Anthropic Launches Claude for Teachers and a $10M Canadian Research Commitment, While OpenAI Publishes an Agentic-Era Spend Playbook

This brief covers the trailing ~72 hours (July 12–15, 2026). Every item below was confirmed on the originating organization’s own page, with a published date inside the window. After one of the busiest weeks in recent memory (GPT-5.6, ChatGPT Work, Muse Spark 1.1, and Grok 4.5 all landed July 8–9), this window was notably quiet: the verified news is concentrated on a single day, July 14, led by two Anthropic announcements.

Anthropic launches Claude for Teachers, free for verified US K-12 educators

Anthropic · July 14, 2026

Anthropic introduced Claude for Teachers, giving verified US K-12 educators free access to premium Claude capabilities, a library of teaching skills grounded in learning science, and connections to evidence-based curricula mapped to academic standards in all 50 states via Learning Commons. The product connects to an ecosystem of K-12 tools (ASSISTments, Brisk Teaching, Canva Education, MagicSchool, and others), includes Claude Code and Cowork for tasks like analyzing class data and scheduling recurring work, and ships with K-12-specific privacy terms written to comply with FERPA — teacher data is not used for model training. Anthropic will pilot an evaluation in the Detroit Public Schools Community District, is open-sourcing the teaching skills, and is working with the American Federation of Teachers on privacy standards. Educators who sign up by June 30, 2027 get a full year of free access.

“We’re introducing Claude for Teachers, providing verified K-12 educators in the US free access to premium Claude capabilities, a library of teaching skills, and a direct connection to evidence-based curricula, mapped to academic standards in all 50 states.” — Anthropic

Source: Introducing Claude for Teachers

Anthropic commits $10 million CAD to Canadian AI research

Anthropic · July 14, 2026

Anthropic announced a $10 million CAD commitment to Canadian research institutions, with partnerships spanning the country’s three regional AI institutes — Amii (Edmonton), Mila (Montréal), and the Vector Institute (Toronto) — plus CHEO, CAMH, Université Laval, the University of Toronto, and the University of Saskatchewan. The funding targets beneficial and responsible AI applications from reinforcement learning and AI safety to children’s health and low-resource languages like Quebec French and Indigenous languages. Anthropic also published its first Canadian country brief from the Anthropic Economic Index, finding Canada ranks eighth worldwide in Claude.ai use and second in per-capita adoption among the top ten countries.

“Some of the foundations of modern AI came out of Toronto, Montréal, and Edmonton— and so, strikingly, did many of the researchers most committed to making it safe. I was formed by that culture, and I’m proud Anthropic can support the next chapter.” — Chris Olah, Co-Founder, Anthropic

Source: Anthropic commits $10 million to Canadian AI research

OpenAI publishes an enterprise playbook for managing AI spend in the agentic era

OpenAI · July 14, 2026

Following last week’s GPT-5.6 and ChatGPT Work launches, OpenAI published guidance for enterprise leaders on managing AI investments as agents take on longer-running work. The five-step framework centers on measuring “useful work per dollar” rather than token price, tracking cost per accepted outcome, and governing agentic workflows before they scale. The post also highlights updated usage analytics and spend controls in the ChatGPT Admin Console — adoption, credit usage, and spend broken down by user, product, and model — and notes that token prices fell 97% from GPT-4 to GPT-5.4, with GPT-5.6 completing coding-agent tasks with 54% fewer output tokens.

“But token price alone does not show whether AI is creating value. Leaders should look at useful work per dollar: tasks completed, time saved, decisions improved, and workflows ready to scale.” — OpenAI

Source: How to manage AI investments in the agentic era


This brief covers the trailing ~72 hours (July 12–15, 2026).

Primary sources:

Deep Dive: Microsoft’s Record-Shattering July 2026 Patch Tuesday — 622 Patches, Three Zero-Days, and the Top 10 Fixes That Matter

The headline: 622 vulnerabilities, triple the old record

Microsoft MSRC · July 14, 2026

Microsoft’s July 2026 Patch Tuesday addresses 622 vulnerabilities by the Security Update Guide’s own count — more than triple June’s previous all-time record of roughly 200. The batch includes 416 flaws in Windows (itself a record), 82 in Office, 46 in Edge, 27 in developer tools, and 17 in SharePoint Server. Roughly one in ten — about 60, depending on whose tally you use — are rated Critical, with 48 of those enabling remote code execution. Twenty-six vulnerabilities carry a CVSS base score above 9.0, and 13 sit at 9.8.

“The mother of all releases.” — Dustin Childs, head of threat awareness, Trend Micro Zero Day Initiative

A note on counting: totals vary by methodology. Microsoft’s Security Update Guide says 622; ZDI independently counts 621 (63 Critical); Tenable counts 569 unique CVEs; BleepingComputer counts 570 by excluding fixes shipped earlier in the month and the 468 Edge/Chromium flaws Google patched upstream. By every method, this is the largest Patch Tuesday ever, and the year-to-date CVE count already exceeds every prior full year.

