Saturday, 23 May 2026
Anthropic's Glasswing finds 10K+ critical flaws; DeepSeek locks in 75% price cut; Microsoft's AI agents cost more than human employees
Today's Lead
Anthropic
Project Glasswing: Initial Update
Anthropic's Project Glasswing uses Claude Mythos Preview to identify software vulnerabilities at scale and, in its first month, discovered over 10,000 high- or critical-severity vulnerabilities across partner systems and open-source projects — Firefox alone saw 271 flaws found, more than ten times the yield of a typical audit. The program achieved a 90.6% true-positive rate across 1,000+ scanned open-source projects. The key implication Anthropic flags: the bottleneck in software security has shifted from finding vulnerabilities to verifying, disclosing, and patching them — meaning flaws are now being discovered faster than they can be fixed, creating a dangerous interim window for exploitation.
Also today
DeepSeek
DeepSeek Makes V4 Pro Price Discount Permanent
DeepSeek announced that its 75% discount on the V4 Pro API will not expire — when the promotional period ends on May 31, 2026, pricing will permanently reset to 25% of its original launch price. The model now sits at roughly $0.435 per million input tokens and $0.87 per million output tokens. Analysts estimate this makes V4 Pro approximately 12× cheaper than GPT-5.5 and 19× cheaper than Claude Opus 4.7 at comparable quality tiers, pushing AI inference costs toward what some are calling 'intelligence too cheap to meter.'
Read →Fortune
Microsoft's AI Agents Are Costing More Than Human Employees
Microsoft and other large tech companies are discovering that AI agent deployments are economically unsustainable at current scale: while per-token prices are expected to fall 90% by 2030, Goldman Sachs projects token consumption will rise 24-fold over the same period, meaning aggregate AI costs will soar. Microsoft cancelled most of the Claude Code licenses it had rolled out to thousands of employees just six months in, and Uber exhausted its entire 2026 AI coding budget in four months. The gap between unit price deflation and exploding consumption is forcing companies to rethink broad-based AI agent deployments before they have a viable cost model.
Read →Krebs on Security
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
A contractor with admin access to CISA created a public GitHub repository containing plaintext AWS keys, RSA private keys, and credentials to dozens of internal systems — deliberately disabling GitHub's credential-scanning protections. The exposed RSA key could have granted access to CISA's entire code repository and CI/CD pipeline; the most sensitive secrets were added in late April 2026. Congressional lawmakers have demanded accountability, while security experts note the incident is doubly damaging because CISA is the federal agency responsible for preventing exactly these kinds of breaches — and this follows the agency losing over a third of its staff and most senior leadership in recent months.
Read →SafeDep
Megalodon: Mass GitHub Repository Backdooring via CI Workflows
On May 18, 2026, attackers pushed 5,718 malicious commits to 5,561 GitHub repositories in just six hours, injecting backdoored GitHub Actions workflows with base64-encoded payloads designed to steal CI environment variables, cloud credentials, SSH keys, Docker tokens, and GitHub Actions OIDC tokens. The attack demonstrated real downstream supply chain reach: an unsuspecting npm package maintainer who cloned from a poisoned repository published compromised versions of @tiledesk/tiledesk-server (2.18.6–2.18.12) to the npm registry before the issue was caught. The incident is a textbook example of how a GitHub-level compromise can propagate into production package registries.
Read →medeiros.zip
CVE-2026-46529: 10-Year-Old RCE in Linux PDF Viewers
A critical remote code execution vulnerability affecting Evince, Atril, and XReader — the most common Linux PDF viewers — went unpatched for roughly a decade before its disclosure. The flaw lives in the ev_spawn function, which fails to escape shell parameters when opening remote PDFs, allowing command injection via maliciously crafted --page-label, --named-dest, or --find arguments. Researchers demonstrated exploitation through a polyglot file valid as both a PDF and ELF binary: a user simply clicking within the document triggers arbitrary code execution, making social engineering the only required attack vector.
Read →Mozilla
Firefox Gets a Major Design Overhaul with Project Nova
Mozilla announced Project Nova, a comprehensive Firefox redesign launching later in 2026 that brings softer tab shapes, a fire-inspired color palette, gradients, and improved visual consistency across desktop and mobile. The release also ships functional improvements: tab groups, split view, faster page loads (9% improvement), built-in VPN access, and enhanced private browsing. Mozilla frames this as both a modernization of Firefox's interface and a reaffirmation of its privacy-first positioning as Chrome-centric AI features increasingly demand data access.
Read →GitHub Blog
npm Adds Staged Publishing and Install-Time Source Controls
npm 11.15.0 ships two security-focused features targeting supply chain risk. Staged Publishing (now GA) holds package releases in a pending state until maintainers explicitly approve them — including a 2FA confirmation step — before packages reach consumers. Three new install-time control flags (--allow-file, --allow-remote, --allow-directory) give developers explicit control over which sources dependencies can be pulled from, blocking installs from unauthorized locations or compromised CI environments. The changes shift npm's default posture from 'allow everything' to 'require explicit approval.'
Read →TechCrunch
Google Search Breaks on the Word 'Disregard'
Google's newly redesigned search interface — which prioritizes AI-generated summaries over traditional blue-link results — fails entirely on the query 'disregard,' rendering a large empty space instead of any useful content. The flaw emerged days after Google's rollout of a redesign that pushes traditional search results far down the page, and it's notable that Bing now returns more useful results for that term. The incident highlights the fragility of deploying AI-generated front-ends without comprehensive edge-case testing, particularly when the broken keyword likely triggers prompt injection defenses built into the AI layer.
Read →TechCrunch
Trump Mobile Confirms Exposure of Customer Personal Data
Trump Mobile confirmed that names, email addresses, phone numbers, mailing addresses, and order identifiers were publicly exposed via a third-party platform provider — placing the blame on the vendor while claiming financial data was not affected. The breach was discovered not by Trump Mobile's own security team but by two YouTubers (Coffeezilla and penguinz0), who found their own information accessible and initially received no response when attempting to notify the company. The incident follows a pattern of Trump-branded consumer businesses outsourcing data management in ways that expose customers without adequate oversight or notification procedures.
Read →