What is the TanStack npm supply chain attack on May 11, 2026?

Between 19:20 and 19:26 UTC on May 11, 2026, attackers from the TeamPCP group pushed 84 malicious versions across 42 @tanstack/* npm packages, including @tanstack/react-router which gets over 12 million weekly downloads. The campaign is being called Mini Shai-Hulud. The attacker chained a pull_request_target Pwn Request misconfiguration, GitHub Actions cache poisoning across the fork to base trust boundary, and runtime extraction of OIDC tokens from the runner process. Because the malicious versions were published with TanStack's legitimate OIDC trusted publisher binding, they had valid SLSA Build Level 3 provenance attestations. The malware harvested AWS, GCP, Kubernetes, Vault, GitHub, npm, and SSH credentials, exfiltrated them over the Session messenger network, and self propagated to other packages owned by victims. The bad versions were detected and deprecated inside a 20 to 26 minute window. The CVE is CVE-2026-45321 with a CVSS score of 9.6. Anyone who ran npm install during that window should rotate every credential touched by the install host.

How did the TanStack attack affect OpenAI?

OpenAI was one of the victims. Two employee Macs were infected and the attacker pulled credentials that reached internal source code repositories. Some of those repositories held the code signing certificates for OpenAI's macOS, iOS, Windows, and Android apps. OpenAI says no user data was accessed and no production systems were touched, but it has rotated all code signing certificates and is revoking the old ones. Mac users of ChatGPT Desktop and other OpenAI Mac apps must update by June 12, 2026. After that date, anything signed with the old certificates stops working and stops getting updates. iOS and Windows users do not need to do anything.

What was in Microsoft Patch Tuesday for May 2026?

On May 12, 2026, Microsoft shipped fixes for 137 vulnerabilities, with 13 rated critical, and no zero days under active exploitation in the wild. The breakdown is 61 elevation of privilege, 31 remote code execution, 15 spoofing, 15 information disclosure, 8 denial of service, and 6 security feature bypass. The two that stand out are CVE-2026-41089, an unauthenticated Netlogon remote code execution that lands on domain controllers, and CVE-2026-41096, an unauthenticated DNS Client remote code execution triggered by a malicious DNS response. Windows GDI CVE-2026-35421 is a heap based buffer overflow triggered by crafted EMF files. Word use after free issues CVE-2026-40361 and CVE-2026-40366 round out the priority list. Microsoft also addressed more than 128 Chromium issues affecting Edge.

Is Anthropic really raising at a $900 billion valuation?

On May 12, 2026, Bloomberg reported that Anthropic was in talks to raise at least 30 billion dollars at a valuation north of 900 billion dollars, with the round expected to close as soon as the end of May. The Financial Times followed up on May 15 reporting that terms had been agreed. The round would surpass OpenAI's 852 billion dollar valuation from February 2026 and would be the largest Anthropic round to date. Some investors reportedly wanted to commit up to 5 billion dollars each. Anthropic had already disclosed a 30 billion dollar annualized revenue run rate earlier in April.

What did Google announce at The Android Show I/O Edition on May 12?

Google held The Android Show I/O Edition on May 12, 2026 as a pre game for Google I/O. The headline is Gemini Intelligence on Android, with Gemini moving from app to system layer. It can chain multi step tasks across apps, like reading a grocery list and adding the items to a shopping cart or booking a ride and a restaurant table back to back. Gemini in Chrome on Android ships in late June and can summarize pages, answer questions about them, and fill complex forms with personal information. Rambler in Gboard turns spoken speech into polished text by cutting filler words. Create My Widget lets anyone build a custom Android widget by describing it in plain English, which Google is calling vibe coded widgets. On the hardware side, Google introduced the Googlebook line of AI native laptops launching in fall 2026 with Acer, Asus, Dell, HP, and Lenovo. Android Auto gets a refresh with new widgets and 60 fps video. Adobe Premiere lands on Android this summer.

What is new in Cursor 3.4?

Cursor 3.4 shipped on May 13, 2026 with development environments for cloud agents as the headline. Cloud agents now support multi repo environments, so a single environment can pull every repository an agent needs. Environment configuration is now code, with Dockerfile based config and build secrets so private package registries are no longer a blocker. Layer caching got a rework and cached builds run about 70 percent faster. Cursor also acts as the setup partner by asking questions, flagging missing credentials, and falling back to a base image if config fails. On the governance side, each environment has version history with rollback, audit logs track every team member action, and egress and secrets can be scoped at the environment level. On May 11, Cursor also shipped Bugbot Effort Levels so reviewers can dial how deep Bugbot digs on a PR.

