AI Daily

23 May 2026: AI Finds 10,000 Critical Bugs, America Drops Safety Rules (AM)

Anthropic's Claude Mythos found 10,000+ critical software bugs in a month. Meanwhile, the US scrapped its AI safety oversight plan.

AI’s dual nature is on full display this weekend: Anthropic’s most powerful model has quietly made critical software across the internet safer, while in Washington, the last serious proposal for keeping dangerous AI in check was dropped after phone calls from the tech industry’s most powerful figures.

Anthropic’s unreleased Claude Mythos Preview model has found more than ten thousand high-severity software vulnerabilities in a single month, the most significant demonstration yet of AI being used to actively protect the internet rather than threaten it. The findings come from Project Glasswing, Anthropic’s collaboration with around fifty partner organisations scanning critical software for security flaws. Cloudflare found 2,000 vulnerabilities using Mythos, with a false positive rate its team describes as better than human testers. Mozilla identified 271 security flaws in Firefox 150 that had not appeared in equivalent scans using Claude Opus 4.6. The UK’s AI Security Institute confirmed Mythos Preview is the first AI model to solve both of its cyber ranges end-to-end, complex simulations of multi-step cyberattacks.

The practical concern is the gap opening between discovery and repair. Mythos finds vulnerabilities faster than the software industry can patch them, and several open-source maintainers have asked Anthropic to slow disclosures because they cannot process the volume. Anthropic has launched Claude Security in public beta for Enterprise customers: a tool that both identifies flaws and proposes fixes. For anyone running software products or managing cloud infrastructure, it is worth checking whether your open-source dependencies are among the 1,000-plus projects now being scanned. Our guide to how AI safety evaluation actually works covers the testing methods producing these results.

A planned executive order that would have introduced safety checks for the most powerful AI models in the United States was scrapped after last-minute calls from some of the tech industry’s most powerful figures. The order would have created a voluntary review process for frontier AI models before public release. It was pulled after David Sacks, Trump’s former AI and crypto adviser, called the president and argued the proposed reviews would slow US innovation and weaken American competitiveness against China. The abandoned draft required only voluntary safety vetting, not mandatory regulation.

The episode matters for UK and EU audiences because it confirms the US is heading in the opposite direction from the EU AI Act and the UK government’s own risk-based approach to frontier AI governance. Developers and businesses building on AI APIs are now operating in sharply diverging regulatory environments, a gap that is becoming a live commercial consideration. Our guide to what can go wrong when AI agents act on your behalf sets out the practical risks in plain terms.

Developer working with code on laptop screen

AI tools have been used to reconstruct the voices of pilots killed in accidents from spectrogram images of cockpit voice recordings, prompting the US National Transportation Safety Board to temporarily block public access to its accident docket system. Spectrograms are visual representations of sound rather than audio files, but reconstruction techniques converted them back into audible voices. The NTSB closed access once it became clear the data was being used outside its original purpose. The case illustrates why the legal definition of biometric data may need updating: AI can now treat an image file as a voice recording, which matters under UK and EU data protection law.

Meta quietly launched a standalone app called Forum on iOS this week, built around Facebook Groups and featuring an AI-powered Q&A function called Ask that surfaces answers from community discussions. Despite a soft launch with no official announcement, Reddit’s share price fell around six per cent on the day, bringing its 2026 decline to nearly forty per cent. Forum allows anonymous posting within groups, a feature Facebook itself does not offer. For small businesses relying on Facebook Groups for customer engagement, the AI Ask function draws on community knowledge rather than the open web, which may make it more useful for niche product questions than a general-purpose chatbot.

Google demonstrated prototype Android XR smart glasses at Google I/O 2026 that use Gemini to overlay real-time translation, navigation, and contextual information directly into the wearer’s field of view, with hands-on reviewers describing them as almost ready. Translation was the strongest use case in testing, with subtitles appearing in the line of sight with usable latency. Battery life and social friction remain the main gaps. The timing is significant: the glasses arrived days after Meta’s Ray-Ban AI glasses continued to gain traction and weeks after Apple was reported to be accelerating its own smart glasses programme.

Worth Watching

Claude Security

Best for: Scanning codebases for critical security vulnerabilities

Anthropic’s AI security tool that both finds flaws and proposes fixes, now in public beta for Enterprise teams.

View product →

Models.dev

Best for: Comparing AI models by price, specs and benchmarks

A free, open-source database covering specifications, pricing and benchmark scores across more than a hundred AI models.

View product →

Android XR

Best for: Tracking Google’s wearable AI hardware roadmap

Google’s platform for AI glasses and headsets, powering the prototype demoed at I/O 2026 with live Gemini translation.

View product →

Here is everything else worth knowing from this morning’s AI news.

  • Nvidia’s Nemotron diffusion language models. Nvidia published a new approach to text generation using diffusion techniques rather than the standard next-token method, claiming near-instant output speeds with potential implications for real-time AI applications.
  • US spy agencies approved a $9 billion AI chip buy. The White House approved a secret request to supply the NSA and CIA with advanced AI chips. Anthropic is reported to be finalising a classified contract to maintain NSA access to its products. [22 May]
  • Google appeals its US search monopoly ruling. Google filed its appeal of the antitrust ruling that found it an illegal search monopolist. The outcome will shape how AI-powered search competitors can access Google’s infrastructure. [22 May]
  • Models.dev launched as a free AI model database. A community-built, open-source resource tracking specs, pricing and benchmarks across more than a hundred AI models. [22 May]
  • Trump green card rules raise concerns among AI researchers. New rules requiring visa holders to return home to apply for permanent residency prompted warnings from Andrew Ng and others that the policy will hurt US competitiveness in AI. [22 May]
  • VCs and AI startups are inflating ARR figures. TechCrunch reported that some AI startups present revenue metrics that overstate actual subscription income, with investors aware of the practice. [22 May]

The clearest indicator to watch this week is the patching rate for vulnerabilities already reported through Project Glasswing. If patching lags significantly behind discovery, that is the signal the software security industry is struggling to absorb AI-powered scanning at scale, and regulatory calls for mandatory update timelines on critical infrastructure could follow quickly.

This is a daily news update for informational purposes only. AI products and policies change rapidly. Verify details directly with providers before making decisions. Nothing here is financial or legal advice.

AI Daily is Cristoniq’s daily guide to developments in artificial intelligence, published every morning.