AI News Today - May 30, 2026: 11 Biggest Stories

AI News Today - May 30, 2026: 10,000 Vulnerabilities, Two New Anthropic Offices, and Three Days to Build

The biggest AI security story of the year arrived on May 22 and the industry is still processing it. Project Glasswing, Anthropic's defensive cybersecurity initiative using the unreleased Claude Mythos Preview model, found more than 10,000 high- or critical-severity vulnerabilities in critical software within its first 30 days -- including a 27-year-old flaw hiding in OpenBSD and a 16-year-old flaw in FFmpeg. The bottleneck in cybersecurity has shifted from finding bugs to fixing them.

Simultaneously, Anthropic opened two new international offices this week -- Milan (May 27) and Seoul (May 26), with Korea's Claude usage rate running 3.5 times higher than population would predict. Amazon confirmed its custom chip business is running at a $20 billion annual rate, with $225 billion in Trainium commitments and Trainium3 nearly fully subscribed at launch.

Microsoft Build is three days away. The SpaceX IPO roadshow starts in five days. Here are the 11 stories worth reading today.

1. Project Glasswing Update: 10,000+ Vulnerabilities Found in 30 Days -- The Bottleneck Has Shifted

On May 22, 2026, Anthropic published its first progress update on Project Glasswing, the defensive cybersecurity initiative it launched on April 7. The headline: in approximately 30 days, Claude Mythos Preview and ~50 partner organizations identified more than 10,000 high- or critical-severity vulnerabilities in systemically important software. Of the initial 10,000 flagged issues, 6,202 were classified as high- or critical-severity across more than 1,000 open-source projects. Subsequent expert analysis confirmed 1,726 as valid true positives. Of those, 1,094 were confirmed as either high or critical severity.

The numbers need context. Security researchers have identified bugs for decades, but the rate at which Mythos Preview found them is unprecedented. Cloudflare, one of the launch partners, found 2,000 bugs in its systems using Glasswing access, 400 of which were high or critical. Mozilla found and fixed 271 vulnerabilities in Firefox, which it described as a tenfold increase compared to findings from an earlier Claude model. Most partners reported finding hundreds of critical and high-severity vulnerabilities in their software -- findings that traditional methods had not surfaced over years of active security review.

The most important insight from the Glasswing update is not the 10,000 number. It is what that number revealed: the bottleneck in AI-driven cybersecurity has shifted from discovery to remediation. For decades, finding vulnerabilities was the hardest part. Glasswing has demonstrated that AI can now find them at a rate that overwhelms the human capacity to verify, disclose, and patch them. Anthropic is maintaining a strict 90-day Coordinated Vulnerability Disclosure policy, meaning details of specific findings remain private during remediation. But the ratio of discoveries to available patches is stretching thin.

For the full technical picture of what Claude Mythos Preview can do autonomously, including the AISI cybersecurity evaluation results and Project Glasswing launch context, our Claude Mythos: Release Date, Access, and What Comes Next covers the detailed capabilities.

2. The Most Shocking Finds: 27-Year OpenBSD Bug, 16-Year FFmpeg Flaw, WolfSSL CVSS 9.1

Within the 10,000-plus vulnerability count, two findings stand out for their sheer age and the implications for critical infrastructure security.

Project Glasswing found a remote crash vulnerability in OpenBSD that had been present for 27 years. OpenBSD is literally built around security as its core value -- the operating system's tagline is "Only two remote holes in the default install, in a long time!" A 27-year vulnerability in OpenBSD is not just an embarrassment. It is a demonstration that AI-assisted security review has qualitatively different reach than human-driven review, even when applied to the most carefully maintained security-focused codebases on the planet.

Claude Mythos also flagged a 16-year-old flaw in FFmpeg, the open-source audio-video processing library used in virtually every streaming platform, video editor, and media tool in the world. FFmpeg processes video inside YouTube, Netflix, Zoom, Discord, VLC, Chrome, Firefox, and thousands of other consumer and enterprise applications. A 16-year undetected flaw in FFmpeg is a flaw that has been present in most video software for a significant portion of the streaming era.

On the critical infrastructure side, Glasswing discovered CVE-2026-5194, a critical WolfSSL vulnerability with a CVSS score of 9.1 that could allow attackers to exploit memory management flaws. WolfSSL is an embedded TLS/SSL library used in automotive systems, industrial controllers, and IoT devices where memory-efficient cryptography is required. CVSS 9.1 on an embedded TLS library used in automotive and industrial systems is exactly the kind of vulnerability that threat actors build nation-state capabilities around. Glasswing found it before they did.

Platform Engineering published the sharpest analysis of the Glasswing update: "Glasswing didn't just find 10,000 vulnerabilities. It found cybersecurity's next bottleneck." The bottleneck is not finding problems. It is fixing them. AI can now generate a never-ending stream of valid vulnerability reports. The security industry has not yet built the automation, tooling, or human capacity to process that stream at the same pace.

3. Cloudflare Found 2,000 Bugs. Mozilla Fixed 271 Firefox Vulnerabilities (10x Previous Rate)

Two specific partner disclosures from the Glasswing update deserve separate attention for what they reveal about deployment outcomes.

Cloudflare: Used Mythos Preview to scan its systems and found 2,000 bugs, 400 of which were high or critical severity. Cloudflare powers a significant fraction of global internet infrastructure, including DDoS protection, CDN, DNS, and Zero Trust security for millions of websites and enterprise networks. 400 high/critical bugs in a company that makes internet infrastructure security its primary product is a striking number. The implication: even companies whose core business is security have a significant unexplored vulnerability surface that Mythos-level AI can surface.

