Hermes — Friday 17 April 2026

1

🔐 security SecurityWeek

72%

‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

Researchers warn that a flaw in Anthropic’s Model Context Protocol allows unsanitized commands to execute silently, enabling full system compromise across widely used AI environments. The post ‘By De…

Novelty

80%

Depth

60%

Practical

65%

Surprise

75%

Relevance

90%

https://www.securityweek.com/by-design-flaw-in-mcp-could-enable-widespread-ai-supply-chain-attacks/

2

🔐 security SecurityWeek

68%

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A researcher has disclosed the details of the AI attack method he has named ‘Comment and Control’. The post Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments …

https://www.securityweek.com/claude-code-gemini-cli-github-copilot-agents-vulnerable-to-prompt-injection-via-comments/

3

🔐 security Microsoft Security Blog

68%

Incident response for AI: Same fire, different fuel

AI changes how incidents unfold and how we respond. Learn which IR practices still apply and where new telemetry, tools, and skills are needed. The post Incident response for AI: Same fire, different…

https://www.microsoft.com/en-us/security/blog/2026/04/15/incident-response-for-ai-same-fire-different-fuel/

4

🔐 security Microsoft Security Blog

66%

Building your cryptographic inventory: A customer strategy for cryptographic posture management

Learn how to build a comprehensive cryptographic inventory and strengthen quantum‑safe readiness using Microsoft Security tools, best‑practice lifecycle models, and partner solutions. The post Buildi…

https://www.microsoft.com/en-us/security/blog/2026/04/16/building-your-cryptographic-inventory-a-customer-strategy-for-cryptographic-posture-management/

5

🤖 ai AI Alignment Forum

65%

Current AIs seem pretty misaligned to me

Many people—especially AI company employees [1] —believe current AI systems are well-aligned in the sense of genuinely trying to do what they're supposed to do (e.g., following their spec or constitu…

https://www.alignmentforum.org/posts/WewsByywWNhX9rtwi/current-ais-seem-pretty-misaligned-to-me

6

🔐 security Microsoft Security Blog

64%

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North Korean threat actor Sapphire Sleet that abuses user driven execution and socia…

https://www.microsoft.com/en-us/security/blog/2026/04/16/dissecting-sapphire-sleets-macos-intrusion-from-lure-to-compromise/

7

📦 m365 Microsoft 365 Blog

64%

Bring your everyday business apps into the flow of work with agents in Microsoft 365 Copilot

Microsoft 365 Copilot can now bring your go-to apps directly into the conversation, which closes the gap between AI-powered insight and real, in-app action. The post Bring your everyday business apps…

https://www.microsoft.com/en-us/microsoft-365/blog/2026/04/13/bring-your-everyday-business-apps-into-the-flow-of-work-with-agents-in-microsoft-365-copilot/

8

🔐 security SecurityWeek

63%

OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal

GPT‑5.4‑Cyber is a model fine-tuned for defenders, lowering boundaries for legitimate cybersecurity work. The post OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal appeared…

https://www.securityweek.com/openai-widens-access-to-cybersecurity-model-after-anthropics-mythos-reveal/

9

📦 m365 Petri IT Knowledgebase

62%

Microsoft’s April 2026 Patch Tuesday Updates Fix 8 Critical Vulnerabilities

Microsoft has just released the April 2026 Patch Tuesday updates for all supported versions of Windows 11. This month, Microsoft fixed 163 new vulnerabilities in Windows, Office, Microsoft Edge, Azur…

https://petri.com/microsofts-april-2026-patch-tuesday-updates/

10

🤖 ai The Decoder

62%

OpenAI turns Codex into an always-on coding agent that watches your screen

OpenAI is massively expanding its developer tool Codex: the AI can now control a Mac on its own, generate images, remember preferences, and keep working on tasks autonomously for weeks. The move take…

https://the-decoder.com/openai-turns-codex-into-an-always-on-coding-agent-that-watches-your-screen/

11

🔐 security SecurityWeek

60%

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

Researchers found adware capable of killing cybersecurity products and pushing more dangerous payloads to infected systems. The post $10 Domain Could Have Handed Hackers 25k Endpoints, Including in O…

https://www.securityweek.com/10-domain-could-have-handed-hackers-25k-endpoints-including-in-ot-and-gov-networks/

12

🔐 security SecurityWeek

59%

Exploited Vulnerability Exposes Nginx Servers to Hacking

Hackers are exploiting CVE-2026-33032, a critical remote takeover vulnerability in the Nginx UI management tool. The post Exploited Vulnerability Exposes Nginx Servers to Hacking appeared first on Se…

https://www.securityweek.com/exploited-vulnerability-exposes-nginx-servers-to-hacking/

13

🤖 ai MIT Technology Review – AI

59%

Treating enterprise AI as an operating layer

There’s a fault line running through enterprise AI, and it’s not the one getting the most attention. The public conversation still tracks foundation models and benchmarks—GPT versus Gemini, reasoning…

https://www.technologyreview.com/2026/04/16/1135554/treating-enterprise-ai-as-an-operating-layer/

14

🤖 ai The Decoder

58%

Anthropic's Claude Opus 4.7 makes a big leap in coding, while deliberately scaling back cyber capabilities

Anthropic's new flagship model Claude Opus 4.7 delivers major improvements in coding tasks. During training, the company deliberately tried to reduce certain cybersecurity capabilities. The article A…

https://the-decoder.com/anthropics-claude-opus-4-7-makes-a-big-leap-in-coding-while-deliberately-scaling-back-cyber-capabilities/

15

🔐 security SecurityWeek

53%

Capsule Security Emerges From Stealth With $7 Million in Funding

The Israeli startup aims to secure AI agents at runtime, continuously monitoring their behavior to prevent unsafe actions. The post Capsule Security Emerges From Stealth With $7 Million in Funding ap…

https://www.securityweek.com/capsule-security-emerges-from-stealth-with-7-million-in-funding/