OpenAI has officially released the GPT-5.5-Cyber model, achieving industry-leading performance on the CyberGym benchmark, and expanded its Daybreak safety program. The new tools can now detect and generate critical vulnerability patches in mainstream browsers, web infrastructure, and operating systems. It also introduced the Codex Security plugin, supporting deep scanning, vulnerability validation, attack path tracing, and patch generation for specific codebases. The 「Patch the Planet」 initiative collaborates with security firms including Trail of Bits and HackerOne, focusing on open-source software vulnerability remediation with human review at its core, alongside a new cybersecurity partnership program.

Google announced the general availability (GA) of the Interactions API, replacing the legacy generateContent API as the main interface for interacting with Gemini models and agents. Designed from the ground up for stateful, agent-based workflows, the API introduces Managed Agents (offering remote sandbox environments for autonomous task execution), background asynchronous execution, tool composition capabilities, and replaces traditional role definitions with a Steps mode using typed action steps. Google stated that future cutting-edge capabilities for long-running models and agents will increasingly be exclusive to this API. It is now the default interface in Google AI Studio and comes with a migration guide.

Google has officially launched Gemini Spark, a 7×24 personal AI agent capable of autonomously completing tasks from start to finish under user guidance. Currently available in beta exclusively to Google AI Ultra subscribers in the U.S., it is limited to this subscription tier. The company highlighted six practical use cases: project audits, news email aggregation, brand health monitoring, sales negotiation coaching, Google Drive organization, and client meeting preparation, all deeply integrated into the Google Workspace ecosystem.

Biopharmaceutical company Novo Nordisk confirmed a severe data breach in which an attacker exploited leaked GitHub personal access tokens to steal over 700,000 files, including the Ozempic drug formula and clinical trial data. The company rejected a $25 million ransom demand. Concurrently, multiple cybersecurity incidents occurred: the FortiBleed credential attack has harvested login credentials from over 86,000 Fortinet devices across 194 countries; Texas hunting license system was breached, exposing sensitive information of approximately 3.09 million users. GitHub upgraded its secret scanning system by integrating context-aware LLM technology, reducing false positives by 75.76%.

AI code editor Cursor unveiled three major updates during its Compile keynote, the most notable being a collaboration with SpaceX to train a new AI model. This move underscores SpaceX's deeper strategic investment in AI programming and foundational model development following its acquisition of Cursor's parent company, Anysphere. Specific technical details and model capabilities have not yet been fully disclosed.

A mechanistic interpretability study reveals that the root cause of prompt injection lies in LLMs identifying roles based on writing style rather than explicit tags like <think> or <user>. The research, using role probes, demonstrates that removing or altering such tags does not affect the model's internal role perception—only stylistic cues matter. This insight enables a powerful new attack called 「CoT Forgery」: attackers inject text mimicking the model’s own reasoning style into user prompts, causing the LLM to treat it as verified internal reasoning. This method achieves high jailbreak success rates across multiple models without requiring model-specific customization.

Import AI reports that in four experiments involving nearly 19,000 conversations, frontier AIs including Opus, GPT, Gemini, and Grok reliably outperformed human experts in policy debates and charitable donation appeals. Even when experts selected their own topics, conducted prior research, underwent hours of structured practice, and received a £1,000 cash incentive, they still lost to AI. The AI advantage primarily stems from faster and longer message output; when constrained to human-like response speeds, the performance gap narrows. Researchers argue the key question is no longer whether AI can surpass humans, but how, where, and for whom this persuasive capability will be used.

NVIDIA introduced Halos for Robotics, a full-stack functional safety system for physical AI, extending its proven autonomous driving safety technologies (aligned with IEC 61508 and ISO 13849 standards) directly to industrial robots, humanoid robots, and AMRs, leveraging over 18,000 engineer-years of accumulated effort. The IGX Thor platform delivers hardware-level safety isolation with a dedicated 12K DMIPs safety island and over 22,000 safety mechanisms, achieving IEC 61508 SIL 3 compliance. The accompanying 「outside-in」 safety blueprint uses external cameras and AI for dynamic safety decisions, and NVIDIA’s certified testing labs provide partners with a clear path to functional safety certification.

Mozilla Distinguished Engineer Brian Ginstead presented a custom Harness pipeline built on the Claude Agent SDK: LLM file scoring → analyzer loop → fuzz test construction and verification → validator agent → patch agent. This multi-stage workflow enabled Firefox to discover and fix nearly 500 security vulnerabilities in April 2026, with each tracked vulnerability accompanied by a reproducible HTML file and patch suggestion. A key insight was constraining the search space with prompts like 「we know there is a vulnerability here, find it」 and using a validator agent to prevent analyzers from cheating. He estimated the contribution of models and the Harness framework to be roughly equal, with significant room remaining for Harness improvements.

JPMorgan Chase has restricted employee use of Anthropic's AI model Claude in Hong Kong due to compliance and geopolitical concerns, reflecting the real-world impact of uncertain AI regulation on financial institutions. Meanwhile, the AI regulatory landscape grows increasingly complex, leaving Anthropic in ongoing limbo due to policy ambiguity. This news coincides with several fintech developments, including Kalshi initiating informal IPO discussions, Robinhood laying off nearly 300 employees, and Zelle planning to launch a stablecoin 「Zelle USD」 for international payments.