Wednesday, June 3, 2026

What happened: Hackers exploited Meta's AI support chatbot to hijack high-profile Instagram accounts by requesting email address changes, bypassing two-factor authentication entirely, while researchers discovered a second exploit already circulating on Telegram. Google simultaneously launched a new feature for its Phone app to protect users from AI impersonation scams.

Key details:

• High-profile targets included the Obama White House Instagram page
• The attack worked by simply asking Meta's AI chatbot to change the email address on file, completely bypassing two-factor authentication
• Meta patched the initial flaw, but security researchers have already identified a new exploit circulating on Telegram
• Google's Phone app will now flag incoming calls as suspicious when they appear to come from the same number as one of the user's contacts, a known indicator of AI impersonation attempts

Why it matters: These incidents highlight the dual nature of AI security challenges: AI systems can both create new attack surfaces (the Meta chatbot vulnerability) and provide new defense mechanisms (Google's call screening). The rapid discovery of a second exploit after Meta's patch indicates that account takeover via AI chatbots may represent a persistent class of vulnerability.

Practical takeaway: Users should enable SMS or authentication app-based two-factor authentication rather than relying on email-based verification, and enable Google's new Phone app impersonation detection feature.

What happened: Anthropic is scaling up Project Glasswing, its security vulnerability hunting program, from approximately 50 partners to 150 new partners across more than 15 countries, all using Claude Mythos Preview to scan critical infrastructure for security flaws.

Key details:

• The expanded partner network brings the total to 150+ organizations across 15+ countries
• Partners already on board have discovered over 10,000 serious vulnerabilities in critical software systems
• Claude Mythos Preview is being deployed specifically to identify exploit chains and critical infrastructure weaknesses
• Anthropic is simultaneously monetizing the vulnerability discovery through a separate commercial offering called Claude Security

Why it matters: The expanded deployment demonstrates Claude Mythos Preview's practical capabilities in security applications and positions critical infrastructure security as a major use case for frontier AI models. The program creates a dual business model where Anthropic profits from both identifying vulnerabilities and selling solutions to remediate them.

Practical takeaway: Organizations managing critical infrastructure should consider whether their systems may be included in Project Glasswing's scan and plan accordingly for potential vulnerability disclosures.

What happened: President Donald Trump signed an executive order creating a "voluntary framework" for AI companies to share their frontier models with the federal government before public release, while the UK's Competition and Markets Authority (CMA) imposed a new conduct rule requiring Google to allow publishers to opt out of AI Search features.

Key details:

• Trump's executive order aims to "promote secure innovation and strengthen the cybersecurity of critical infrastructure" through pre-release model review
• The framework is described as "voluntary" rather than mandatory, reflecting the administration's position that the US AI industry has succeeded partly "because we refuse to stifle this" innovation
• The UK CMA ruling gives website owners control over whether their content appears in AI Search features like Google's AI Overviews
• Publishers can prevent their content from being used to train or inform these AI features under the new conduct rule

Why it matters: These regulatory developments signal divergent approaches: the US prioritizes voluntary cooperation with industry for security purposes, while the UK emphasizes publisher rights and content control. The CMA ruling sets a precedent for regulatory oversight of AI-powered search and may influence similar policies in other jurisdictions.

Practical takeaway: AI companies should prepare for increased government engagement in the US and implement publisher opt-out mechanisms for AI search features in jurisdictions following the UK's CMA approach.

What happened: OpenAI expanded Codex with role-specific plugins for non-developer use cases, while Nous Research released Hermes Desktop, an open-source AI agent platform under the MIT license.

Key details:

• OpenAI's Codex expansion includes role-specific plugins for data analysis, sales, and investment banking
• Codex has reached 5 million weekly users, with one in five users not being a developer
• The non-developer user base is growing three times faster than the developer base
• Nous Research released Hermes Desktop as an open-source, MIT-licensed AI agent app available across all platforms
• OpenAI is positioning Codex as an all-purpose work application rather than a coding-specific tool

Why it matters: The rapid growth of non-developer Codex usage and the new role-specific plugins demonstrate that agentic AI tools are successfully moving beyond technical audiences. Open-source alternatives like Hermes Desktop provide developers with options for building agent applications without proprietary dependencies.

Practical takeaway: Non-technical professionals in data analysis, sales, and investment banking should evaluate OpenAI Codex with role-specific plugins, while developers interested in open-source agents should explore Nous Research's Hermes Desktop.

What happened: Google announced five water-related commitments to address concerns about the environmental impact of AI data center buildout, including a goal to replenish more water than the company consumes in communities where its data centers operate.

Key details:

• Google laid out five specific commitments focused on water use and environmental sustainability
• The company's approach involves actively increasing water for local communities rather than minimizing consumption alone
• These commitments come in response to widespread backlash regarding the environmental impact of AI data center expansion across the United States

Why it matters: Water consumption from AI data centers has become a significant environmental and regulatory concern. Google's commitments signal that infrastructure companies are acknowledging these concerns and attempting to demonstrate environmental responsibility, though critics question whether water replenishment adequately offsets consumption.

Practical takeaway: Communities hosting AI data centers should review Google's specific water replenishment commitments and hold the company accountable to measurable outcomes.

What happened: Microsoft announced seven new in-house AI models at Build 2026, including MAI-Thinking-1, its first advanced reasoning model, and unveiled new infrastructure for agent-driven applications including Project Solara, an Android-based OS for AI agent gadgets, and Microsoft Scout, an always-on assistant powered by OpenClaw architecture.

Key details:

• MAI-Thinking-1 is described as Microsoft's flagship reasoning model, marking an ambitious step into independent model development after relying primarily on OpenAI models previously
• Microsoft's image generation capabilities now outperform Google's according to competitive analysis, while the company is playing "catch-up" on reasoning capabilities
• Microsoft Scout integrates into Microsoft 365 apps including Outlook, OneDrive, and Microsoft Teams to assist with tasks like organizing calendars, expense reporting, and email drafting
• Project Solara is built on Android, not Windows, and includes concept devices such as a Desk concept and badge
• Surface RTX Spark Dev Box is a miniature developer PC powered by Nvidia's new Arm-based RTX Spark chips, optimized for sustained workloads and local AI tasks
• A new tuning method was introduced alongside the model announcements

Why it matters: Microsoft's move toward developing its own frontier models signals reduced dependence on OpenAI following their renegotiated partnership, strengthening Microsoft's competitive position in AI. The launch of Project Solara and Scout shows the company is building comprehensive agent infrastructure to compete with Google's similar initiatives.

Practical takeaway: Developers and enterprises should monitor Microsoft's MAI model capabilities and Project Solara's agent framework as viable alternatives to Google and OpenAI offerings for building agentic applications.