Source: Microsoft Security Update Guide · ZDI July 2026 review, CyberScoop, Dark Reading

Why the explosion? AI found the bugs — and AI will exploit them

Microsoft / industry analysis · July 9–14, 2026

This wasn’t a surprise. On July 9, Windows executive VP Pavan Davuluri warned customers to expect a higher volume of security updates per release as Microsoft applies its multi-model agentic scanning harness (MDASH) across the Windows codebase — the same AI pipeline that independently found 16 significant vulnerabilities in a prior release. Tenable’s Satnam Narang projects Microsoft could exceed 2,000–3,000 CVEs this calendar year, while stressing that the volume reflects how good AI tooling has become at finding bugs, not necessarily how many pose real-world risk.

The same automation cuts the other way: attackers can diff patches against previous builds and produce working exploits within hours, not weeks. Microsoft has correspondingly tightened its deployment guidance, now recommending organizations defer Windows quality updates by no more than three days, with update deadlines of zero or one day. The traditional “wait and soak” patch cycle is effectively dead; several research teams declared today the start of the continuous-patching era.

One structural change worth noting for anyone who tracks these releases: the Security Update Guide no longer enumerates each vulnerability individually. It now presents a summary table of counts by product family plus a slim “Notable CVEs” section — a format change Rapid7 flagged as a real reduction in day-one, product-by-product detail.

Source: SecurityWeek, CyberScoop, Rapid7, PCWorld

The Top 10 patches — what they are and why they matter

Ranked by real-world urgency: exploited zero-days first, then public disclosures, then the highest-impact criticals.

1. CVE-2026-56155 — Active Directory Federation Services elevation of privilege (exploited zero-day)

CVSSv3 7.8 · Important · Exploited in the wild. Insufficient granularity of access control in AD FS lets an authenticated attacker elevate to administrator locally. Discovery is credited to Microsoft’s own DART incident-response team — a strong signal it surfaced during a live intrusion investigation. AD FS signs the authentication tokens the rest of your estate trusts, so a “local” privilege bug on that box is worth far more to an attacker than the label suggests. CISA has added it to the KEV catalog with a federal remediation deadline of July 28. Patch AD FS servers first, and don’t expose them to the internet.

2. CVE-2026-56164 — SharePoint Server elevation of privilege (exploited zero-day)

CVSSv3 5.3 · Exploited in the wild. Missing authentication for a critical function allows an unauthenticated attacker to elevate privileges over the network against SharePoint Server 2016, 2019, and Subscription Edition, with low attack complexity and repeatable success. The modest score is misleading — this is the month’s clearest example of why you can’t sort by CVSS alone. Credits include Mandiant Incident Response and Google Cloud researchers, another indicator of active-incident origins a year after the ToolShell wave hammered on-prem SharePoint. CISA’s KEV deadline for federal agencies is July 17 — three days. Enabling AMSI with Full request-body scanning provides interim mitigation.

3. CVE-2026-50661 — Windows BitLocker security feature bypass (publicly disclosed)

CVSSv3 6.1 · Important · Public before patch. An attacker with physical access can bypass BitLocker Device Encryption and read encrypted data. Microsoft credits “Anonymous,” but researchers widely believe this patches GreatXML, the zero-day dropped by the pseudonymous researcher Nightmare Eclipse (a.k.a. Chaotic Eclipse) the day after June’s Patch Tuesday. It’s the third physical-access BitLocker bypass patched in two months. Exploit code is public, so treat disclosure as a countdown clock: prioritize laptop fleets and traveling hardware, and use TPM+PIN preboot authentication where the data warrants it.

4. CVE-2026-57092 — Windows VMSwitch guest-to-host escape

CVSS 9.9 · Critical. The highest-scored bug of the month: a flaw in the Hyper-V virtual switch that lets an attacker escape a VM boundary and compromise the host. One compromised guest becomes every workload on the hypervisor, which is why virtualization hosts should be patched ahead of the guests they carry. Several related Critical Hyper-V escalations shipped alongside it.

5. CVE-2026-55040 — SharePoint JWT authentication bypass (half of an unauthenticated RCE chain)

CVSS disputed: 5.3 (Rapid7/Microsoft “Important”) vs. 9.1 (ZDI “Critical”). Discovered by Rapid7’s Stephen Fewer for Pwn2Own Berlin, this JWT authentication bypass chains with a second, still-embargoed RCE bug to achieve unauthenticated remote code execution against SharePoint. The RCE half isn’t scheduled for a patch until August — meaning this month’s bypass fix is what breaks the chain. Patch it in the same pass as the SharePoint zero-day above. Also relevant: SharePoint 2016 and 2019 just exited extended support, so Subscription Edition is now the only fully supported self-hosted option.

