New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. The research details how these vulnerabilities work, what systems are impacted, and security mitigation strategies.

Source: Microsoft Security Blog

138 tracked CVEs identified in OpenClaw framework, though most vulnerabilities affect instances exposed directly to public internet. Deployment behind reverse proxy with proper authentication and regular updates recommended for production use.

Source: Petronella Cybersecurity News

Hermes framework comparison shows active public roadmap and 106K GitHub stars. Described as more reliable and active alternative with lower operational overhead, with most builders reporting ROI within first week of deployment.

Source: AI Profit Boardroom Blog

Shopify released dedicated Hermes Agent skill for e-commerce operations on May 4, 2026, integrating with Nous Research's open-source AI agent framework.

Source: KuCoin

OpenAI launched GPT-5.5 Instant as the new default model for ChatGPT on May 5, 2026, replacing GPT-5.3 Instant. The model offers smarter answers with stronger accuracy, deeper personalization, and fewer gratuitous emojis in responses.

Source: HiTechNectar

OpenAI announced GPT-5.5 as the latest upgrade to ChatGPT and Codex apps, with improvements in multi-step work, planning, tool usage, and self-verification capabilities. The upgrade reduces emoji usage and increases accuracy.

Source: MacRumors

Apache fixed CVE-2026-23918 (CVSS 8.8), a double-free vulnerability in HTTP/2 protocol handling affecting version 2.4.66. The flaw was patched in version 2.4.67 and can be exploited for denial-of-service and remote code execution.

Source: The Hacker News

Microsoft disclosed CVE-2026-31431 (Copy Fail), a high-severity local privilege escalation affecting Linux kernel's cryptographic subsystem. The flaw impacts major distributions including Red Hat, SUSE, Ubuntu, and AWS Linux as of May 1, 2026.

Source: Microsoft Security Blog

On May 6, 2026, Google and Microsoft disclosed CVE-2026-7964, a medium-severity FileSystem vulnerability in Chromium fixed in Chrome 148.0.7778.96 and backported to Microsoft Edge.

Source: Windows News

CVE-2026-6973 in Ivanti EPMM is under active exploitation with limited attacks observed. CISA mandated fixes by May 10, 2026, requiring administrative authentication for exploitation.

Source: The Hacker News

CVE-2026-0300 (CVSS 9.3/8.7) is a critical buffer overflow in PAN-OS that allows unauthenticated attackers to execute arbitrary code with root privileges. Fixes expected starting May 13, 2026.

Source: The Hacker News / CVEFeed

VS Code moved to weekly stable releases covering releases v1.116 through v1.119 throughout April and early May 2026. The update includes browser tab sharing for agents, OpenTelemetry tracing, lighter-weight todo tracking, and improved trust controls. Agents gain inline diffs in chat, browser tab sharing, and read/write access to any open terminal.

Source: Releasebot / GitHub

Semantic indexing now works in all workspaces and agents can run grep-style searches across GitHub repos and orgs with the new githubTextSearch tool. On April 27, GitHub announced that Copilot is moving to usage-based billing on June 1, 2026. VS Code includes a setting that can allow recursive delegation of subagents up to a maximum depth of 5.

Source: GitHub Changelog / Releasebot

AWS launched Amazon Quick—an AI assistant for work with a desktop app and expanded integrations—and expanded Amazon Connect into four agentic AI solutions for supply chain, hiring, customer experience, and healthcare. The latest OpenAI models, including GPT-5.5 and GPT-5.4, will be available in preview on Amazon Bedrock.

Source: Amazon Web Services

Amazon EC2 M8in and M8ib instances are now generally available, powered by custom 6th-gen Intel Xeon Scalable processors and 6th-gen AWS Nitro cards, delivering up to 43% higher performance over M6in and M6ib, with M8in offering 600 Gbps network bandwidth and M8ib delivering up to 300 Gbps EBS bandwidth. Memory-optimized R8in and R8ib instances are also now generally available and well-suited for large commercial databases, data lakes, and in-memory databases such as SAP HANA.

Source: Amazon Web Services

Amazon Q Developer IDE plugins and paid subscriptions will reach end of support on April 30, 2027, giving customers 12 months to transition to Kiro, with new signups blocked starting May 15, 2026, although existing subscriptions can continue to add users.

Source: Amazon Web Services

AWS announced that it is bumping up the number of free credits for its Kiro agentic development environment from the usual 50 free credits to 1,000 for students and adult learners from all polytechnics, ITE, and universities.

Source: TechStories

AWS launches Claude Opus 4.7 in Amazon Bedrock, Anthropic's most intelligent Opus model for advancing performance across coding, long-running agents, and professional work, powered by Amazon Bedrock's next generation inference engine.

Source: Amazon Web Services

On May 6-9, 2026, Anthropic announced partnership with SpaceX for 300+ megawatts of computing capacity and doubled usage limits for Claude Code and Claude API across Pro, Max, Team, and Enterprise plans. The company also announced Claude add-ins for Microsoft 365 and financial agent templates.

Source: Releasebot/Anthropic Official

Anthropic reached a deal on May 6, 2026, to tap SpaceX's Colossus 1 data center in Memphis, Tennessee, gaining 300 megawatts of computing capacity from over 220,000 Nvidia processors within a month. The agreement also includes exploration of space-based orbital data centers.

Source: Al Jazeera

On May 4, 2026, Anthropic announced a $1.5 billion joint venture for deploying enterprise AI services with founding partners Blackstone, Hellman & Friedman, and Goldman Sachs. The venture includes $300 million commitments from each of Anthropic, Blackstone, and Hellman & Friedman.

Source: TechCrunch