Saturday, May 30, 2026

What happened: Attackers have discovered how to weaponize the chat-sharing features in ChatGPT and Claude, distributing malware through shared conversation links that mimic legitimate error messages and installation guides.

Key details:

• Malware is embedded within shared ChatGPT and Claude chats, leveraging the trusted domains of these platforms to bypass security tools
• The attacks mimic error messages and software installation guides to trick users
• Shared chats hosted on OpenAI and Anthropic domains evade detection that would typically flag malware
• The chat-sharing feature, designed for collaboration, is being repurposed as a distribution vector

Why it matters: This represents a novel attack surface that exploits the trust users place in official AI platforms. Because the malicious content appears to come from trusted OpenAI and Anthropic domains, it bypasses traditional security filters, making it an effective vector for widespread malware delivery.

Practical takeaway: Users should be cautious when clicking links to shared chats from untrusted sources and avoid executing installation instructions or downloading files from unsolicited chat links, even if they appear to come from legitimate AI platforms.

What happened: Google DeepMind released Gemini 3.5, a model designed for complex agentic workflows, introduced Gemini Omni for multimodal processing, and expanded Gemini for Science with new tools and experiments for scientific research and discovery.

Key details:

• Gemini 3.5 is built specifically to handle complex, agentic workflows and automated tasks
• Gemini Omni represents a new multimodal model architecture
• Gemini for Science launched as a collection of AI experiments and tools to expand scientific exploration at greater scale and precision
• WeatherNext, Google's weather prediction model, assisted the National Hurricane Center in forecasting Hurricane Melissa's historic landfall in Jamaica, providing unprecedented preparation time
• Google expanded access to Google AI Ultra subscribers globally

Why it matters: Google is systematically expanding Gemini across the agentic, multimodal, and scientific domains—three areas where frontier AI can deliver measurable value. The WeatherNext case demonstrates real-world impact in emergency preparedness, while the Science tools signal a strategic push to position Gemini as a research accelerant for academia and institutions.

Practical takeaway: For research-focused organizations, explore Gemini for Science tools to augment your discovery workflows; for operations teams, evaluate Gemini 3.5's agentic capabilities for automating complex multi-step processes.

What happened: OpenAI's Codex AI tool now includes "Computer Use" functionality that allows it to autonomously control Windows 11 PCs, testing applications, hunting for bugs, and executing tasks without human intervention.

Key details:

• Codex runs natively on Windows 11 with full "Computer Use" capability for autonomous program control
• The tool can independently test applications, identify bugs, and execute system tasks
• Users can start and monitor tasks remotely through the ChatGPT mobile app when not at the PC
• The mobile app integration enables remote task initiation and progress tracking

Why it matters: This represents a significant expansion of AI agent capabilities from code generation to direct system automation. Organizations can now delegate desktop testing and QA work to AI agents that can operate autonomously across Windows environments, potentially streamlining software development and maintenance workflows.

Practical takeaway: Test Codex's Windows Computer Use capability in non-critical environments first to assess how autonomous desktop automation impacts your QA and testing processes.

What happened: Google fixed multiple critical bugs in Gemini that were causing video quota depletion, increased Ultra member video generation allowances, and clarified usage transparency across features.

Key details:

• A bug in Google's Gemini app allowed just one or two Omni videos to exhaust entire usage quotas
• Google increased Ultra member video generation limits to double the previous allocation
• Failed video generation requests are no longer charged against user quotas
• Google plans to add more transparency tools around usage metrics across other features

Why it matters: These fixes address a critical user pain point: unexpected quota exhaustion that made the premium Gemini Ultra tier feel unreliable. Doubling video generation allowances and removing charges for failed requests directly improves value perception and user trust in the platform's billing fairness.

Practical takeaway: Gemini Ultra subscribers should refresh their understanding of current quota limits, as the fixes materially improve the video generation budget you can now use without overage concerns.

What happened: Salesforce reported dramatic productivity improvements from migrating to AI agents while an unnamed company incurred a catastrophic $500 million bill in a single month from uncapped Claude usage, illustrating the dual promise and peril of enterprise AI agent adoption.

Key details:

• Salesforce migrated its entire dev org to Anthropic's Claude Code with no token limits for April 2026, reporting 79% more pull requests per developer and 5% fewer incidents
• Salesforce claims the migration cut a 231-day database migration timeline down to 13 days
• An unnamed company spent approximately $500 million on Claude licenses in one month due to lack of usage limits
• The high spending reflects failure to set cost guardrails in model selection and context engineering
• Salesforce's metrics cannot be independently verified

Why it matters: These contrasting cases reveal a critical gap in enterprise AI readiness: organizations that properly configure cost controls can see substantial productivity multipliers, but those lacking AI expertise face ruinous overspend. The divide highlights that agent benefits are real but fragile—dependent on mature cost governance and model expertise.

Practical takeaway: Before deploying AI agents at scale, implement mandatory usage limits, budget caps, and cost monitoring in your AI platform configuration to avoid uncontrolled spending.

What happened: OpenAI released an updated version of GPT-5.5 Instant with improved readability, phased out Canvas feature support, and announced a free public program offering its life sciences model GPT-Rosalind to governments and institutions for pandemic preparedness.

Key details:

• GPT-5.5 Instant received a readability upgrade to generate more natural responses
• Canvas feature was removed from latest OpenAI models; writing and coding tasks now run directly in chat
• Older o3 and GPT-4.5 models are being retired from ChatGPT, shutting down by August 2026 at the latest
• OpenAI launched the Rosalind Biodefense program, offering GPT-Rosalind model free to eligible organizations
• Early partners in Rosalind Biodefense include Lawrence Livermore National Laboratory, Johns Hopkins University, and vaccine initiative CEPI
• Applications for Rosalind Biodefense are open worldwide

Why it matters: The GPT-5.5 Instant updates streamline the user experience by eliminating a separate canvas mode, while the Rosalind Biodefense program signals OpenAI's strategic interest in public health and biosecurity by placing its life sciences model directly in the hands of pandemic preparedness institutions with no commercial barrier.

Practical takeaway: Plan to update workflows that depend on Canvas feature before August 2026 model retirement, and if your institution works in pandemic preparedness or biodefense, apply for free GPT-Rosalind access through the Rosalind Biodefense program.