At CamundaCon, Camunda announced ProcessOS, an AI-powered intelligence layer that discovers, re-engineers, and continuously optimizes business processes as agentic workflows. Closed beta started May 20, 2026, offering native AWS support and Bedrock/agent service integrations for enterprise operations teams.

Source: AI Agent Store

Anthropic released public-beta self-hosted sandboxes allowing tool execution on customer-managed compute (Cloudflare, Daytona, Modal, Vercel) and research-preview MCP tunnels for internal server access via encrypted gateways. Features published May 19, 2026.

Source: AI Agent Store

NVIDIA published developer resources describing 'NVIDIA-verified agent skills' pipeline with scanning (SkillSpector), cryptographic signing, and skill cards for provenance and risk metadata. Framework published May 19-22, 2026, enabling security teams to assess capabilities before deployment.

Source: Gate News / NVIDIA

Blue Yonder announced a Model Training Factory for fine-tuning specialized supply-chain agents with NVIDIA collaboration to execute multi-step logistics workflows. Announcement made May 19, 2026, targeting operational cost control and latency optimization.

Source: AI Agent Store

CVE-2026-44338, an authentication-bypass flaw in open-source AI orchestration framework PraisonAI, was probed by internet scanners within 3 hours 44 minutes of public disclosure during the week of May 11, 2026.

Source: Cybersecurity Insiders

The US is considering a voluntary pre-release review system for advanced AI models as powerful tools like Mythos and GPT-5.5 Cyber raise cybersecurity and national security concerns. Review plans announced May 21, 2026.

Source: Times Now News

Microsoft released patches for 118 CVEs in May 2026, with 16 rated critical and 102 as important. This marks the first month since June 2024 without any zero-days exploited in the wild or publicly disclosed, with elevation of privilege vulnerabilities accounting for 48.3% of patches.

Source: Tenable

Microsoft confirmed active exploitation of two critical security vulnerabilities (CVE-2026-41091 and CVE-2026-45498) affecting Microsoft Defender. CISA mandated that by June 3, 2026, US federal civilian agencies must apply patches or discontinue use.

Source: Help Net Security

CISA added CVE-2026-9082 (CVSS 6.5), a SQL injection vulnerability in Drupal Core affecting all supported versions, to its Known Exploited Vulnerabilities catalog on May 22, 2026. Exploitation was detected within two days of patches becoming available.

Source: The Hacker News

CVE-2026-46333 (ssh-keysign-pwn) is a nine-year improper privilege management flaw in the Linux kernel introduced in November 2016. It allows unprivileged local users to execute arbitrary commands as root on Debian, Fedora, and Ubuntu without user interaction.

Source: The Hacker News

Laravel Lang organization experienced a suspected compromise of release infrastructure with over 700 malicious versions of multiple packages published on May 22-23, 2026. Attackers appeared to gain access to organization-level credentials or automation systems.

Source: The Hacker News

Released May 20, 2026, VS Code 1.121 adds built-in Mermaid and HTML previews, streamlines terminal tool behavior for agents, and lets you run agent sessions on remote machines. Remote agents allow monitoring and controlling agent sessions on a remote machine from the Agents window.

Source: Microsoft Visual Studio Code Official

The 1.120 release of Visual Studio Code brings the Agents window to Stable, improves BYOK model visibility and control, and adds Markdown quality-of-life improvements and agent safety features.

Source: Releasebot/Microsoft Visual Studio Code

GitHub confirmed a breach where attackers pulled data from roughly 3,700 internal repositories, with the entry point being a poisoned VS Code extension running on a GitHub employee's machine. Version 18.95.0 of the Nx Console extension was malicious and was exposed on the Visual Studio Marketplace for about eighteen minutes before takedown.

Source: Aikido Security Blog

VS Code moved to weekly stable releases covering v1.116 through v1.119 throughout April and early May 2026. Smarter prompt caching, deferred tool loading, and purpose-built agentic tools reduce token usage without changing agent behavior.

Source: GitHub Changelog

AWS launched Amazon Quick AI assistant with desktop app and new Free/Plus pricing plans. AWS expanded partnership with OpenAI, bringing GPT-5.5 and GPT-5.4 models to Amazon Bedrock in limited preview, along with Codex and Amazon Bedrock Managed Agents powered by OpenAI.

Source: Amazon Web Services

AWS announced new EC2 M8in/M8ib instances (43% higher performance) and R8in/R8ib memory-optimized instances now generally available. Amazon Q Developer IDE plugins reaching end-of-support April 30, 2027, with new signups blocked starting May 15, 2026.

Source: Amazon Web Services

Amazon Bedrock AgentCore previewed managed payment capabilities for AI agents. AWS MCP Server reached general availability providing AI agents secure access to AWS services. Agent Toolkit for AWS launched as production-ready suite for AI coding agents.

Source: Amazon Web Services

Anthropic launched Claude Security in public beta as part of Project Glasswing expansion, introducing new cyber verification tools for security teams. The initiative includes Mythos Preview scanning over 1,000 open-source projects and identifying over 6,000 high- or critical-severity vulnerabilities, with 90.6% validation rate from independent security research firms.

Source: Releasebot

Anthropic held its two-day Code with Claude developer conference in London starting May 19, 2026. The event showcased Claude's code generation capabilities, with reports indicating Claude now operates at midlevel engineer competency and developers are shipping pull requests written entirely by Claude.

Source: MIT Technology Review

Announced May 14, 2026, Anthropic partnered with the Gates Foundation to commit $200 million in grant funding, Claude usage credits, and technical support for programs in global health, life sciences, education, and economic mobility over four years.

Source: Anthropic