The Big Picture

The infrastructure of power — government networks, security vendors, AI agents managing real money — is cracking open in real time, and the people responsible for protecting it are either asleep, captured, or cashing out. While Anthropic co-founders calculate the odds that AI will outpace human control by 2028, the Trump White House is quietly reversing its deregulatory posture on AI oversight — not out of principle, but because the technology got too dangerous to ignore. The through-line is always the same: capability races ahead, accountability lags behind, and working people and vulnerable communities bear the cost of the gap.

Today's Stories

The Companies Paid to Protect You Keep Getting Compromised — and Nobody's Talking About Who's Exposed

Trellix — the cybersecurity firm born from the merger of McAfee Enterprise and FireEye, contracted to protect government agencies and global banks — confirmed this week that attackers accessed a portion of its source code repository. This follows Checkmarx disclosing a similar GitHub repository compromise on April 27. Two security vendors breached in eight days. Trellix says it found no evidence that its product distribution process was tampered with, but has not disclosed who was behind the attack or how long access persisted. Here's what that silence costs: source code for an endpoint detection product is a map of every detection, every bypass, every blind spot. The clients who pay Trellix to guard their systems — including public institutions — are now operating on trust alone. If a tampered update ships in the next 90 days, the downstream victims won't be the executives who signed the contracts. They'll be the public servants, the patients, the students whose data lives on those networks. Accountability starts with disclosure. Trellix owes its clients the full picture.

Government Networks in Southeast Asia Breached Because a Patch Sat Uninstalled

The CISA deadline for patching a critical cPanel authentication bypass expired Sunday night. For Philippine military and Laotian government networks, it was already too late. Exploitation of CVE-2026-41940 — a flaw that grants full administrative control without credentials — was detected on May 2, with attacks traced to a single IP address hitting .mil.ph, .ph, and *.gov.la domains. cPanel issued a patch on April 28. Shadowserver observed roughly 44,000 IPs scanning or attacking vulnerable systems. The shift from mass-scanning to deliberate targeting of military and government domains suggests intelligence collection, not ransomware. This is the predictable consequence of chronically under-resourced public-sector IT. Governments across the Global South are asked to defend sophisticated digital infrastructure on budgets that wouldn't cover a mid-tier consulting retainer. The attackers know this. The vendors selling those governments hosting services know this. The question accountability journalism asks is: who profits from the vulnerability, and who pays when it's exploited?

A Linux Flaw Is Being Actively Exploited — Federal Deadline Is May 15, and Red Hat Hasn't Patched

CVE-2026-31431, dubbed "Copy Fail" by researchers, is a local privilege escalation flaw in the Linux kernel confirmed by CISA as actively exploited as of May 1. Any attacker with even a minimal foothold — a compromised web app, a phished worker account — can use it to become root on the system. Federal civilian agencies have until May 15 to patch. Ubuntu, Debian, Rocky, and SUSE have shipped fixes. Red Hat, as of Monday's reporting, had not. Microsoft's security team warned it is seeing "preliminary testing activity" likely to escalate within days. Linux powers a vast share of public-sector infrastructure, hospital systems, and the servers that underpin the digital commons. The workers and communities who depend on those systems don't get to wait for patch cycles. CERT-EU is specifically flagging Kubernetes nodes and CI/CD runners as highest priority. If your organization runs Red Hat and hasn't received a patch by Friday, you should be asking your vendor — loudly — why not.

The Trump White House Is Quietly Building the AI Oversight Regime It Spent a Year Attacking

Six months ago, JD Vance stood in Paris and warned that regulating AI would "kill a transformative industry." This Monday, the New York Times reported that President Trump is now considering an executive order to create an AI working group to examine pre-release oversight of new models — after senior officials briefed Anthropic, Google, and OpenAI executives on the plans. What changed? A single model. Anthropic's Mythos system is reportedly so capable at finding security vulnerabilities that Anthropic itself declined to release it publicly and warned of a coming cybersecurity "reckoning." The labs that spent years lobbying against regulation are now helping draft the rules. David Sacks, the deregulation-friendly AI czar, departed in March. The Office of the National Cyber Director is now driving the conversation. The White House calls the reports "speculation" — but you don't brief the CEOs of Anthropic, Google, and OpenAI on speculation. Watch the verb carefully: "first access" for government review is meaningless oversight theater. "Approval required" is something else entirely. Either way, the industry wrote the deregulatory playbook and is now writing the regulatory one.

AI Agents Are Moving Real Money — and the Security Architecture Is a Joke

On May 4, an attacker drained approximately $175,000 from a wallet linked to xAI's Grok agent using Morse code embedded in an X post. The attacker sent a Bankr Club Membership NFT to unlock transfer capabilities, then hid malicious instructions in dots and dashes. Grok decoded them. Bankrbot — an autonomous finance agent — read Grok's output as an authoritative command and sent 3 billion DRB tokens. Neither system was "hacked" in the traditional sense. The vulnerability was the handoff: one model's public output became another agent's execution order. CryptoSlate reports that a previous version of Bankrbot had a hardcoded block specifically preventing this kind of LLM-on-LLM injection — and the protection was dropped in a rewrite. About 80% of funds were reportedly recovered as of May 4. The financial stakes here are relatively modest. The architectural stakes are not. Enterprises are wiring AI agents into payroll systems, procurement workflows, and healthcare records. The same vulnerability class that cost $175,000 in a crypto experiment will cost something far larger when it hits a system that touches workers' wages or patients' data.

What to Watch

• [CONFIRMED] If Trellix's forensic investigation names a poisoned open-source dependency or stolen developer credential as the initial access vector, then a third and fourth security vendor disclosing similar breaches within weeks would confirm a systematic campaign targeting the vendors above the customers — with potentially hundreds of downstream exposures across government and financial clients. (Confirmed: two vendor breaches in eight days already on record)
• [ASSESSED] If Red Hat does not ship a Copy Fail patch before May 15, then ransomware affiliates will have a stable, publicly documented privilege escalation primitive against the most conservative enterprise Linux footprint in the world — disproportionately affecting public-sector and healthcare organizations that standardize on RHEL. (Assessed: based on active exploitation confirmation and Microsoft's escalation warning)
• [ASSESSED] If the Trump White House executive order on AI oversight uses "approval required" language rather than "first access" review, then the labs that successfully killed Biden's AI executive order will have handed the government a veto over frontier model releases — a policy outcome they lobbied against for years, now authored in part by themselves. (Assessed: based on reported lab briefings and personnel shifts at the White House)
• [SPECULATIVE] If enterprise AI agent platforms do not adopt inter-agent message validation as a default security requirement, then the Morse-code Grok exploit will be remembered as the proof-of-concept for a far more damaging attack against systems managing worker benefits, financial transfers, or medical records — and the companies that skipped the hardening will claim they couldn't have anticipated it. (Speculative: architectural vulnerability confirmed; enterprise-scale exploitation not yet observed)

The Closer

The same week an Anthropic co-founder put 60% odds on AI building its own successors by 2028, a hacker drained $175,000 from an AI agent using Morse code — and the protection that would have stopped it was deleted in a software rewrite. Capability is not the problem. Accountability is. The people building these systems are moving fast, getting rich, and asking the rest of us to trust that they'll figure out the safety part before something irreversible happens. We've heard that promise before — from the banks, from the oil companies, from the social media platforms. Accountability journalism exists because that promise has a track record.