Anthropic Project Glasswing brings together approximately 50 security partners using Claude Mythos Preview to scan critical software. In the first month, more than 10,000 high-risk and critical vulnerabilities were found, while open-source scanners discovered 6,202 flaws across one thousand projects with a 90.6 percent true-positive rate.
Researchers demonstrated that complex agentic workflows can be encoded directly into the weights of a smaller fine-tuned model instead of external orchestration such as LangChain or LangGraph. The approach achieves near-frontier quality at 100× lower inference cost across three real-world scenarios: travel booking, Zoom support, and insurance, with workflows of 14 to 55 nodes.
Researchers presented MOSS, a framework for autonomous agents that improve themselves by rewriting their own source code — not just their prompt or fine-tuning weights. On the OpenClaw benchmark, a single MOSS self-evolution cycle raises the score from 0.25 to 0.61 without any human intervention, showing that agents can fix routing, hooks, and dispatch logic that text-only methods cannot touch.
The CUSP benchmark tests AI models' ability to predict scientific breakthroughs from a database of 4,700 events. Frontier models (GPT-5, Claude Opus 4.7, Gemini 3 Pro) identify plausible research directions but systematically miscalibrate outcomes and timing with overconfidence. Additional pre-cutoff context does not help — the limitation is structural, not informational.
A team of 20 researchers from DeepMind and MIT CSAIL published the first large-scale evaluation of LLMs for autonomous generation of formal proofs in the Lean theorem prover. The agent combines LLM generation with Lean symbolic verification and autonomously solves 9 of 353 open Erdős problems and proves 44 of 492 OEIS conjectures.
LCGuard is a new framework for protecting against data leakage in multi-agent systems that share a KV cache for efficiency. The paper by IBM Research and MIT researchers led by Sadie Asif presents the first formal model for a 'latent communication guard' approach, applicable to production agentic RAG systems where multiple agents share context through a common memory.
TerminalWorld is a new benchmark that evaluates LLM agents on real bash, git, and file operations in genuine Linux processes — no simulation. The eight-author paper led by Zhaoyang Chu and Jiarui Hu sets a new bar for 'computer use' agents and is directly relevant to tools like Claude Code, GitHub Copilot Workspace, and Cursor's agentic mode.
Anthropic released Claude Code CLI v2.1.149, which extends the /usage command with a cost breakdown by category (skills, subagents, plugins, per-MCP server). The release closes two security vulnerabilities: a PowerShell permission bypass through built-in functions and an incorrect allowlist for the git worktree sandbox. An enterprise setting allowAllClaudeAiMcps was also added for cloud MCP connectors.
Gartner positioned GitHub as a Leader in its 2026 Magic Quadrant report for Enterprise AI Coding Agents — for the third consecutive year since the category was created. GitHub Copilot is currently used by 140,000 organizations worldwide, and the evaluation emphasized agentic workflows covering the full SDLC from code to review, security, and governance, not just code generation.
GitHub released npm CLI version 11.15.0, which introduces staged publishing — packages now require maintainer approval before becoming available for installation. A set of three new install-time flags (--allow-file, --allow-remote, --allow-directory) alongside the existing --allow-git was also introduced for granular control over dependency sources in the npm install command.
The AMD ROCm team published a tutorial for writing high-performance GEMM kernels in the Gluon programming model on the MI355 GPU. An optimized FP16 kernel achieves 1.489 TFLOPS at 98.75 percent MFMA efficiency, while extensions to BF8 (3.257 TFLOPS) and MXFP4 (5.255 TFLOPS) demonstrate relevance for modern AI workloads. The tutorial includes workgroup remapping and swizzle that reduces L2 cache misses from 5.3 M to 4.1 M.
Researchers presented Meta-Soft, a new method for dynamic KV cache compression in LLM inference. The approach uses a learnable orthogonal basis matrix and a selector network that synthesize soft meta-tokens — a compressed representation of key information from a long prompt. An attention-flow mechanism redistributes semantic information from removed tokens into retained ones, outperforming existing KV cache eviction methods.
WorkstreamBench is a new benchmark from a 10-author team led by Thomson Yen that tests LLM agents on real Excel and spreadsheet tasks in the financial domain — invoices, reports, cost analysis. GPT-4o, Claude, and Gemini are compared and none passes reliably through the full task set, pointing to structural shortcomings in current agentic infrastructure for enterprise finance.
Anthropic released Claude Code CLI version v2.1.150 at 04:03 UTC on Saturday, just one day after v2.1.149. The release contains exclusively internal infrastructure improvements with no user-facing changes. Available for Darwin, Linux, and Windows on ARM64 and x64 architectures, as well as Linux musl builds.
Linux Foundation AI project Kedro released version 1.2.0 along with Kedro-Viz 12.3.0. The new @experimental decorator enables marking APIs under development, and the starter project support-agent-langgraph demonstrates integration with LangGraph orchestration and Langfuse/Opik prompt management tools. Kedro-Viz gains Mermaid diagrams and node preview extensibility for improved pipeline debugging.