6. CVE-2026-58644 & CVE-2026-50522 — SharePoint Server deserialization RCE pair

CVSS 9.8 · Critical. Two deserialization-of-untrusted-data flaws allowing unauthenticated remote code execution over the network. Combined with the two entries above, SharePoint accounts for 17 CVEs this month and is unmistakably the product family under the most attacker attention. If you run on-prem SharePoint, today is a drop-everything day.

7. CVE-2026-55944 — Dynamics NAV / Dynamics 365 Business Central RCE

CVSS 9.8 · Critical · “Exploitation More Likely.” A crafted login request triggers deserialization of untrusted data on an affected Dynamics NAV or Business Central server — no authentication, no user interaction. It’s the same bug class as the SharePoint pair but easy to overlook because it lives in the ERP stack rather than the collaboration stack. Finance-adjacent systems make attractive targets; don’t let this one slide to next cycle.

8. CVE-2026-56188 — Windows Server Network driver race condition (wormable)

CVSS 9.8 · Critical · “Exploitation More Likely.” A race condition in the Windows Server Network driver allows an unauthenticated attacker to execute code over the network — the profile that earns the “wormable” label. Unauthenticated, network-reachable, no interaction: this is the class of bug that historically powers self-propagating attacks once an exploit lands.

9. The DHCP cluster — CVE-2026-50518, CVE-2026-50370, CVE-2026-54128 and friends

Up to CVSS 9.8 · five RCEs across DHCP Server and Client. Nine DHCP-related CVEs shipped this month, five rated Critical and three assessed “Exploitation More Likely.” The standouts are heap-based buffer overflows in DHCP Server exploitable over the network (CVE-2026-50518) and an adjacent network (CVE-2026-50370), plus a use-after-free in the DHCP Client (CVE-2026-54128). DHCP is on by default in essentially every Windows environment and rarely thought about — exactly the kind of ambient attack surface a cluster like this turns dangerous.

10. CVE-2026-48561 — Microsoft Copilot remote code execution

CVSS 9.6 · Critical. A command injection flaw lets an unauthenticated attacker execute arbitrary code over the network through Microsoft Copilot. Beyond the score, it’s emblematic of the month’s most important trend: AI-assistant attack surface is now a fixture of every Patch Tuesday, with additional entries this month in GitHub Copilot, Visual Studio/VS Code Copilot integrations, and a vaguely described Outlook Copilot tampering issue.

Honorable mentions

Beyond the top ten: CVE-2026-55008, an Exchange Server spoofing flaw (CVSS 9.6) flagged “more likely” to be exploited; two Microsoft Defender RCEs (CVE-2026-55011, CVE-2026-55012) delivered via engine updates; a trio of 9.8s in Remote Desktop Client (CVE-2026-54990), Windows FTP Service (CVE-2026-49172), and MSMQ (CVE-2026-50447); an unusual 21-bug cluster across NTFS and ReFS filesystem drivers suggesting a shared root cause; and — proof that AI scanning sweeps the whole portfolio — Critical RCEs in Minecraft Bedrock Dedicated Server (CVE-2026-55010) and a code-execution flaw in Age of Empires II: Definitive Edition (CVE-2026-50663). This release also permanently removes the Kerberos RC4 rollback switch (RC4DefaultDisablementPhase), completing Microsoft’s multi-year RC4 deprecation — audit any lingering RC4-dependent service accounts before deploying.

Bottom line

Patch in this order: the two exploited zero-days (AD FS and SharePoint — CISA deadlines are July 17 and July 28 for federal agencies, and those are sane targets for everyone else), then the publicly disclosed BitLocker bypass on mobile hardware, then internet-facing and identity infrastructure, then virtualization hosts, then the 9.8-class network RCEs. Volume is the story of 2026, but triage discipline — KEV first, EPSS and exposure over raw CVSS — is the defense. June’s record lasted exactly one month; there’s no reason to believe July’s will fare better.


Coverage window: July 14, 2026 (Patch Tuesday release day).
Primary sources: Microsoft Security Update Guide · Zero Day Initiative July 2026 review · Tenable · Rapid7 · Cisco Talos · Qualys · Dark Reading · SecurityWeek · CyberScoop

Record Microsoft Patch Tuesday With Two Exploited Zero-Days, SAP NetWeaver 9.9 Memory Corruption, and Jscrambler npm Supply-Chain Attack

This brief covers the trailing ~48 hours (July 12–14, 2026). Every item below was verified against its primary source — vendor advisories, CISA, and the original researchers — before inclusion.