What did OpenAI ship between May 11 and May 17, 2026?

Four big items. Daybreak on May 11 is OpenAI's answer to Anthropic's Project Glasswing and Claude Mythos. It pairs GPT-5.5, GPT-5.5 with Trusted Access for Cyber, and GPT-5.5-Cyber with a Codex Security agent for secure code review, threat modeling, patch validation, dependency risk analysis, and remediation guidance. The OpenAI Deployment Company, also on May 11, launches with over 4 billion dollars committed by 19 partners led by TPG, plus the acquisition of Tomoro for around 150 Forward Deployed Engineers. On May 14, OpenAI brought Codex to the ChatGPT mobile app on iOS and Android, with GPT-5.5 inside, a Hooks system for scripted customization, Remote SSH for cloud dev boxes, programmatic access tokens, and HIPAA support. And on May 14, OpenAI published its incident response for the TanStack supply chain attack, including a hard June 12 deadline for ChatGPT Mac users to update past the old code signing certificates.

Why is Microsoft canceling Claude Code licenses?

Microsoft's Experiences and Devices group, which covers Windows, Microsoft 365, Outlook, Teams, and Surface, is winding down internal Claude Code use by June 30, 2026 and routing engineers to GitHub Copilot CLI. The framing in Rajesh Jha's internal memo, reported by The Verge on May 14, is convergence on a tool Microsoft can shape directly with GitHub. The timing also lines up with the end of the Microsoft financial year and an active cost cutting effort. Anthropic's models will still be reachable from Microsoft engineers through Copilot CLI and the separate Azure Foundry partnership.

What CVEs landed in the CISA KEV catalog this week?

Two. On May 14, 2026, CISA added CVE-2026-20182, the Cisco Catalyst SD-WAN authentication bypass with a perfect CVSS 10.0, after Cisco patched it the same day. The flaw is in the peering authentication path of vdaemon over DTLS, lets an unauthenticated attacker log in as vmanage-admin, and is being exploited in the wild by the UAT-8616 group with overlaps to China nexus ORB infrastructure. The federal due date is May 17. On May 15, CISA added CVE-2026-42897, a stored cross site scripting issue in Microsoft Exchange Server Outlook Web Access. Microsoft rates it 8.1. Federal due date is May 29. The Cisco one is the priority for anyone running SD-WAN on prem or in cloud.

Dev Weekly May 11-17, 2026: TanStack npm Attack Hits OpenAI, Patch Tuesday 137 Fixes, Anthropic $900B, Cursor 3.4

A week defined by a single npm push. The TanStack supply chain compromise on May 11 dragged OpenAI in as collateral damage and forced a Mac code signing rotation. Microsoft followed on May 12 with a heavy but quiet Patch Tuesday at 137 fixes and zero zero days. Anthropic opened talks the same day for a 30 billion dollar round at a 900 billion dollar valuation. Google reframed Android as Gemini Intelligence at The Android Show. Cursor 3.4 brought real dev environments to cloud agents on May 13. Claude for Small Business shipped the same day. OpenAI fired back at Anthropic’s security push with Daybreak and stood up a 4 billion dollar Deployment Company. GitHub introduced a 100 dollar Max plan with flex allotments. Microsoft started pulling internal Claude Code licenses. GitLab and GM both restructured around AI. Cisco shipped a CVSS 10.0 patch for an SD-WAN bug that was already being exploited. Here is everything that mattered.

Top Stories This Week

TanStack npm Supply Chain Attack Hits 42 Packages and Reaches OpenAI -

Between 19:20 and 19:26 UTC on May 11, attackers pushed 84 malicious versions across 42 @tanstack/* packages to npm. The TeamPCP group, the same crew tied to earlier supply chain attacks this year, is being credited with the campaign. Researchers are calling it Mini Shai-Hulud.

The exploit chain:

The attacker chained three things. A pull_request_target Pwn Request misconfiguration. GitHub Actions cache poisoning across the fork to base trust boundary. Runtime extraction of OIDC tokens out of the GitHub Actions runner process. Because the malicious publishes used TanStack’s legitimate OIDC trusted publishing binding, every bad version shipped with a valid SLSA Build Level 3 provenance attestation. The signatures looked clean.

