May 2026 research from Microsoft Security exposes how prompt injection in AI agent frameworks can lead to remote code execution vulnerabilities. The analysis details how these vulnerabilities work, what systems are impacted, and mitigation strategies for securing AI agents.

Source: Microsoft Security Blog

Comprehensive ranking of 12 AI agent frameworks in 2026. Notable findings include Anthropic's first-party offering with multi-agent sessions and outcomes shipped to public beta in May 2026, featuring Claude Opus 4.7 and Sonnet 4.6 with built-in tools for file operations, bash, editing, and search.

Source: Respan

Comparative analysis of Hermes Agent and OpenClaw frameworks. Hermes Agent features self-improving capabilities and support for Linux, iOS, and Android platforms with no Windows support, emphasizing security implementation.

Source: HackerNoon

Microsoft's May 2026 Patch Tuesday addresses 120 flaws and no zero-days disclosed, including 17 "Critical" vulnerabilities with 14 remote code execution, 2 elevation of privilege, and 1 information disclosure flaw.

Source: BleepingComputer

CVE-2026-23918 (CVSS score: 8.8) is a double free and possible RCE in Apache HTTP Server 2.4.66 and has been addressed in version 2.4.67.

Source: The Hacker News

Microsoft addressed an elevation-of-privilege vulnerability in Windows Projected File System (CVE-2026-34340) disclosed on May 12, 2026, affecting ProjFS driver and used by OneDrive, Windows Sandbox, Docker, and Dev Drive.

Source: Windows News

CVE-2026-41096 fixes a heap-based buffer overflow in DNS Client triggered by malicious DNS response with no authentication needed, and since DNS Client runs on virtually every Windows machine, an attacker with MitM position could achieve unauthenticated RCE across enterprise.

Source: Zero Day Initiative

CVE-2026-41089 is a stack-based buffer overflow in Windows Netlogon that could lead to remote code execution when triggered by specially crafted network request to domain controller without authentication.

Source: Help Net Security

Released May 6, 2026, VS Code 1.119 adds smoother agent workflows with browser tab sharing, OpenTelemetry tracing, lighter-weight todo tracking, improved trust controls, easier Markdown preview switching, and TypeScript 7 support with webview performance gains.

Source: GitHub Blog / Microsoft

Microsoft's May 2026 Patch Tuesday includes CVE-2026-41610, an Important-rated security feature bypass in Visual Studio Code that could allow attackers to circumvent workspace trust or extension signing protections, potentially leading to code execution. Developers should update to VS Code 1.97.2 immediately.

Source: Windows News

VS Code moved to weekly stable releases, with versions 1.116 through 1.119 shipped throughout April and early May 2026. Copilot can now search by meaning in any workspace and run grep-style queries across GitHub repos and orgs.

Source: GitHub Blog / Releasebot

An experimental /chronicle feature lets developers query their own chat history to recall what they worked on, which files they touched, and which PRs they referenced. Chronicle tracks chat interactions in a local database for personalized workflow tips.

Source: GitHub Blog

Amazon EC2 M8in and M8ib instances are now generally available, powered by custom 6th-gen Intel Xeon Scalable processors delivering up to 43% higher performance over M6in and M6ib. M8in offers 600 Gbps network bandwidth, while M8ib delivers up to 300 Gbps EBS bandwidth. Valkey 9.0 for Amazon ElastiCache is now generally available with built-in full-text search, hybrid search, aggregations, per-field TTLs, and multi-database support. AWS Lambda now supports scheduled scaling of capacity limits for functions running on Lambda Managed Instances through Amazon EventBridge Scheduler, allowing proactive scaling up or down including to zero.

Source: FinOps Weekly

Amazon Bedrock AgentCore previewed the first managed payment capabilities enabling AI agents to autonomously access and pay for APIs, MCP servers, web content, and other agents. Agent Toolkit for AWS is a production-ready suite of tools and guidance available at no additional charge, serving as the successor to MCP servers, plugins, and skills available on AWS Labs. AWS announces general availability of the AWS MCP Server, a managed remote Model Context Protocol server that gives AI agents and coding assistants secure, authenticated access to all AWS services as part of the Agent Toolkit for AWS.

Source: AWS News Blog

Amazon Quick is an AI assistant for work that connects to apps, learns what matters to you, and takes action on your behalf. Starting today, users can use the new desktop app, sign up for Free and Plus pricing plans, generate visual assets in the chat, and easily connect Quick to more apps. The latest OpenAI models, including GPT-5.5 and GPT-5.4, will be available in preview on Amazon Bedrock.

Source: AWS News Blog

PwC announced it is deploying Claude to build technology, execute deals, and reinvent enterprise functions for clients. This marks a significant enterprise partnership for Anthropic's Claude AI.

Source: Anthropic News

Anthropic formed a $200 million partnership with the Gates Foundation on May 13, 2026.

Source: Anthropic News

Anthropic launched Claude for Small Business, which runs inside tools owners already rely on like QuickBooks, PayPal, and HubSpot, and takes on work that piles up after hours like planning payroll and chasing invoices. Starting May 14 in Chicago, Anthropic is taking Claude for Small Business on a tour featuring free, half-day live AI fluency training for 100 local small business leaders per stop.

Source: Anthropic / Releasebot

Claude released 20+ new legal MCP connectors and 12 practice-area plugins, expanding how law firms and in-house teams work across research, contracts, discovery, matter management, and legal aid.

Source: Releasebot

Anthropic announced a partnership with xAI where Anthropic is buying all the compute capacity at xAI's Colossus 1 data center in Tennessee to focus on Anthropic's more enterprise-focused AI products.

Source: TechCrunch