Microsoft’s record July Patch Tuesday fixes 570 flaws, including two actively exploited zero-days

Microsoft MSRC · July 14, 2026

Microsoft’s July 2026 Patch Tuesday is its largest ever, addressing roughly 570 vulnerabilities (59 rated Critical), including two zero-days exploited in the wild: CVE-2026-56155, an Active Directory Federation Services elevation-of-privilege flaw (CVSSv3 7.8) credited to Microsoft’s DART incident-response team, and CVE-2026-56164, a SharePoint Server elevation-of-privilege flaw (CVSSv3 5.3) affecting SharePoint 2016, 2019, and Subscription Edition, credited in part to Mandiant and Google Cloud researchers. A third zero-day, the publicly disclosed BitLocker bypass CVE-2026-50661, was also patched. All are fixed as of today; none appeared in CISA’s KEV catalog at publication time. Microsoft notes that enabling AMSI with Full request-body scanning mitigates the SharePoint flaw.

“Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.” — Microsoft advisory for CVE-2026-56155

Source: MSRC CVE-2026-56155, MSRC CVE-2026-56164 · BleepingComputer, Tenable

SAP patches CVSS 9.9 NetWeaver ABAP memory corruption on July Patch Day

SAP · July 14, 2026

SAP’s July 2026 Security Patch Day delivers 20 new and updated security notes, led by CVE-2026-44747 (CVSS 9.9), a memory corruption bug in NetWeaver Application Server ABAP that can expose data and cause system unavailability; disabling affected ICF nodes in transaction SICF is a temporary workaround. Also fixed are CVE-2026-27690 (CVSS 9.1), an unauthenticated HTTP request-smuggling flaw in Approuter in non–Cloud Foundry deployments, and CVE-2026-44761 (CVSS 9.1), hardcoded sample OAuth2 credentials in Commerce Cloud that allow unauthenticated data access if sample scripts were retained in production. Patches are available; no exploitation has been reported.

“The vulnerability affects SAP Approuter deployments in non-Cloud Foundry environments and allows an unauthenticated attacker to send a specially crafted HTTP request that leads to request-response desynchronization.” — Onapsis

Source: SAP Security Patch Day – July 2026, Onapsis · SecurityWeek

Jscrambler npm packages backdoored with cross-platform credential stealer

Jscrambler / Socket · July 13–14, 2026

A threat actor used a compromised npm publishing credential to push malicious versions (8.16–8.20) of Jscrambler’s npm package starting July 11; the first clean version is 8.22. The poisoned versions — downloaded 1,479 times before removal — used a preinstall hook to drop Rust-based infostealer binaries for Linux, macOS, and Windows that harvest developer credentials, cloud secrets, cryptocurrency wallets, AI coding-assistant and MCP server configurations, and browser data, exfiltrating over TLS. Dependent packages including jscrambler-webpack-plugin, gulp-jscrambler, grunt-jscrambler, and jscrambler-metro-plugin were also affected. Users should remove affected versions, scan for malware, and rotate all credentials and API keys.

“Our investigation indicates that the attacker was able to publish the package using an NPM publishing credential. We have revoked and rotated all relevant credentials, passwords, and secrets, and have implemented additional security controls around our publishing process while the investigation continues.” — Jscrambler security advisory

Source: Jscrambler advisory, Socket · SecurityWeek

CISA adds 18-year-old Cisco IOS CSRF flaw to KEV catalog

CISA · July 13, 2026

CISA added CVE-2008-4128 to the Known Exploited Vulnerabilities catalog based on evidence of active exploitation. The 2008-era flaw comprises cross-site request forgery weaknesses in the HTTP administration interface of Cisco IOS 12.4 on Cisco 871 Integrated Services Routers, letting attackers trick authenticated admins into executing arbitrary commands. Under BOD 26-04, federal civilian agencies must remediate by July 16, 2026 — a reminder that long-lived admin interfaces on aging network gear remain an active attack surface.

“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.” — CISA alert, July 13, 2026

Source: CISA alert, KEV catalog · SC Media

Still developing

Adobe / CISA · July 7–8, 2026 — Maximum-severity ColdFusion flaw CVE-2026-48282 (ColdFusion 2025.9, 2023.20 and earlier; unauthenticated remote code execution) was exploited within hours of Adobe’s patch release and added to CISA’s KEV catalog on July 7 with a three-day federal remediation deadline. Shadowserver tracks nearly 800 ColdFusion instances still exposed online. Source: CISA alert · BleepingComputer

AssuranceAmerica · July 9, 2026 — The U.S. auto insurer disclosed a breach affecting 6,998,886 people after attackers compromised an employee’s credentials in March and copied files containing names, contact details, policy and claims data, and driver’s license numbers — the largest U.S. driver’s-license breach disclosed this year. Source: BleepingComputer


This brief covers the trailing ~48 hours (July 12–14, 2026).
Primary sources: Microsoft MSRC (CVE-2026-56155) · Microsoft MSRC (CVE-2026-56164) · SAP Security Patch Day July 2026 · Jscrambler security advisory · Socket research · CISA KEV alert (July 13) · CISA KEV catalog

Joomla Extension Flaws Hit CISA KEV, Progress Orders ShareFile Controllers Offline, and “Ill Bloom” Wallet Flaw Tops $5M in Theft

This brief covers notable cyber security developments from the trailing ~48 hours (July 10–12, 2026). Every item below was verified against its primary source — vendor advisory, CISA alert, or the original research — before inclusion.