What the malware did:

On npm install, the payload harvested AWS, GCP, Kubernetes, Vault, GitHub, npm, and SSH credentials, then sent them out over the Session encrypted messenger network. It also enumerated other packages owned by the victim and re published them with the same payload to spread.

The OpenAI angle:

OpenAI got caught in the blast. Two employee Macs were infected. Stolen credentials reached internal source repositories, including ones that held the code signing certificates for OpenAI’s macOS, iOS, Windows, and Android apps. OpenAI’s incident report says no user data was accessed and no production systems were compromised, but the company is rotating and revoking the old certificates. Mac users of ChatGPT Desktop and other OpenAI Mac apps must update by June 12, 2026 or the old certificates stop working. Bleeping Computer reports that Mistral and others were also caught. CVE is CVE-2026-45321 with CVSS 9.6.

What to do:

If you installed anything in the @tanstack scope during the May 11 window, rotate every credential reachable from that host. All bad versions have been deprecated. The currently published TanStack packages are clean as of May 15.

Microsoft Patch Tuesday Ships 137 Fixes With No Zero Days -

On May 12, Microsoft released fixes for 137 vulnerabilities, with 13 rated critical and no zero days actively exploited at the time of release. A quiet release by recent standards but still heavy on volume.

The breakdown:

61 elevation of privilege, 31 remote code execution, 15 spoofing, 15 information disclosure, 8 denial of service, 6 security feature bypass. Plus around 128 Chromium issues that show up in Microsoft Edge.

The ones to look at first:

CVE-2026-41089 in Windows Netlogon is an unauthenticated remote code execution that lands on domain controllers. CVE-2026-41096 in the Windows DNS Client is unauthenticated RCE triggered by a malicious DNS response, which is uncomfortable for anyone with broad outbound DNS. CVE-2026-35421 in Windows GDI is a heap based buffer overflow triggered by crafted EMF files. Word use after frees CVE-2026-40361 and CVE-2026-40366 round out the office document attack surface. There is also CVE-2026-41103 in the Microsoft SSO Plugin for Jira and Confluence, which matters if you let devs SSO into Atlassian through Entra.

Anthropic Opens Talks for $30B Round at $900B Valuation -

On May 12, Bloomberg reported that Anthropic was in talks to raise at least 30 billion dollars at a valuation above 900 billion dollars. The round is expected to close as soon as the end of May. The Financial Times followed up on May 15 reporting that terms had been agreed.

Why this matters for developers:

At 900 billion dollars Anthropic would pass OpenAI’s 852 billion dollar valuation from February. Some investors are reportedly ready to put down 5 billion dollars each. Anthropic disclosed a 30 billion dollar annualized revenue run rate in April. The capital lines up with the SpaceX Colossus 1 deal from last week and the multi gigawatt commitments Anthropic has with Amazon, Google and Broadcom, and Microsoft. Translation: more compute, faster model cadence, and continued price competition with OpenAI through the rest of 2026.

Google Unveils Gemini Intelligence at The Android Show I/O Edition -

On May 12, Google held The Android Show I/O Edition as a pre game for Google I/O. The framing line is that Android is moving from an operating system to an intelligence system.

Gemini Intelligence:

Gemini moves from app to system layer. It can chain multi step tasks across apps. Read a grocery list and load a shopping cart. Book a ride and a restaurant table back to back. It understands what is on screen and uses that as context.

For end users:

Gemini in Chrome on Android ships in late June. It can summarize pages, answer questions, and fill complex forms with personal info. Rambler in Gboard turns spoken speech into polished text by cutting filler words. Create My Widget lets anyone build a custom Android widget in plain English. Google is openly calling these vibe coded widgets.

Hardware:

Google introduced the Googlebook line of AI native laptops launching fall 2026 with Acer, Asus, Dell, HP, and Lenovo. Android Auto gets a refresh with new widgets and 60 fps video. Adobe Premiere is coming to Android this summer.

Rollout:

Samsung Galaxy S26 and Pixel 10 phones get the first wave starting this summer, with watches, cars, glasses, and laptops later in the year.

Cursor 3.4 Brings Real Dev Environments to Cloud Agents -

On May 13, Cursor 3.4 shipped with development environments for cloud agents as the headline.

Multi repo environments:

A single environment can now pull every repository the agent needs to do its job. End of the one repo at a time limitation.

Config as code:

Environments are defined with Dockerfiles and now support build secrets for private package registries. Layer caching got reworked and cached builds run about 70 percent faster.