UK AI Safety Institute (AISI) published a report on 21 May 2026 analysing the future of oversight over advanced AI systems, based on 25 expert interviews from industry, government, and academia. The main finding: existing oversight rests on foundations that are likely to erode. More than 20 distinct degradation pathways for oversight mechanisms have been identified, with particular focus on latent reasoning, capability masking, external AI actions, and AI-to-AI communication.
Microsoft Research released a trio for agentic AI with small models on 21 May 2026: MagenticLite (a browser and filesystem UI application), MagenticBrain (a 14B orchestration model fine-tuned from Qwen 3 14B), and Fara1.5 (a computer-use model in 4B, 9B, and 27B variants). Fara1.5-27B reaches over 90% of SOTA on the Online-Mind2Web benchmark (300 web tasks), nearly doubling the performance of the previous Fara-7B. The goal is to demonstrate that agentic AI does not require massive models — only well co-designed tools and a harness.
Researchers published PALS on 21 May 2026 on the arXiv preprint server — a runtime system that integrates GPU power control directly into LLM serving for Mixture-of-Experts models. PALS uses lightweight offline power-performance models and a feedback controller that dynamically optimises configurations against throughput targets. It achieves 26.3% improvement in energy efficiency and 4-7× reduction in QoS violations under power constraints, integrates into vLLM without modifying the API or retraining models. It addresses a growing operational pain point for data centres — GPU cluster energy consumption that is becoming the dominant constraint on growth.
Researchers published a paper on arXiv on 21 May 2026 titled 'Playing Devil's Advocate' showing that existing persona vectors developed for roleplay tasks can reduce sycophancy (the model's tendency to agree with the user even when the user is wrong) to 68-98% of the effectiveness of specialised Contrastive Activation Addition (CAA) — without training on sycophancy-specific data. Geometric analysis reveals that sycophancy is a persona-level property rather than a single steerable direction in activation space, opening much easier pathways for alignment.
AWS announced on 21 May 2026 that Amazon Nova Act, the agentic AI service for automating browser and UI workflows, has received formal HIPAA-eligible status. Healthcare organisations can now use Nova Act to work with protected health information (ePHI) — authorising prior authorisations, verifying insurance, and submitting referrals through vendor web portals. The service integrates with Amazon Bedrock AgentCore and the Strand Agents framework, requires a signed BAA agreement and AWS KMS encryption, and currently operates only in the US East (N. Virginia) region.
Anthropic released Claude Code v2.1.147 on 21 May 2026 at 20:39 UTC — a new CLI version introducing the Workflow tool, the first deterministic multi-agent orchestration mechanism in the Claude Code ecosystem. The tool is initially disabled by default and activated via the CLAUDE_CODE_WORKFLOWS=1 environment variable. The same version renames the existing /simplify command to /code-review with effort levels (high/medium/low) and adds sandbox hardening against prototype-pollution and thenable-based escape attacks.
The European Commission opened a targeted public consultation on 13 May 2026 on draft guidelines for classifying AI systems as high-risk under the EU AI Act. The consultation closes on 22 May at 18:00 CET, and the guidelines will directly determine which organisations in healthcare, education, critical infrastructure, and HR processes must meet the strictest regulatory requirements.
GitHub disclosed on 18 May 2026 that an attacker accessed approximately 3,800 internal GitHub repositories via a malicious third-party VS Code extension that infected one employee's device. The investigation is ongoing; the company states there is no evidence of user data being compromised beyond the internal repositories. This is the second major incident in which IDE extensions have become attack vectors against enterprise developer infrastructure.
OpenAI announced that its AI model solved the open unit distance problem — a central conjecture in discrete geometry posed over 80 years ago. The company describes the result as a milestone in AI-driven mathematics, because the model did not merely verify an existing thesis but disproved it by constructing an original counterexample.
AMD released ROCm 7.13 on 20 May 2026 — a new version of its open-source AI compute stack that introduces support for the MI350P GPU, virtualisation of up to 8 isolated vGPUs per MI300X accelerator, an open-source ROCprof Trace decoder for transparent performance analysis, and modular TheRock packaging with domain-specific SDKs. The release is validated on Ubuntu 26.04 and RHEL 9.6, and includes VMware ESXi 9.1 support for MI350X and MI355X.
Google unveiled Gemini 3.5 Flash and Pro at Google I/O 2026 — frontier models that are 4× faster than the competition, with a special focus on agentic tasks, the new Antigravity 2.0 developer platform, and Gemini Spark, a personal AI agent available 24/7.
Google unveiled Gemini Omni Flash at I/O 2026 — a new multimodal model that generates and edits video from a combination of images, audio, video, and text. Available immediately on YouTube Shorts, with mandatory SynthID digital watermarks on every generated clip.
Anthropic Claude Code v2.1.145 brings JSON output of live sessions for scripting, extended OTEL trace attributes for agent tracking, and fixes for a security vulnerability in bash command approval.