CISA adds two actively exploited Joomla extension flaws to the KEV catalog

CISA · July 10, 2026

CISA added CVE-2026-48939 (iCagenda) and CVE-2026-56291 (Balbooa Forms) to the Known Exploited Vulnerabilities catalog based on evidence of active exploitation. Both are unrestricted upload of file with dangerous type vulnerabilities in popular Joomla extensions — a bug class that typically leads to webshell deployment and full site takeover. CISA did not publish CVSS scores in the alert; under BOD 26-04, federal civilian agencies must prioritize rapid remediation of KEV-listed flaws on publicly exposed assets.

“These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise.” — CISA

Source: CISA alert · KEV catalog

Progress tells ShareFile customers to shut down Storage Zone Controllers over “credible external security threat”

Progress Software · July 10, 2026

Progress Software ordered every organization running an on-premises ShareFile Storage Zone Controller to immediately shut down the Windows server hosting it, citing a “credible external security threat.” There is no patch to apply instead; Progress has also temporarily disabled access to affected accounts and listed Storage Zone Controller customers as “not operational” on its status page. The company says it has no indication of unauthorized access to any ShareFile accounts or data, but has not disclosed the nature of the threat or a restart timeline. Cloud-only ShareFile accounts are not affected. The same component was exploited in the wild in 2023 (CVE-2023-24489) while the product belonged to Citrix.

Source: ShareFile status page · The Hacker News · BleepingComputer

Coinspect discloses “Ill Bloom” weak-randomness wallet flaw; more than $5M already drained

Coinspect · July 10, 2026

Security firm Coinspect disclosed Ill Bloom, a weak-randomness flaw in the recovery-phrase generation of certain software wallets — mostly older or lesser-known mobile apps, some dating to 2018 — that lets attackers derive private keys and is being actively exploited. Coinspect confirmed a coordinated sweep on May 27 that drained about $3.1 million from 431 wallets, with total outflows from exposed wallets now past $5 million across Bitcoin, Ethereum, Rootstock, Tron, and Polygon. Hardware wallets and most mainstream software wallets are not affected; Coinspect published a free address checker at illbloom.org and warns that matched wallets should be treated as compromised.

“If funds recently moved without your permission, this vulnerability may be why.” — Coinspect

Source: The Hacker News · Cointelegraph

PraisonAI RCE via unsandboxed LLM-generated code scores a perfect CVSS 10.0

CVE Program (VulnCheck) · July 11, 2026

CVE-2026-61447 (CVSS 4.0: 10.0) is a critical remote code execution flaw in the PraisonAI agent framework before version 1.6.78. The CodeAgent._execute_python() method runs Python code generated by the LLM with no AST validation, import restrictions, or sandboxing, so an unauthenticated attacker who can submit prompts can steer the model into producing arbitrary code that executes on the host and exfiltrates environment secrets. No in-the-wild exploitation has been confirmed and the fix is to upgrade to 1.6.78 or later. It is not in the KEV catalog.

PraisonAI “executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement.” — CVE-2026-61447 record

Source: GitHub security advisory · NVD · VulnCheck advisory

Still developing

Microsoft Defender “RoguePlanet” patched, then researcher reports new Defender bugs
Microsoft MSRC · July 9, 2026 (updated July 11)
Microsoft remediated CVE-2026-50656 (CVSS 7.8), the RoguePlanet privilege-escalation race condition in the Malware Protection Engine that could spawn a SYSTEM shell, in engine version 1.1.26060.3008 — no customer action required. The researcher who disclosed it (Chaotic Eclipse) has since reported that the accompanying hardening can leak 8 bytes of data and that Defender’s caching of oversized Zone.Identifier streams can be abused via a malicious SMB server to exhaust disk space on Windows 11 25H2 and Server 2025; Microsoft told The Hacker News it is “aware of this report and are investigating.”
Source: Microsoft MSRC · The Hacker News