Agent led setup:

Cursor asks questions, flags missing credentials, and validates the setup before running. If config fails it falls back to a base image and shows the version that is running, so debugging an environment does not eat the whole afternoon.

Governance:

Each environment has version history with rollback. Audit logs track every team member action. Egress and secrets can be scoped at the environment level instead of the whole workspace. The pieces enterprise security teams have been asking for.

Bugbot Effort Levels:

Cursor also shipped Bugbot Effort Levels on May 11 so reviewers can dial how deep Bugbot digs on a given PR.

OpenAI Launches Daybreak and the OpenAI Deployment Company -

On May 11, OpenAI launched Daybreak as its answer to Anthropic’s Project Glasswing and Claude Mythos. Daybreak pairs three tiers of GPT-5.5 with a Codex Security agent for secure code review, threat modeling, patch validation, dependency risk analysis, and remediation guidance.

Three tiers of access:

GPT-5.5 for general purpose use. GPT-5.5 with Trusted Access for Cyber for verified defensive work. GPT-5.5-Cyber for specialized authorized workflows with stronger verification and account level controls. Cloudflare, Cisco, and CrowdStrike are early partners.

The Deployment Company:

The same day OpenAI also launched the OpenAI Deployment Company with over 4 billion dollars committed by 19 partners led by TPG. The company acquired Tomoro to seed about 150 Forward Deployed Engineers from day one. The pitch is simple: enterprises do not just need models, they need engineers who will sit inside the customer and rewire workflows around them. OpenAI keeps majority ownership and control.

Developer Tools & Platforms

Claude Code v2.1.139 Lands With Agent View and /goal -

On May 11, Claude Code v2.1.139 shipped with an Agent view as a research preview for browsing every Claude Code session in one place, a new /goal command to set explicit completion conditions for the run, a /scroll-speed setting for mouse wheel tweaking, and CLAUDE_PROJECT_DIR exposed to MCP stdio servers. Deadlocks, terminal corruption, and memory issues all got fixes in the same release.

Anthropic Launches Claude for Small Business -

On May 13, Anthropic introduced Claude for Small Business with 15 ready to run agentic workflows across finance, ops, sales, marketing, HR, and customer service. Integrations include Intuit QuickBooks, PayPal, HubSpot, Canva, Docusign, Google Workspace, and Microsoft 365. The workflows cover payroll planning, month end reconciliation, business insights, and campaign management. Templates also work as reference architectures for anyone building agent flows that have to live alongside real accounting tools.

OpenAI Brings Codex to the ChatGPT Mobile App -

On May 14, OpenAI brought Codex to the ChatGPT mobile app on iOS and Android. The mobile build acts as a remote interface for Codex sessions running on a real machine, so you can review output, approve changes, and steer the run from your phone. GPT-5.5 is inside. The same release adds Hooks for scripted customization on security and compliance gates, Remote SSH for cloud dev boxes, programmatic access tokens, and HIPAA compliance support. macOS works today, Windows is next.

Microsoft Cancels Claude Code Licenses, Routes Engineers to Copilot CLI -

On May 14, The Verge reported that Microsoft’s Experiences and Devices group, which covers Windows, Microsoft 365, Outlook, Teams, and Surface, is winding down Claude Code by June 30. Engineers move to GitHub Copilot CLI. Rajesh Jha’s memo frames it as convergence on a tool Microsoft can shape directly with GitHub. The timing also lines up with the end of Microsoft’s financial year. Anthropic’s models stay accessible to Microsoft engineers via Copilot CLI and through Azure Foundry.

GitHub Introduces Copilot Max at $100 and Flex Allotments -

On May 12, GitHub reshuffled the Copilot individual plans effective June 1. Pro stays at 10 dollars but is now 10 dollars base plus 5 dollars flex for 15 dollars of total monthly credits. Pro+ is 39 dollars base plus 31 dollars flex for 70 dollars. A new Max tier at 100 dollars a month gets 100 dollars base plus 100 dollars flex for 200 dollars of credits. Base credits are fixed at the dollar value of the plan. The flex allotment changes over time as model pricing and efficiency move. Code completions and next edit suggestions remain unlimited on all paid plans. GitHub also shipped Copilot code review comment improvements and cross org Dependabot access for internal repos on May 12 and May 11 respectively.

