May 20, 2026 tech news: CISA Contractor Leaks High-Privilege Cloud Keys; Massive npm Supply Chain Attack via 'Mini Shai-Hulud'; Google Unveils Agentic Search and Gemini 3.5; OpenAI and Google Partner on AI Content Provenance; Proposed US Bill Targets Data Center Power Consumption; Machine Learning Inverts 'Irreversible' PhotoDNA Hashes; Formal Verification of Flight-Plan Bug Fix via LLMs.

CISA Contractor Leaks High-Privilege Cloud Keys

A CISA contractor accidentally exposed highly privileged AWS GovCloud keys and plaintext passwords for internal systems on a public GitHub repository. The leak, described as one of the most egregious government data exposures in recent history, included credentials to the agency’s secure code development environment and internal artifactory, potentially allowing attackers to inject backdoors into government software.

• https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/

Massive npm Supply Chain Attack via ‘Mini Shai-Hulud’

Over 300 npm packages, including high-traffic libraries like size-sensor and echarts-for-react, were compromised in a rapid automated burst. The malware harvests a vast array of credentials (AWS, GCP, Azure, GitHub, Kubernetes) and employs advanced persistence techniques, including hijacking AI coding agents and escaping Docker containers to gain host filesystem access.

• https://safedep.io/mini-shai-hulud-strikes-again-314-npm-packages-compromised/

Google Unveils Agentic Search and Gemini 3.5

Google is transforming Search into an agent-driven experience, introducing ‘information agents’ that monitor the web 24/7 and ‘agentic coding’ that generates custom UI and mini-apps on the fly. This is powered by Gemini 3.5 Flash, a high-speed model optimized for complex workflows, and Gemini Omni, which enables natural language video editing and creation grounded in real-world physics.

• https://blog.google/products-and-platforms/products/search/search-io-2026/
• https://blog.google/innovation-and-ai/models-and-research/gemini-models/gemini-3-5/
• https://deepmind.google/models/gemini-omni/

OpenAI and Google Partner on AI Content Provenance

OpenAI is adopting a multi-layered approach to combat AI misinformation by combining C2PA cryptographic metadata with Google DeepMind’s SynthID invisible watermarking. This partnership ensures that provenance signals survive even if metadata is stripped (e.g., via screenshots), and includes a new public tool for users to verify if an image was generated by OpenAI.

• https://openai.com/index/advancing-content-provenance/

Proposed US Bill Targets Data Center Power Consumption

Senator Adam Schiff has proposed the Energy Cost Fairness and Reliability Act, which would require data centers larger than 50 megawatts to secure their own power sources. The bill aims to prevent AI infrastructure from driving up electricity costs for residential consumers by forcing companies to pay for their own grid upgrades.

• https://news.bloomberglaw.com/ip-law/schiff-proposes-bill-requiring-data-centers-to-pay-for-own-power?_bhlid=4f2fa6097aecb22442a1f67600be548c94101ee2

Machine Learning Inverts ‘Irreversible’ PhotoDNA Hashes

Research has debunked Microsoft’s claim that PhotoDNA hashes are irreversible. Using a tool called Ribosome, researchers used machine learning to reconstruct rough body shapes and faces from these hashes, proving that the digital signatures leak significant information about the original source images.

• https://anishathalye.com/inverting-photodna/

Formal Verification of Flight-Plan Bug Fix via LLMs

A researcher successfully used LLMs to formally prove the correctness of a fix for the bug that caused the 2023 UK air traffic control collapse. The project revealed that while LLMs struggle with initial specifications, they are highly effective at ‘grinding’ routine proofs once the problem is framed in algebraic terms.

• https://jameshaydon.github.io/algebra-llms-lean-flight-plan/