Zimbra patches critical stored XSS in Classic Web Client reported by Google TAG
Zimbra · July 7, 2026
Zimbra released ZCS 10.1.19 to fix a critical stored cross-site scripting flaw in the Classic Web Client that lets specially crafted emails execute malicious scripts in a user’s session on open, exposing session data, account settings, and mailbox contents. No CVE ID or CVSS score has been published yet. The reporter — Google’s Threat Analysis Group — typically surfaces bugs used by state-backed actors, though exploitation has not been confirmed.
Source: Zimbra security advisories · BleepingComputer


This brief covers the trailing ~48 hours (July 10–12, 2026).
Primary sources: CISA KEV alert · ShareFile status · PraisonAI GHSA · NVD CVE-2026-61447 · MSRC CVE-2026-50656 · Zimbra advisories

OpenAI Launches GPT-5.6 and ChatGPT Work, Meta Ships Muse Spark 1.1, and Ben Bernanke Joins Anthropic’s Trust

This brief covers the trailing ~72 hours (July 9 – 12, 2026). Every item below was confirmed on the originating organization’s own page, with a published date inside (or, where noted, just before) the window. July 9 was one of the busiest single days in recent memory: OpenAI shipped a new flagship model family and a work agent, Meta released a major model upgrade with its first public API, and Anthropic made three announcements of its own.

OpenAI ships the GPT-5.6 family: Sol, Terra, and Luna reach general availability

OpenAI · July 9, 2026

OpenAI moved GPT-5.6 from limited preview to general availability across ChatGPT, Codex, and the API, in three tiers: flagship Sol ($5/$30 per 1M tokens), balanced Terra ($2.50/$15), and cost-efficient Luna ($1/$6). OpenAI claims a new high of 53.6 on Agents’ Last Exam and a state-of-the-art 80 on the Artificial Analysis Coding Agent Index, framing much of the release around performance per dollar against Anthropic’s Fable 5. The release also introduces an ultra setting that coordinates four parallel agents by default, Programmatic Tool Calling in the Responses API, and what OpenAI calls its most robust safeguards to date — cyber safeguards that block roughly ten times more potentially harmful activity than prior models, backed by ~700,000 A100e GPU hours of automated red teaming. The same day, Microsoft announced GPT-5.6 as the new preferred model in Microsoft 365 Copilot.

“GPT-5.6 Sol sets a new standard for both intelligence and efficiency, achieving state-of-the-art results across coding, knowledge work, cybersecurity, and science while outperforming previous and competing frontier models with fewer tokens and at lower estimated cost.” — OpenAI

Source: GPT-5.6: Frontier intelligence that scales with your ambition

OpenAI launches ChatGPT Work, merges the Codex app into a new desktop app, and begins sunsetting Atlas

OpenAI · July 9, 2026

Alongside GPT-5.6, OpenAI introduced ChatGPT Work, an agent that pulls context from connected apps (via a new unified “plugins” directory), runs multi-hour projects independently, and produces slides, sheets, docs, and shareable “Sites.” The Codex desktop app is merging into a new ChatGPT desktop app with a built-in browser and computer use; the old desktop app becomes ChatGPT Classic. Notably, OpenAI also said it will begin sunsetting the standalone Atlas browser in favor of a ChatGPT sidebar in Chrome. Rollout starts with Pro, Enterprise, and Edu plans, expanding to Plus and Business over the following days.

“Introducing ChatGPT Work, an agent in ChatGPT that helps you take on more ambitious tasks. It can gather information across your apps and workflows to create finished materials like sheets, slides, docs, and web apps, and stay with complex projects for hours by breaking them into smaller steps and completing them independently.” — OpenAI

Source: ChatGPT is now a partner for your most ambitious work

Meta releases Muse Spark 1.1 and opens the Meta Model API to developers

Meta Superintelligence Labs · July 9, 2026

Meta Superintelligence Labs shipped Muse Spark 1.1, a multimodal reasoning model built for agentic tasks with a 1M-token context window, improved computer use, and multi-agent orchestration (it can act as either the main agent or a subagent). The bigger structural news: for the first time, developers can access a Muse model directly through the new Meta Model API, now in public preview, with early endorsements from Replit, Cline, and Box. The model is live in “Thinking” mode in the Meta AI app and on meta.ai.

“Today, we’re excited to introduce Muse Spark 1.1, the latest model from Meta Superintelligence Labs and a significant upgrade from Muse Spark. Muse Spark 1.1 is a multimodal reasoning model built for agentic tasks, with major gains in tool and computer use, coding, and multimodal understanding.” — Meta Superintelligence Labs

Source: Introducing Muse Spark 1.1

Anthropic launches a “reflection dashboard” for Claude usage, in beta

Anthropic · July 9, 2026

Anthropic introduced a beta feature that lets users track and visualize how they use Claude — topics, usage patterns, and task types over 1 to 12 months — and decide whether that time aligns with their goals. The dashboard can set quiet hours and break nudges, and maps activity onto Anthropic’s 4D AI Fluency Framework (delegation, description, discernment, diligence). It was developed with wellbeing experts from the MIT Media Lab’s AHA program, the Digital Wellness Lab at Boston Children’s Hospital, and the Family Online Safety Institute, and is available to Free, Pro, and Max users with Memory on. The same day, Anthropic also published “Inviting hard questions,” asking the public for their hardest questions about AI and committing to show its work in addressing them.