Microsoft Ships MDASH Multi Model Agentic Security System -

On May 12, Microsoft Security introduced MDASH, a multi model agentic security system that routes between specialized models for triage, hunting, and response. Microsoft says the system found 16 new Windows vulnerabilities during validation and scored 88.45 percent on the public CyberGym benchmark. Sits next to Microsoft Sentinel and Defender as the routing layer.

Twisted 26.4.0 Patches a DNS Denial of Service -

On May 11, Twisted 26.4.0 shipped with a fix for CVE-2026-42304, a denial of service in twisted.names.dns.Name.decode that lets an unauthenticated attacker freeze the single threaded reactor with crafted DNS compression pointer chains over TCP. CVSS 7.5. All versions up to 25.5.0 are affected. Twisted 26.4.0 is also the last release that supports Python 3.9.

Security

Fortinet Patches Critical RCE in FortiAuthenticator and FortiSandbox -

On May 12, Fortinet patched two critical RCEs. CVE-2026-44277 in FortiAuthenticator is improper access control at CVSS 9.1, with fixes in 6.5.7, 6.6.9, and 8.0.3. FortiAuthenticator Cloud is not affected. CVE-2026-26083 in FortiSandbox is a missing authorization issue with the same CVSS, affecting FortiSandbox 4.4, 5.0, and all current FortiSandbox Cloud and PaaS versions. Both were found internally and are not yet exploited in the wild, but Fortinet boxes are constant targets, so the upgrade is not optional.

JetBrains Patches TeamCity Privilege Escalation -

On May 12, JetBrains patched CVE-2026-44413 in TeamCity. The flaw allows privilege escalation and unauthorized exposure of the TeamCity server API, which can leak API tokens, credentials, and build logs. All versions through 2025.11.4 are affected. The fix is in 2026.1. If you have not patched yet, treat any tokens recently visible to TeamCity as potentially exposed.

Cisco Patches CVSS 10.0 Catalyst SD-WAN Authentication Bypass -

On May 14, Cisco shipped a patch for CVE-2026-20182 in Catalyst SD-WAN. CVSS 10.0. The flaw is in the peering authentication path of the vdaemon service over DTLS on UDP 12346 and lets an unauthenticated remote attacker log in as the vmanage-admin user. Once in, the attacker can inject SSH keys, hit NETCONF, and pivot inside the SD-WAN fabric. Tenable says the UAT-8616 group has been exploiting this and an earlier SD-WAN bug since at least 2023, with infrastructure overlap to China nexus operational relay box networks. CISA added it to KEV the same day with a federal due date of May 17.

CISA Adds Microsoft Exchange XSS to KEV -

On May 15, CISA added CVE-2026-42897 to the KEV catalog. The flaw is a stored cross site scripting issue in Microsoft Exchange Server Outlook Web Access. Microsoft rates it 8.1, NVD rates it 6.1. Federal due date is May 29. If you still host on prem Exchange, patch on the May Patch Tuesday cycle covers this.

Dirty Frag Adds a Fragnesia Variant -

Dirty Frag was a chain of CVE-2026-43284 (xfrm-ESP page cache write) and CVE-2026-43500 (RxRPC page cache write) disclosed at the start of the month for Linux local privilege escalation to root. By May 14 a variant called Fragnesia (CVE-2026-46300) had been catalogued by researchers, expanding the affected surface. Distros impacted include Ubuntu, RHEL, CentOS Stream, AlmaLinux, Fedora, openSUSE, Amazon Linux, and the major managed Kubernetes node images. Patch kernels or blacklist the esp4, esp6, and rxrpc modules in the meantime.

Industry News

GitLab Restructures for the Agentic Era -

On May 12, GitLab CEO Bill Staples sent a memo announcing an open restructuring with layoffs landing by June 1. The plan flattens management, reorganizes R&D into about 60 smaller autonomous teams, and shrinks the country footprint by up to 30 percent. Staples framed it as investment for the agentic era rather than pure cost cutting, but the stock fell 7 percent on the news. The size of the cut was not stated.

GM Cuts 600 IT Workers to Hire AI Skills -

On May 11, GM laid off more than 600 salaried IT employees, around 10 percent of its IT org, and framed the move as a skills swap. The company is hiring for AI native development, data engineering, cloud engineering, and agent and model development. Same pattern as Cloudflare last week, on a smaller scale.

