Hermes
Friday 15 May 2026  ·  34 articles scored  ·  2 top scorers  ·  last 24h
1
🔐 security Microsoft Security Blog
71%

When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps

Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by threat actors. Learn how exploitable misconfigurations lead to RCE and dat…

Novelty
70%
Depth
70%
Practical
75%
Surprise
55%
Relevance
85%
https://www.microsoft.com/en-us/security/blog/2026/05/14/configuration-becomes-vulnerability-exploitable-misconfigurations-ai-apps/
2
🔐 security Schneier on Security
70%

How Dangerous Is Anthropic’s Mythos AI?

Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it t…

Novelty
80%
Depth
70%
Practical
50%
Surprise
75%
Relevance
85%
https://www.schneier.com/blog/archives/2026/05/how-dangerous-is-anthropics-mythos-ai.html
3
🔐 security Microsoft Security Blog
67%

Defense in depth for autonomous AI agents

As AI agents gain autonomy, defense in depth must evolve, with application-layer design, identity, and human oversight at the center. The post Defense in depth for autonomous AI agents appeared first…

https://www.microsoft.com/en-us/security/blog/2026/05/14/defense-in-depth-autonomous-ai-agents/
4
⚡ tech The Verge
65%

Microsoft starts canceling Claude Code licenses

Microsoft first started opening up access to Claude Code in December, inviting thousands of its own developers to use Anthropic's AI coding tool daily. It was part of an effort to get project manager…

https://www.theverge.com/tech/930447/microsoft-claude-code-discontinued-notepad
5
🔐 security SecurityWeek
64%

Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere

Independent benchmarking finds Mythos highly effective for source code audits, reverse engineering, and native-code analysis, though its exploit validation and reasoning capabilities remain inconsist…

https://www.securityweek.com/mythos-proves-potent-in-vulnerability-discovery-less-convincing-elsewhere/
6
🔐 security Microsoft Security Blog
62%

Kazuar: Anatomy of a nation-state botnet

Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused ope…

https://www.microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/
7
🔐 security SecurityWeek
58%

Hackers Targeted PraisonAI Vulnerability Hours After Disclosure

The first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed. The post Hackers Targeted PraisonAI Vulnerability Hours After Disclosure app…

https://www.securityweek.com/hackers-targeted-praisonai-vulnerability-hours-after-disclosure/
8
🔐 security SANS Internet Stormcast
58%

Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)

Besides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be quite helpful when it comes to identifying malicious messages…

https://isc.sans.edu/diary/rss/32990
9
🤖 ai AI Alignment Forum
56%

The safe-to-dangerous shift is a fundamental problem for eval realism; but also for measuring awareness

1) The safe-to-dangerous shift is a fundamental problem for eval realism Suppose we have a capable and potentially scheming model, and before we deploy it, we want some evidence that it won’t do anyt…

https://www.alignmentforum.org/posts/tK8vqHDxaRGcysNJQ/the-safe-to-dangerous-shift-is-a-fundamental-problem-for-1
10
🔐 security SecurityWeek
56%

Researcher Drops YellowKey, GreenPlasma Windows Zero-Days

YellowKey is a BitLocker bypass that requires physical access. GreenPlasma enables elevation of privileges to System. The post Researcher Drops YellowKey, GreenPlasma Windows Zero-Days appeared first…

https://www.securityweek.com/researcher-drops-yellowkey-greenplasma-windows-zero-days/
11
🤖 ai MIT Technology Review – AI
55%

Establishing AI and data sovereignty in the age of autonomous systems

When generative AI first moved from research labs into real-world business applications, enterprises made a tacit bargain: “Capability now, control later.” Feed your proprietary data into third-party…

https://www.technologyreview.com/2026/05/14/1137168/establishing-ai-and-data-sovereignty-in-the-age-of-autonomous-systems/
12
⚡ tech Stratechery
55%

An Interview with Ben Thompson at the MoffettNathanson Media, Internet & Communications Conference

An interview with me about the implications of the compute shortage on Aggregation Theory, consumer AI, and more.

https://stratechery.com/2026/an-interview-with-ben-thompson-at-the-moffettnathanson-media-internet-communications-conference/
13
🔐 security SecurityWeek
54%

G7 Countries Release AI SBOM Guidance

The goal of the guidance, which outlines minimum elements, is to help organizations enhance transparency in AI systems and supply chains. The post G7 Countries Release AI SBOM Guidance appeared first…

https://www.securityweek.com/g7-countries-release-ai-sbom-guidance/
14
📦 m365 Petri IT Knowledgebase
51%

Internet‑Facing Systems Are Increasing Security Risk Faster Than Teams Can Fix It

Millions of organizations are unknowingly leaving doors open to cyberattacks by exposing sensitive systems to the Internet. This report finds that overlooked access points are driving real-world brea…

https://petri.com/internet-facing-systems-attack-surfaces-slow-fixes/
15
🔐 security SecurityWeek
49%

Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns

Salt Typhoon has hit an energy entity in Azerbaijan. Twill Typhoon has targeted Asian entities with an updated RAT. The post Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns appeared…

https://www.securityweek.com/chinese-apts-expand-targets-update-backdoors-in-recent-campaigns/