Kyle Ryan

This is a super exciting release - Claude Fable 5 is the same underlying model as Mythos but with added safeguards. The benchmarks are great and it's SOTA on everything by a margin but I'll add that *qualitatively* also, this is a major-version-bump-deserving step change forward (imo of the same order as Claude 4.5 was in November), peaking especially for long problem-solving sessions on very difficult problems. You can give it a lot more ambitious tasks than what you're used to, the model "gets it" and it will just go, and it's never felt this tempting to stop looking at the code at all (but don't do this in prod!). The model still has quirks that people will run into and the safeguards are configured to be a little too trigger happy for launch, which can hopefully be tuned over time. I feel a lot of things changing as working software increasingly comes out on a tap. The Jevon's paradox kicks in and I feel my own demand for software growing substantially. You can ask for anything - explainers, visualizers, dashboards, bespoke single-use apps (e.g. a full wandb that is hyper-specific just for your project), you can 10X your test suite, auto-optimize code, run giant research projects with custom HTML for the results, anything! "Free your mind" (Matrix ref). Really looking forward to all the things people build!

AI-powered computer worm, a self-replicating agent that reasons its way through a network instead of carrying a fixed exploit list. It steals compute from compromised GPU machines to run its own open-weight LLM, then uses weaker machines as relays for reach. In trials on a corporate testbed, it identified vulnerabilities, exploited systems, and launched replicas across Linux, Windows, and IoT targets. Every new infection can add more infrastructure while costing the attacker almost nothing. Patching one flaw no longer ends the threat, because the worm can operationalise fresh advisories, generate new attack logic, and keep adapting without a human operator. It is not a WannaCry-style worm with one baked exploit and one baked ransomware payload. It can adapt across many vulnerability classes it can discover and operationalise https://t.co/nSupd1h0BG

‼️🚨 BREAKING: Meta's AI feature let attackers hijack Instagram accounts for days with nothing but a username. It was being A/B tested on a slice of users, and if you were in the test, you couldn't turn it off. Among the casualties: the official Obama White House account. The method: get on a VPN near the target's region, ask the Meta AI support agent to send a verification code to any email you control, relay that code back to the agent, and it hands over a password reset link. Without ID or human review. From there, the account is yours. The flaw lived in the AI's logic layer, which acted on recovery requests with no real identity checks. One researcher compared it to the Roblox AI assistant exploit from days earlier, where you needed a target's billing info. Instagram was easier: the username and a regional VPN were enough and victims reported sessions revoked and passwords changed with no email, text, or push alert at all. By the time it went public, the method was common knowledge in blackhat Telegram circles and had been used to allegedly hijack 100+ high-value accounts. Accounts hit: - obamawhitehouse (the archived official Obama White House account, ~2.4M followers. Hackers posted an AI-generated image captioned "The White House is under Shiites' control," plus cryptic anti-Trump and pro-Iranian Stories. Meta confirmed the hack and scrubbed it. - Premium short handles like hey and jowo, worth over $1M combined, stolen and flipped on Telegram. - albert (owned by Albert Renshaw), whose owner publicly reported being locked out and unable to reach Meta support. Meta has since patched it. There was no public acknowledgment.

Agents are finding more vulnerabilities than ever. But it turns out there are gaps in existing vulnerability discovery. Over the past 90 days vs. a year ago, web vulnerabilities (XSS/SQLi/CSRF) are down 66% and memory safety exploitability is down 3.5x. We built the Agentic Vulnerability Coverage Map to track it all, updated daily. Introducing the Berkeley Vulnerability Initiative: https://t.co/qiZ4eThb0n. ⤵️

On May 26, 2026, at 14:00 UTC, the CrowdStrike Counter Adversary Operations team executed a coordinated takedown of the Glassworm botnet, a global threat targeting software developers through the open-source supply chain. In collaboration with Google and the Shadowserver Foundation, we struck all four of Glassworm's command-and-control (C2) channels simultaneously, severing the operators from their infected machines and their ability to deliver new malicious payloads. This takedown matters beyond the botnet. Glassworm marked a significant shift in the threat landscape that should serve as a wake-up call for every organization that ships or consumes software. Adversaries are no longer just targeting products, they're targeting the developers who build them. https://t.co/rl9EVrA371