Celonis Signs to Acquire Ikigai Labs -

On May 12, Celonis signed a definitive agreement to acquire Ikigai Labs, an MIT linked Decision Intelligence company. Ikigai’s Large Graphical Models go into the new Celonis Context Model, which is the company’s pitch for giving enterprise agents real operational context. MIT becomes a Celonis shareholder. Ikigai co founder Devavrat Shah, a professor of AI at MIT, joins as Chief Scientist for Enterprise AI. Celonis also gets exclusive rights to MIT patents Ikigai had licensed.

Coursera and Udemy Close Their Merger -

On May 11, Coursera and Udemy completed their merger announced in December 2025. The combined company has 290 million learners, 18,000 enterprise customers, 95,000 instructors, and over 1.5 billion dollars in 2025 revenue. Cost synergies are estimated at 115 million dollars per year inside 24 months, mostly in year one. Each Udemy share converted to 0.800 Coursera shares.

Funding

Isomorphic Labs Raises $2.1B Series B -

On May 12, Isomorphic Labs raised 2.1 billion dollars for its AI drug design engine IsoDDE. Thrive Capital led. Alphabet, GV, MGX, Temasek, CapitalG, and the UK Sovereign AI Fund all participated. Largest dev adjacent round of the week.

Exaforce Closes $125M Series B for Agentic SOC -

On May 12, Exaforce raised 125 million dollars at a reported 725 million dollar valuation. HarbourVest, Peak XV, Mayfield, Khosla Ventures, Seligman Ventures, and AICONIC participated. The company sells an agentic security operations platform and is expanding into Japan and Europe. Total raised reaches 200 million dollars.

White Circle Raises $11M for AI Safety -

On May 12, White Circle raised 11 million dollars for an AI safety platform aimed at workplace deployments. Backers include leaders from OpenAI, Anthropic, DeepMind, Mistral, and Hugging Face. Small ticket but a clear read on where safety tooling is forming.

The Numbers That Matter

42 TanStack npm packages compromised on May 11 with 84 malicious versions in a six minute window
137 Vulnerabilities patched by Microsoft on May 12 with zero active zero days
$900B Anthropic valuation in current round talks
70% Faster cached builds in Cursor 3.4 cloud agent environments
600+ GM IT employees laid off May 11 in an AI skills swap
$2.1B Isomorphic Labs Series B led by Thrive Capital

Quick Hits

TanStack supply chain attack - May 11. 42 @tanstack/* packages, 84 malicious versions, six minute window, signed with legitimate OIDC trusted publishing. CVE-2026-45321. CVSS 9.6. Detected and deprecated in 20 to 26 minutes. Mistral and OpenAI among victims.

OpenAI Mac code signing rotation - May 14. Two OpenAI employee Macs infected via TanStack. Internal source repos with code signing certificates accessed. No user data, no production impact. Mac users must update by June 12.

Microsoft Patch Tuesday May - May 12. 137 fixes. 13 critical. No active zero days. Netlogon RCE CVE-2026-41089. DNS Client RCE CVE-2026-41096. Word use after frees CVE-2026-40361 and CVE-2026-40366. GDI heap overflow CVE-2026-35421.

Anthropic $30B round - May 12. Bloomberg report, FT follow up May 15. Valuation above 900 billion. Expected close by end of May. Surpasses OpenAI’s 852 billion February valuation.

Google Android Show I/O Edition - May 12. Gemini Intelligence as system layer. Multi step task automation across apps. Gemini in Chrome on Android in late June. Rambler in Gboard. Create My Widget vibe coded widgets. Googlebook AI native laptops fall 2026. Adobe Premiere on Android this summer. 60 fps video in Android Auto.

Cursor 3.4 - May 13. Cloud agent dev environments. Multi repo support. Dockerfile config with build secrets. 70 percent faster cached builds. Agent led setup with validation. Version history rollback. Audit logs. Environment scoped egress and secrets.

Cursor Bugbot Effort Levels - May 11. Reviewers dial Bugbot depth per PR.

Claude Code v2.1.139 - May 11. Agent view research preview. /goal command for completion conditions. /scroll-speed mouse wheel setting. CLAUDE_PROJECT_DIR for MCP stdio servers. Deadlock, terminal corruption, memory fixes.

Claude for Small Business - May 13. 15 agentic workflows. QuickBooks, PayPal, HubSpot, Canva, Docusign, Google Workspace, Microsoft 365.

OpenAI Daybreak - May 11. Codex Security plus three GPT-5.5 tiers. Cloudflare, Cisco, CrowdStrike as partners. Direct response to Anthropic Project Glasswing and Claude Mythos.

