches Claude Opus 4.7 in Amazon Bedrock, Anthropic's most intelligent Opus model for advancing performance across coding, long-running agents, and professional work. Claude Opus 4.7 is powered by Amazon Bedrock's next generation inference engine, purpose-built for generative AI inferencing and fine-tuning workloads.

Source: AWS News Blog

Amazon Q Developer IDE plugins and paid subscriptions will reach end of support on April 30, 2027, giving customers 12 months to transition to Kiro. New signups will be blocked starting May 15, 2026, although existing subscriptions can continue to add users.

Source: AWS Weekly Roundup

AWS announced two federal credit programs totaling up to $100 million to accelerate innovation in support of America's most critical national security and scientific missions. The AWS Warfighter Capability Accelerator Initiative and AWS Genesis Accelerator Initiative will each provide up to $50 million in AWS credits over three years (2026-2028).

Source: AWS Public Sector Blog

The Department of Defense announced an agreement with eight major technology companies to use their AI tools in classified networks in May 2026, notably excluding Anthropic from the deal.

Source: CNN

Anthropic began internal red teaming for Claude Jupiter V1 P ahead of its May 6th Code with Claude conference, pointing to a potential model launch.

Source: Testing Catalog