AI Daily

25 May 2026: AI Finds 10,000 Flaws as Trump Pulls His AI Order (AM)

Anthropic's Mythos Preview has found 10,000+ critical software vulnerabilities worldwide. Trump shelved his AI executive order hours before signing.

Anthropic has revealed that its most capable AI model has uncovered more than ten thousand critical security vulnerabilities in the software that underpins the modern internet, creating a patching problem faster than any human team can resolve. Elsewhere, Donald Trump shelved a landmark AI executive order just hours before signing it, and Amazon’s conversation-recording wearable has grown sophisticated enough to raise new questions about what we are comfortable letting AI hear.

Anthropic’s Claude Mythos Preview has found more than ten thousand high- or critical-severity vulnerabilities in the world’s most widely used software, and cybersecurity teams are now racing to patch faster than the model can find. An update published on Friday as part of Project Glasswing confirmed that roughly 50 partner organisations have used Mythos Preview to scan the critical systems billions of people rely on daily. Cloudflare found 2,000 bugs across its infrastructure, 400 rated high or critical severity. Mozilla patched 271 vulnerabilities in Firefox 150 during testing, more than ten times the number found in the previous version with an earlier Claude model. The UK’s AI Security Institute reports that Mythos Preview is the first model to solve both of its cyber ranges end to end, which simulate full multistep cyberattacks. Understanding what rigorous AI evaluation looks like matters here: these figures come from third-party verification, not the model’s own assessment.

The core tension is that Mythos Preview is not publicly available precisely because it is so capable. The bottleneck is no longer finding vulnerabilities but patching them. High-severity bugs are taking an average of two weeks to fix, and some open-source maintainers have asked Anthropic to slow its rate of disclosure because they are overwhelmed. Claude Security, a new public beta for enterprise customers, uses Claude Opus 4.7 to help businesses scan their own codebases and has helped patch more than 2,100 vulnerabilities in its first three weeks. For UK IT teams managing large software estates, the message is clear: patch cycles are about to shorten significantly.

Technology security network visualisation

Donald Trump abruptly cancelled the signing of a landmark AI executive order just hours before the event was due to take place, telling reporters he did not want to do anything that might interfere with America’s position in the global AI race. The unsigned draft would have established a voluntary framework in which AI developers could submit advanced models to federal agency review up to 90 days before public release. The plan collapsed after a senior adviser and several tech executives opposed it.

The withdrawal leaves the United States without a unified federal approach to reviewing powerful AI models before deployment. The UK has been building testing capacity through its AI Safety Institute, and the EU’s AI Act includes mandatory requirements for high-risk systems. For now, the US default remains voluntary. Whether the order is redrafted or dropped entirely will shape AI regulation for the rest of 2026.

Amazon’s Bee wearable, a small device worn as a clip-on pin or a bracelet, has grown significantly since Amazon acquired the company earlier this year, and a TechCrunch hands-on assessment this weekend found it impressive and unsettling in roughly equal measure. The device records conversations continuously throughout the day, transcribes them in real time, and builds a structured log of your commitments and context. A new Actions feature can draft emails and create calendar invites directly from things you have said aloud, without manual input. Amazon says no audio is ever stored and that only the account holder can access transcripts.

The Bee represents a new category of consumer AI: not an assistant you summon, but one that watches and listens constantly, stepping in when it identifies something useful to do. For anyone exploring AI tools worth paying for, the Bee sits at an interesting boundary between productivity device and persistent personal data collection. It is currently available in the US; UK availability has not been confirmed.

Taiwanese authorities have detained three people for allegedly trying to export servers loaded with Nvidia chips to China, and Nvidia chief executive Jensen Huang has urged server manufacturer Super Micro to tighten its compliance processes in response. Nvidia chips remain subject to US export licence requirements for sales to China, and the incident highlights how difficult those restrictions are to enforce across a supply chain that spans multiple countries. Super Micro, which assembles high-density AI server hardware, is now under pressure to demonstrate its compliance systems are robust. For UK and European businesses purchasing Nvidia-based AI infrastructure, stricter enforcement could affect component availability and lead times.

Worth Watching

Claude Security

Best for: Enterprise teams scanning codebases for vulnerabilities

Public beta using Claude Opus 4.7 to find and propose fixes for software security flaws.

View product →

Amazon Bee

Best for: Professionals wanting AI-assisted conversation capture

Wearable that transcribes your day and turns conversations into emails and calendar invites automatically.

View product →

ExploitBench

Best for: Security researchers tracking AI exploit capabilities

Academic benchmark measuring how well frontier AI models can develop and execute software exploits.

View product →

Here is everything else worth knowing from this morning’s AI news.

  • The US NTSB has suspended public access to its civil aviation accidents database after people used AI to reconstruct the voices of pilots who died in a 2025 UPS crash, using documents from the investigation. The move raises questions about what safety data can responsibly remain public in an era of powerful voice synthesis tools. [22 May]
  • Pope Leo has issued the first papal encyclical on artificial intelligence, with Anthropic researcher Christopher Olah invited to attend the Vatican unveiling. The document addresses human dignity, labour, and the ethics of autonomous decision-making. [22 May]
  • Salesforce has been promoting Agentforce in marketing videos that show features not yet widely available to customers, according to Bloomberg. CEO Marc Benioff has defended the campaigns as forward-looking, but the gap between promotional content and live capability is drawing scrutiny. [22 May]
  • AI-generated and AI-narrated pirated audiobooks are proliferating on YouTube, creating an enforcement problem for publishers. Manual removal is slow, and some publishers are now paying specialist technology firms to handle takedowns at scale. [21 May]
  • Memory components now account for nearly two-thirds of AI chip costs, according to new analysis from Epoch AI, reflecting how much the demands of running large language models have shifted the economics of AI hardware. [24 May]
  • OpenAI has been named a Leader in the 2026 Gartner Magic Quadrant for enterprise coding agents, reflecting growing corporate adoption of Codex and GPT-5 series tools for developer workflows. [22 May]

The next meaningful milestone to watch is not which flaws Mythos Preview finds, but how many patches actually land. Anthropic has published a live dashboard at red.anthropic.com tracking the gap between discovery, disclosure, and fix. If that gap widens over the next 30 days, it will signal that the software industry is not keeping pace with what AI-assisted security research can now produce.

This is a daily news update for informational purposes only. AI products and policies change rapidly. Verify details directly with providers before making decisions. Nothing here is financial or legal advice.

AI Daily is Cristoniq’s daily guide to developments in artificial intelligence, published every morning.