Threat Landscape Briefing – May 2026

In this month’s briefing we explore:

• Prepare for AI That Can Exploit Software at Scale – By Michel Hebert (01:19)
  • Anthropic has launched Project Glasswing, a restricted cybersecurity initiative built around Claude Mythos Preview, an unreleased frontier model that the company says is too dangerous for public release.
  • Discover how Info-Tech can help you Develop a Strategic Plan For Intelligent Application Security.
• Roblox Cheat Leads to a $2 Million Breach: The Vercel-Context.ai Supply Chain Incident – By Kate Wood (10:29)
  • In April, cloud development vendor Vercel disclosed unauthorized access to some of its internal systems.
  • Learn how Info-Tech’s research can help you Assess and Govern Identity Security.
• NIST No Longer Rates Some Vulnerabilities – By Bob Wilson (18:35)
  • On April 15, NIST stopped enriching and assigning severity scores to lower-priority CVEs published in the NVD.
  • Explore Info-Tech’s guidance on how to Implement Risk-Based Vulnerability Management.
• Leaked Windows Zero-Day Exploited in Attack – By Ahmad Jowhar (27:57)
  • End users are actively leveraging the browser in ways that circumvent traditional security controls. And while this isn’t a new problem, it’s one that will demand ever more attention as employees continue exploring how unsanctioned AI tools can boost their productivity.
  • See Info-Tech’s guidance on how to Build a Robust Security Architecture With Microsoft Technologies.