Hermes Agent is an open-source, self-hosted AI agent framework released by Nous Research in February 2026. It runs on your own infrastructure rather than as a SaaS subscription and operates as a persistent autonomous agent that executes code and searches.

Source: Petronella Cybersecurity News

By 2026, LangGraph, LlamaIndex, and Mastra have matured significantly to cover orchestration, retrieval, and TypeScript ergonomics effectively, making custom from-scratch development less necessary compared to 2023.

Source: StartupHub.ai

A benchmark-driven comparison of six major AI agent frameworks in 2026 including LangGraph, CrewAI, AG2, Claude Agent SDK, Strands Agents, and OpenAI Agents SDK, covering architecture, multi-agent orchestration, and MCP integration.

Source: QubIT Tool

Google announced the Gemini 3.5 model family and debuted an AI agent framework at I/O 2026 on May 20, 2026, as Gemini reached 900 million monthly users.

Source: TechnoTime

Covers agentic AI trends including autonomous data analysis pipelines with PraisonAI Agent Framework and collaboration between NVIDIA and GE HealthCare on autonomous diagnostic imaging.

Source: AI Multiple

OpenAI announced GPT-5.5-Cyber limited release on May 1, 2026 to trusted cyber defenders. The UK's AI Security Institute confirmed it is one of the strongest models tested on cyber tasks, only the second system to complete multi-step attack simulations end-to-end.

Source: The Register

CVE-2026-42945 is a memory corruption vulnerability affecting NGINX Open Source (versions 0.6.27 through 1.30.0) and NGINX Plus (vR32 through R36). VulnCheck's canary systems began flagging exploitation attempts on May 16, three days after the vulnerability and proof-of-concept had been made public. Attackers can achieve code execution if they manage to disable address space layout randomization (ASLR) on the target server.

Source: Help Net Security

A coordinated cross-ecosystem software supply chain attack campaign targeting npm, PyPI, and Crates.io distributed credential-stealing malware, with the campaign codenamed TrapDoor spanning more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC. TrapDoor targets developers in crypto, DeFi, Solana, and AI communities.

Source: The Hacker News

May 2026 dropped three critical Linux vulnerabilities on a near-weekly cadence. CVE-2026-42945 (NGINX Rift), landed May 13 as a heap buffer overflow in ngx_http_rewrite_module that's been in every nginx build since 2008. CVE-2026-31431 (Copy Fail) from April 29 is a logic bug that lets an unprivileged local user write 4 controlled bytes into the page cache of any readable file, then pivot to root.

Source: Security Boulevard

The May 2026 Security Update dropped with two hundred sixty-five CVEs. CVE-2026-41089 is a Windows Netlogon remote code execution vulnerability, a stack-based buffer overflow that lets an unauthenticated remote attacker execute code on a domain controller requiring immediate patching. CVE-2026-41096 is a Windows DNS Client remote code execution vulnerability with an enormous attack surface since the DNS Client runs on virtually every Windows machine.

Source: Zero Day Initiative / NT Compatible

CVE-2026-9082 is a highly critical SQL injection vulnerability in Drupal core's database abstraction API, specifically in the PostgreSQL EntityQuery condition handler. CISA has added it to the Known Exploited Vulnerabilities catalog due to active real-world attacks as of May 24, 2026.

Source: CVEFeed

VS Code 1.121 was released on May 20, 2026, adding built-in Mermaid diagram and HTML file previews, remote agent session monitoring, model configurability for lightweight tasks, and terminal tool optimizations that consume fewer resources and tokens.

Source: Microsoft Visual Studio Code Blog

VS Code 1.120 was released on May 13, 2026, continuing the weekly release cadence with updates to agent workflows and core functionality.

Source: Microsoft Visual Studio Code Blog

VS Code 1.119 was released on May 6, 2026, as part of Microsoft's weekly release schedule introduced in 2026.

Source: Microsoft Visual Studio Code Blog

GitHub announced on April 27 that Copilot will move to usage-based billing on June 1, 2026. VS Code 1.118 shipped token efficiency improvements including improved cache reuse across system prompts and tools to help manage costs when billing begins.

Source: GitHub / Microsoft

GitHub released Copilot updates across VS Code versions 1.116-1.119 (April-May 2026) including semantic search capability, experimental /chronicle feature for chat history, smarter prompt caching, inline diffs in chat, and bring-your-own-key support extending to Copilot Business and Enterprise.

Source: GitHub Changelog

AWS launched Amazon Quick—an AI assistant for work with a desktop app and expanded integrations, and expanded Amazon Connect into four agentic AI solutions for supply chain, hiring, customer experience, and healthcare. AWS and OpenAI brought the latest OpenAI models including GPT-5.5 and GPT-5.4 to Amazon Bedrock in limited preview.

Source: Amazon Web Services

Amazon EC2 M8in and M8ib instances became generally available, delivering up to 43% higher performance over M6in and M6ib with 600 Gbps and 300 Gbps bandwidth respectively. Amazon EC2 R8in and R8ib memory-optimized instances also became generally available, suited for large commercial databases and in-memory databases such as SAP HANA.

Source: Amazon Web Services

Amazon Bedrock AgentCore previewed the first managed payment capabilities enabling AI agents to autonomously access and pay for APIs, MCP servers, web content, and other agents. AWS MCP Server achieved general availability, giving AI agents and coding assistants secure, authenticated access to all AWS services.

Source: Amazon Web Services

The first five months of 2026 saw over 40 launches across Amazon CloudWatch, AWS X-Ray, Amazon Managed Grafana, and Amazon Managed Service for Prometheus, with two major themes: OpenTelemetry as the unified instrumentation standard and AI-powered operations.

Source: AWS Cloud Operations Blog

Anthropic announced a $200 million partnership with the Gates Foundation on May 14, 2026, committing grant funding, Claude usage credits, and technical support for programs in global health, life sciences, education, and economic mobility over four years.

Source: Anthropic

Anthropic held its two-day Code with Claude developer event in London starting May 19, 2026, showcasing Claude's capabilities as a coding assistant comparable to midlevel engineers, with almost half of attendees reporting shipping Claude-written pull requests.

Source: MIT Technology Review

Anthropic expanded its Project Glasswing cybersecurity initiative with Claude Security entering public beta, including new cyber verification tools for eligible security teams to scan codebases, triage vulnerabilities, and generate fixes for open-source projects.

Source: Releasebot

Anthropic introduced Claude for Small Business on May 13, 2026, as part of expanding Claude's availability to enterprise customers and small business segments.

Source: Anthropic