Anthropic and KPMG have entered into a strategic global alliance giving Claude access to all employees of one of the four largest audit firms in the world. Claude is being embedded in KPMG's Digital Gateway, and KPMG becomes Anthropic's preferred partner for the private equity sector.
On May 18, 2026, Anthropic acquired Stainless, a company founded in 2022 that is behind all official Anthropic SDKs and MCP server tooling. Stainless builds SDKs for hundreds of companies, and the acquisition aims to better integrate Claude agents with external data and tools.
Anthropic has introduced three major updates to the Claude API platform for agent builders: MCP Tunnels for connecting to private networks without internet exposure, self-hosted sandboxes as an alternative to Anthropic infrastructure, and automatic file-spill for tool outputs exceeding 100K tokens.
arXiv paper 2605.15514 provides a mathematical proof that Rotary Positional Embeddings (RoPE), the positional mechanism used by nearly all modern large language models including Llama, Mistral, Qwen and GPT-NeoX, loses the ability to distinguish positions and tokens in long contexts. The authors conclude that fundamentally new architectural mechanisms are needed.
arXiv paper 2605.18661 from researchers at NUS and NTU analyzes systems that autonomously generate research papers for just $15. Key finding: frontier LLMs fabricate results and cannot reliably assess idea novelty. A comprehensive roadmap defines the boundary between reliable assistance and unsafe AI autonomy.
Argus is a new arXiv paper published on May 15, 2026 by Zhen Zhang, Liangcai Su, Zhuo Chen, and colleagues that presents an evidence assembly framework for deep research agents. The system uses a dual-agent architecture — Searcher (ReAct-style traces) + Navigator (shared evidence graph + RL synthesis) — achieving +5.5pp with a single Searcher, +12.7pp with 8 parallel, and a score of 86.2 on BrowseComp with 64 parallel searchers without exceeding context limits.
CAST is a new arXiv paper published on May 14, 2026, by Renning Pang, Tian Lan, Leyuan Liu, Piao Tong, Sheng Cao, and Xiaosong Zhang, introducing a case-based calibration framework for LLM tool use. The approach treats historical execution trajectories as structured information for reinforcement learning — achieving up to +5.85 percentage points execution accuracy improvement over the BFCLv2 baseline and a 26% reduction in average reasoning length.
Hidden in Memory is a new arXiv paper published on May 14, 2026 by Sidharth Pulipaka, Stanislau Hlebik, Leonidas Raghav, Sahar Abdelnabi, Vyas Raina, Ivaxi Sheth, and Mario Fritz that presents a delayed-execution attack on stateful LLM agents. Adversarial content in external context (documents, webpages) corrupts the agent's persistent memory — 99.8% success on GPT-5.5 and 95% on Kimi-K2.6, with 60–89% success converting poisoned memory into attacker-intended actions.
On May 17, 2026, GitHub announced that GPT-5.3-Codex replaces GPT-4.1 as the base model for Copilot Business and Enterprise. The change applies only to enterprise tiers (not Copilot Pro, Pro+, or Free). GPT-5.3-Codex is the first LTS (long-term support) model — guaranteed availability for 12 months from February 5, 2026 to February 4, 2027. Pricing: 1× premium request multiplier; GPT-4.1 remains force-enabled at 0× multiplier until deprecation on June 1, 2026.
Claude Code v2.1.143 is the new Anthropic CLI agent release published May 15, 2026. The fifth patch this week following v2.1.139, v2.1.140, v2.1.141 and v2.1.142. Brings plugin dependency enforcement with disable-chain hints, projected context cost display in the plugin marketplace (per-turn and per-invocation token estimates), a new worktree.bgIsolation setting, PowerShell -ExecutionPolicy Bypass auto-flag, and background sessions that preserve model/effort through idle wake.
From Sycophantic Consensus to Pluralistic Repair is a new alignment paper by Varad Vishwarupe, Nigel Shadbolt and Marina Jirotka published May 15, 2026 on arXiv. The authors argue that current pluralistic alignment is fundamentally misfocused on preference aggregation rather than surfacing disagreement. They propose the Pluralistic Repair Score (PRS) metric tested on Claude Sonnet 4.5 (N=198) and GPT-4o (N=100) — both models showed agreement-following behavior with low repair quality.
FLUX Outpainting is a new Black Forest Labs image generation feature announced on May 14, 2026, that extends images in any direction through a purpose-built expansion endpoint. The user specifies target canvas dimensions and placement coordinates — the model preserves lighting, texture, depth, and composition across extension regions without text prompts. Up to 4MP output, available via the BFL API, with a public demo at flux-tools.bfl.ai/outpainting.
The GitHub Accessibility Agent is a new general-purpose accessibility automation case study published on May 15, 2026. The agent reviewed 3,535 pull requests with a 68 % resolution rate and uncovered a significant bias: LLMs have an unfortunate tendency to produce accessibility antipatterns because they were trained on decades of inaccessible code. GitHub uses a sequential reviewer+implementer architecture (a two-tier model) instead of parallel sub-agents — this reduced token consumption and improved accuracy.