Massive Supply Chain Attack Hits AI and Dev Ecosystems
A massive coordinated attack compromised over 170 packages across the TanStack, Mistral AI, and UiPath ecosystems. The malware targets AWS, GitHub, and HashiCorp Vault credentials and uses a self-spreading vector by poisoning IDE configurations for Claude Code and VS Code users.
Google Warns of AI-Driven Zero-Day Exploits
Google has disrupted a criminal operation that used AI to find a previously unknown security flaw, signaling a shift toward ‘industrial-scale’ AI-driven cyberattacks. The report highlights a race between defenders and attackers as AI lowers the barrier for reverse-engineering and exploit generation.
- https://fortune.com/2026/05/11/google-catches-hackers-cybersecurity-warning-ai-anthropic-mythos/
- https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access/
Microsoft’s $1B Kenya Data Center Stalls Over Power Crisis
A $1 billion AI data center project in Kenya has stalled after the government warned that meeting Microsoft’s power demands would require switching off electricity for half the country. The incident underscores the global bottleneck of electrical infrastructure facing AI expansion.
Amazon Employees ‘Tokenmaxxing’ to Meet AI Quotas
Amazon employees are using internal AI tools to perform unnecessary tasks to inflate their ’token’ usage scores. This ’tokenmaxxing’ behavior is a response to intense corporate pressure to adopt AI, with some developers fearing that usage statistics are being used in performance evaluations.
- https://arstechnica.com/ai/2026/05/amazon-employees-are-tokenmaxxing-due-to-pressure-to-use-ai-tools/
- https://www.ft.com/content/8ee0d3ef-9548-422d-8ff1-ebd48ad4b2ca
Palantir Powers ICE’s 20-Million Person Target List
ICE agents now have access to a list of 20 million people directly on their iPhones via Palantir technology. This integration significantly increases the speed and efficiency of raids and arrests by providing field agents with immediate, high-scale data access.
Mythos AI Finds Vulnerability in cURL
Anthropic’s highly-touted Mythos AI model scanned the cURL codebase and identified one confirmed security vulnerability and approximately 20 bugs. While the result proves AI’s utility in auditing, the lead developer noted the hype around the model’s ‘dangerous’ capabilities may be largely marketing.
Bambu Lab Threatens Open Source Developer
Bambu Lab has issued legal threats against an open-source developer who created a fork of OrcaSlicer to allow printer features to work without routing data through Bambu’s cloud. The move is seen by critics as an abuse of the open-source social contract to enforce a closed ecosystem.