OpenAI Deployment Company - May 11. Over 4 billion dollars committed, 19 partners led by TPG. Tomoro acquisition for 150 Forward Deployed Engineers. OpenAI retains majority ownership.

OpenAI Codex on mobile - May 14. ChatGPT iOS and Android. GPT-5.5 inside. Hooks for scripted gates. Remote SSH. Programmatic access tokens. HIPAA support. macOS first, Windows next.

Microsoft cancels Claude Code licenses - May 14. Experiences and Devices group routes engineers to GitHub Copilot CLI by June 30. Anthropic models stay reachable via Copilot CLI and Azure Foundry.

GitHub Copilot Max plan - May 12. New 100 dollar tier with 100 base plus 100 flex credits. Pro at 10 plus 5 flex. Pro+ at 39 plus 31 flex. Effective June 1.

GitHub Copilot code review and Dependabot - May 11 and May 12. Cross org Dependabot access for internal repos and inline Copilot review comment improvements.

Microsoft MDASH - May 12. Multi model agentic security routing layer. 88.45 percent on CyberGym. Discovered 16 new Windows vulnerabilities during validation.

Twisted 26.4.0 - May 11. CVE-2026-42304 DNS compression pointer DoS fix. CVSS 7.5. Last release supporting Python 3.9.

Fortinet patches - May 12. CVE-2026-44277 FortiAuthenticator RCE. CVE-2026-26083 FortiSandbox RCE. Both CVSS 9.1.

JetBrains TeamCity CVE-2026-44413 - May 12. Privilege escalation and API exposure. Fixed in 2026.1.

Cisco Catalyst SD-WAN CVE-2026-20182 - May 14. CVSS 10.0 authentication bypass. Actively exploited by UAT-8616. CISA KEV same day. Federal due date May 17.

CISA KEV Microsoft Exchange CVE-2026-42897 - May 15. Outlook Web Access stored XSS. Federal due date May 29.

Dirty Frag Fragnesia variant CVE-2026-46300 - May 14. New addition to the May 7 disclosed Linux LPE chain.

GitLab restructuring - May 12. Layoffs by June 1, R&D into 60 autonomous teams, country footprint trimmed by up to 30 percent. Stock down 7 percent.

GM IT layoffs - May 11. 600 plus salaried IT roles cut. Skills swap toward AI, data, cloud, and agent engineering.

Celonis to acquire Ikigai Labs - May 12. Large Graphical Models for the new Celonis Context Model. MIT becomes a shareholder.

Coursera Udemy merger close - May 11. 290 million learners, 18,000 enterprise customers, 1.5 billion in 2025 revenue. 115 million in annual cost synergies inside 24 months.

Isomorphic Labs $2.1B Series B - May 12. Thrive Capital led. Alphabet, GV, MGX, Temasek, CapitalG, UK Sovereign AI Fund.

Exaforce $125M Series B - May 12. Agentic SOC. 725 million valuation. Total raised 200 million.

White Circle $11M - May 12. AI safety. Backed by leaders from OpenAI, Anthropic, DeepMind, Mistral, Hugging Face.

Three threads worth pulling on. First, the supply chain is now the soft underbelly of the AI stack. The TanStack attack on May 11 took six minutes to publish 84 packages signed by a real OIDC trusted publishing flow, and the blast radius reached OpenAI’s Mac code signing pipeline. SLSA Level 3 attestations did not stop it because the build itself was hijacked. The whole industry is going to have to think harder about how trust travels through GitHub Actions, OIDC, and provenance. Second, the agent stack is no longer the demo. Cursor 3.4 gave cloud agents real Dockerfile based dev environments with build secrets, audit logs, and version history rollback. Claude Code v2.1.139 added a global Agent view and /goal. OpenAI moved Codex to phones with Hooks, Remote SSH, and HIPAA. The boring enterprise pieces are showing up week over week. Third, the financing arms race keeps lapping itself. Anthropic opened talks for 30 billion at 900 billion right after locking in SpaceX Colossus 1 last week. OpenAI stood up a 4 billion dollar Deployment Company in the same week it launched Daybreak. Isomorphic Labs took 2.1 billion for one drug design engine. The model side of AI is still moving on cash, capacity, and customer footprint, and the rest of the developer ecosystem is rebuilding around what those bets force into existence.

See you next week.