“Today we’re introducing, in beta, a new way to reflect on and refine how you use Claude. … It lets you easily track and visualize how you use Claude, and decide whether that time aligns with your goals.” — Anthropic

Source: Introducing a way to reflect on how you use Claude

Ben Bernanke joins Anthropic’s Long-Term Benefit Trust

Anthropic · July 9, 2026

Anthropic’s Long-Term Benefit Trust appointed Dr. Ben Bernanke — former Federal Reserve Chair and 2022 Nobel laureate in economics — as its newest Trustee. The LTBT is the independent body with authority to appoint members to Anthropic’s board; Bernanke joins Neil Buddy Shah, Richard Fontaine, and Mariano-Florentino Cuéllar, and will focus in part on Anthropic’s research into AI’s economic effects.

“The potential of artificial intelligence is enormous, and so is the range of outcomes. How that potential plays out will depend, in part, on the institutions we build around it.” — Dr. Ben Bernanke

Source: Ben Bernanke appointed to Anthropic’s Long-Term Benefit Trust

Still developing

xAI launches Grok 4.5, trained alongside Cursor and now branded under SpaceXAI

xAI / SpaceXAI · July 8, 2026

Just before this window opened, xAI — whose site now carries SpaceXAI branding — released Grok 4.5, positioning it for coding, agentic tasks, and knowledge work. Trained on tens of thousands of NVIDIA GB300 GPUs and alongside Cursor, it is priced aggressively at $2/$6 per 1M tokens, served at ~80 tokens per second, and claims roughly 2x the token efficiency of comparable leading models. It is the default model in Grok Build and available in Cursor and the API console, though not yet in the EU.

“Today, we’re launching Grok 4.5, SpaceXAI’s smartest model built to excel at coding, agentic tasks, and knowledge work. It’s our strongest model ever and was trained alongside Cursor.” — SpaceXAI

Source: Introducing Grok 4.5

OpenAI introduces GPT-Live, a full-duplex voice model family now powering ChatGPT Voice

OpenAI · July 8, 2026

Also just before the window, OpenAI launched GPT-Live-1 and GPT-Live-1 mini, voice models built on a full-duplex architecture that listen and speak simultaneously — backchanneling with “mhmm,” waiting through pauses, and delegating harder questions to a frontier model (GPT-5.5 at launch) in the background while keeping the conversation going. GPT-Live is rolling out globally as the new default for ChatGPT Voice, with API access planned.

“We’re launching GPT-Live, a new generation of voice models that make talking with AI feel much more like having a real conversation.” — OpenAI

Source: Introducing GPT-Live


This brief covers the trailing ~72 hours (July 9 – 12, 2026).

Primary sources:

North Korea’s PolinRider Supply-Chain Blitz, AI-Run JadePuffer Ransomware, and a $1M Kairos Extortion Payment

This brief covers the trailing ~48 hours (July 4–6, 2026). Every item below was checked against its primary source — vendor advisories, original research posts, and CISA entries — before inclusion.

North Korean “PolinRider” campaign publishes 108 malicious packages and extensions across npm, Packagist, Go, and Chrome

Socket / The Hacker News · July 4, 2026

Threat actors tied to North Korea’s Contagious Interview operation have published 162 malicious release artifacts corresponding to 108 unique packages and extensions — 19 npm libraries, 10 Composer packages, 61 Go modules, and one Google Chrome extension. The campaign, tracked as PolinRider, plants obfuscated JavaScript loaders in legitimate repositories (concealed via whitespace padding or fake .woff2 font files) and triggers execution through VS Code task files with the “runOn: ‘folderOpen'” option; payloads fetch encrypted second stages from blockchain infrastructure that unpack to the DEV#POPPER RAT and OmniStealer. As of April 11, 2026, the broader activity had compromised 1,951 public GitHub repositories belonging to 1,047 unique owners. There is no CVE — this is an account-takeover and supply-chain campaign, and it remains active.

