Key Takeaways
- Microsoft disclosed the first prompt injection CVEs in agent frameworks, turning theory into audit reality.
- SWE-bench Verified was found to have training contamination; vendors migrated to SWE-bench Pro.
- Anthropic launched Project Glasswing, a trust-gated model tier with Claude Mythos for cybersecurity.
1. Why Did Prompt Injection Become a CVE Class?
On May 7, Microsoft disclosed CVE-2026-25592 and CVE-2026-26030 in Semantic Kernel. Content retrieved via RAG can bypass guardrails and execute tool calls, achieving RCE on the agent host. Similar vulns found in Copilot Studio and ModelScope.
Why it matters: Prompt injection is now an auditable CVE class with real patches needed.
2. What Happened to SWE-bench Verified?
OpenAI found 59.4% of Verified problems had flaws. GPT-5.2 and Claude Opus 4.5 could reproduce gold patches from just the task ID. All vendors migrated to SWE-bench Pro (held-out, GPL tasks). The 27-point gap (81% to 54%) shows how much signal was lost.
3. What Is Project Glasswing?
Anthropic gave 50 partners access to Claude Mythos Preview for defensive cybersecurity. In month one: 23,019 vulns found across 1,000+ projects, including a 27-year-old OpenBSD bug. No public release planned.
4. How Did the EU AI Act Change?
The AI Act Omnibus (May 7) split deadlines: Annex III (high-risk) pushed to Dec 2027; Article 50 (transparency, synthetic labeling) accelerated to Dec 2026. Two calendars to track.
5. How Fast Is Global AI Adoption?
Microsoft’s May 2026 report: global usage rose to 17.8%. UAE at 70.1%, US at 31.3%. AI coding drove 78% YoY increase in git pushes. North-South gap widens (27.5% vs 15.4%).
