This Week in AI Security - 28th May 2026

In this episode, Jeremy explores how autonomous model execution is completely upending classical software patch cycles and regulatory risk modeling. From Anthropic’s early access model mapping out thousands of real-world vulnerabilities autonomously to state regulators drawing a hard line on frontier safety, enterprise security is in a state of rapid transformation.

Key Episode Highlights:

• Autonomous Scaling with Mythos: Anthropic's safety validation partners reveal that the new model family has autonomously scanned and identified over 10,000 vulnerabilities across roughly 1,000 open-source repositories with zero human guidance.
• The Apple M5 Silicon Exploit: Vietnamese security firm Khalif successfully leveraged model preview access to construct a functional macOS kernel memory corruption exploit, bypassing Apple's multi-billion-dollar hardware-level memory integrity protections in just five days.
• The Starlette "Bad Host" Flaw: A critical vulnerability has been uncovered in Starlette, the core routing engine behind the FastAPI framework, putting thousands of production-tier Python data and AI infrastructure stacks at immediate risk.
• Lapsus$ and Team PCP Joint Breach: Threat actors combined forces to target developer workstations, deploying malicious extensions directly inside VS Code environments to exfiltrate core corporate repository data.
• New York DFS Landmark Directive: The New York Department of Financial Services has officially issued an industry-wide mandate treating frontier models as an independent category of cyber threat, forcing financial institutions to implement rapid vulnerability management and strict guardrails.
• The Pulled Pre-Release Executive Order: The White House abruptly withdrew a highly anticipated framework that would have mandated 90-day voluntary pre-release security testing for frontier models, leaving enterprise compliance officers in a state of regulatory limbo.

Worried about AI security?

Get Complete AI Visibility in 15 Minutes. Discover all of your shadow AI now. Book a demo of Firetail's AI Security & Governance Platform: https://www.firetail.ai/schedule-your-demo

Episode Links

• https://www.schneier.com/blog/archives/2026/05/macos-kernel-memory-corruption-exploit.html
• https://arstechnica.com/information-technology/2026/05/millions-of-ai-agents-imperiled-by-critical-vulnerability-in-open-source-package/
• https://www.helpnetsecurity.com/2026/05/20/github-breached-teampcp/
• https://techcrunch.com/2026/05/24/everyone-is-navigating-ai-security-in-real-time-even-google/
• https://www.dfs.ny.gov/industry-guidance/industry-letters/20260521-heightened-cybersecurity-risks-assoc-with-frontier-ai-models
• https://arstechnica.com/tech-policy/2026/05/trump-canceled-ai-safety-testing-eo-after-snub-from-tech-ceos/