“The campaign remains active, and new malicious packages are likely to continue appearing as threat actors compromise maintainer accounts, modify legitimate repositories, and publish infected package versions where they retain or obtain registry access.” — Karlo Zanki, Socket

Source: Socket research · The Hacker News

JadePuffer: first documented ransomware operation run end-to-end by an AI agent

Sysdig · July 4, 2026

Sysdig researchers documented what they believe is the first ransomware intrusion conducted entirely by an autonomous LLM agent — reconnaissance, credential theft, lateral movement, persistence, privilege escalation, and encryption, with the agent adapting to failures in real time. Initial access came via CVE-2025-3248, a critical unauthenticated remote code execution flaw in the Langflow LLM-app framework that was patched in April 2025 and added to CISA’s KEV catalog in May 2025; the attacker later pivoted to an Alibaba Nacos instance using CVE-2021-29441, an authentication bypass. The operation encrypted 1,342 Nacos service configuration items, dropped the originals, and left a ransom demand with a Bitcoin address and Proton Mail contact — though the encryption key was never stored or transmitted, and the Bitcoin address appears to be a documentation example reproduced from training data.

“The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds.” — Sysdig

Source: Sysdig research · BleepingComputer

U.S. government entity paid Kairos ~$1 million in encryption-free data extortion, blockchain analysis shows

Ransom-ISAC · July 4, 2026

A case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and on-chain tracing, shows a small U.S. government entity — the evidence points to Union County, Ohio, though neither party has confirmed it — paid roughly 9.44 BTC (~$1 million) on June 13, 2025 to keep stolen files from being published. The Kairos group deployed no encryptor at all: it opened at $3 million claiming over 2 TB of stolen data, and used countdown timers and threats to leak a “prosecutors office” folder first. The payment was traced through wallet chains toward deposit addresses at Bybit, OKX, and the Russian service BELQI. The case underscores a broader shift: much of what is still called ransomware now skips encryption entirely and uses stolen data as the sole pressure point.

“Paying to make stolen data disappear is an act of faith, and the receipt is written by the thief.” — The Hacker News

Source: Ransom-ISAC case study · The Hacker News

Opera GX flaw let malicious sites silently install browser mods and steal data from visited pages

The Hacker News · July 6, 2026

Researchers disclosed a vulnerability in Opera GX that allowed a malicious website to silently install a GX Mod — the browser’s reskinning add-on format — and use it to lift data from pages the victim visits; a proof of concept reconstructed a signed-in user’s full Gmail address from a single visit with no clicks. Opera patched the flaw in Opera GX 130.0.5847.89 and says it found no evidence of in-the-wild exploitation. No CVE was assigned, but Opera’s bug bounty team rated the issue P1 (its top severity) and paid the maximum $5,000 reward. Because the attack required no clicks or approvals, there was no workaround short of the patch — users should confirm their version at opera://about.

Source: The Hacker News

SkillCloak: malicious AI agent “skills” evade static scanners more than 90% of the time

The Hacker News · July 6, 2026

Researchers at the Hong Kong University of Science and Technology showed that scanners meant to catch malicious add-on skills for AI coding agents (Claude Code, OpenAI Codex, OpenClaw) can be defeated with simple self-extracting packing techniques that leave the malware fully functional — their strongest variant slipped past every scanner tested more than 90% of the time. Skills run with the agent’s own access to files, terminals, and saved credentials, and most marketplace listings are uploaded by strangers with little vetting. The team also built a runtime checker that catches most of the disguised skills static scanners miss.

Source: The Hacker News

Still developing

“Bad Epoll” Linux kernel flaw (CVE-2026-46242)The Hacker News · July 3, 2026. A use-after-free race in the kernel’s epoll code lets an unprivileged local user gain root with roughly 99% exploit reliability, affecting desktops, servers, and Android on kernels v6.4 and newer. Researcher Jaeyoung Chung published a working proof of concept; the fix landed upstream (commit a6dc643c6931) in April 2026, but distributions that have not backported it remain exposed, and epoll cannot be disabled as a workaround. Source: The Hacker News · PoC repository

NetNut residential proxy network disruptedGoogle Threat Intelligence Group · July 3, 2026. Google, the FBI, Lumen, Shadowserver, and partners disrupted NetNut (aka Popa), a residential proxy network of at least 2 million compromised Android devices including smart TVs and streaming boxes. GTIG observed 316 distinct threat clusters using suspected NetNut exit nodes in a single week, spanning cybercrime and espionage. Source: Google Threat Intelligence · BleepingComputer

SharePoint RCE CVE-2026-45659 on CISA KEV; federal patch deadline passed July 4CISA · July 1, 2026. CISA added CVE-2026-45659 (CVSS 8.8), a deserialization-of-untrusted-data remote code execution flaw in SharePoint Server Subscription Edition, 2019, and 2016, to the Known Exploited Vulnerabilities catalog citing active exploitation. Microsoft patched it in May 2026; any authenticated attacker with Site Member permissions can execute code remotely. FCEB agencies were required to remediate by July 4, 2026. Source: CISA alert · The Hacker News

This brief covers the trailing ~48 hours (July 4–6, 2026). Primary sources: Socket, Sysdig, Ransom-ISAC, Google Threat Intelligence Group, CISA, Bad Epoll PoC.