Mozilla: Fixed 271 vulnerabilities in Firefox as part of its Glasswing participation. This represents a tenfold increase in fix rate compared to its earlier experience with a prior Claude model. Firefox is used by roughly 3 percent of global web users -- still hundreds of millions of active installs. The specific findings have not been disclosed; Anthropic's 90-day CVD policy keeps them private. But Mozilla pushing 271 fixes at 10x its previous AI-assisted rate signals that Mythos Preview represents a qualitative capability jump even relative to earlier frontier models.

The competitive intelligence embedded in these two disclosures is significant. Mozilla's 10x improvement claim will be cited by every security vendor evaluating AI-assisted scanning. Cloudflare's 400 critical findings will be used by enterprise CISOs to justify Glasswing access requests. Both companies have effectively published marketing materials for Anthropic in the form of their vulnerability discovery metrics.

4. IBM Joins Project Glasswing -- The Consortium Now Spans 50+ Organizations

IBM joined Project Glasswing on May 19, 2026, announced by Anthropic and IBM simultaneously via a press release and IBM Newsroom update. IBM becomes one of the approximately 50 Glasswing launch partners -- a group that already includes AWS, Apple, Google, Microsoft, Cisco, JPMorgan Chase, Palo Alto Networks, Cloudflare, and Mozilla.

IBM's specific role: IBM Research is identifying and remediating vulnerabilities in widely used software and sharing findings with the broader community. IBM Concert, the company's AI-driven vulnerability management platform, is being applied inside Glasswing workflows to help clients find and fix vulnerabilities before threats happen by unifying application, infrastructure, and security intelligence.

"AI-powered attacks have already moved beyond what traditional defenses can match," said Rob Thomas, SVP Software and Chief Commercial Officer at IBM. "We're helping clients assess their exposure and putting tools like IBM Concert to work in more environments. Separately, as part of Project Glasswing, we've been hardening our own products and contributing fixes back to the open-source community. The collaboration makes the entire ecosystem stronger."

IBM's addition to Glasswing is strategically significant for two reasons. First, IBM serves more than 175 countries and manages some of the most security-sensitive mainframe and hybrid cloud environments in the world, including financial transaction systems, healthcare infrastructure, and government networks. Second, IBM brings IBM Concert's existing vulnerability management workflows into the Glasswing finding-to-fix pipeline, which directly addresses the bottleneck problem: identifying bugs faster than organizations can process them.

5. Anthropic Opens Milan Office -- Italian Enterprise, Research, and Developer Community

Anthropic announced on May 27, 2026, that it has opened a Milan office to serve Italian enterprise, research, and developer communities. The Milan office is Anthropic's second European office alongside its London hub. Italy was chosen based on Claude adoption data and the concentration of enterprise technology use cases in Italian manufacturing, fashion, financial services, and public sector organizations.

The Milan office joins Anthropic's rapidly expanding international presence: London (Europe anchor), Tokyo (Japan), Bengaluru (India), Singapore (APAC coordination), and now Seoul and Milan in the same week. That is six international offices outside the US, with two opening in the same 48-hour window.

The European office context matters for the Glasswing story. European organizations, particularly in the financial sector and government, have been excluded from Glasswing access due to data sovereignty concerns. A Milan office with local enterprise relationships creates a pathway for Anthropic to offer Claude Security (the public beta codebase vulnerability scanner launched May 2026) through a European data-resident infrastructure model, which is required for GDPR-regulated customers.

6. Anthropic Korea: KiYoung Choi Named Seoul Country Head, Korea Runs 3.5x Expected Claude Usage

Anthropic announced on May 26, 2026, that KiYoung Choi has been appointed as Representative Director (effectively CEO) of Anthropic Korea, ahead of the formal opening of its Seoul office. Senior leadership from Anthropic HQ will travel to Seoul within the next few weeks to officially establish the office and meet with major customers.

Choi brings exceptional market pedigree. He previously served as Country Manager of Snowflake Korea and has over 30 years of experience in the technology industry including leadership roles at Google Cloud Korea, Adobe Korea, Autodesk Korea, and Microsoft Korea where he served as Chief Operating Officer.

The usage data behind the Korea decision is extraordinary. According to Anthropic's Economic Index report released in March 2026, Claude usage in South Korea exceeds the expected level based on population size by more than 3.5 times. Korean users are using Claude at 3.5x the rate that a country of 52 million people would predict. The application scenarios are disproportionately focused on high-difficulty technical research and development and creative work -- the categories where Claude Opus 4.7's performance advantages are most pronounced.

Korea's technology landscape also makes the timing strategic. Companies including Samsung, SK Telecom, LG, Hyundai, and Kakao are all heavy AI adopters. Law firms such as Law&Company are already using Claude for legal workflow automation. SK Telecom has integrated Claude into customer-facing AI products. The Seoul office formalizes relationships that were already generating material revenue.

7. Korea's Mythos Access: Government Agencies, Cybersecurity Firms, and Conglomerates in Pipeline

Beyond the commercial opportunity, the Seoul office has a specific strategic dimension: accelerating Korean access to Claude Mythos Preview through Project Glasswing. The Elec, a Korean semiconductor and electronics publication, reported that Anthropic had already conducted cybersecurity cooperation discussions using Mythos during a joint workshop with Korean government agencies in May 2026.

The agencies involved in the workshop: the Ministry of Science and ICT, Ministry of Foreign Affairs, National Intelligence Service, Financial Services Commission, National AI Strategy Committee, and Financial Security Institute. This is not a typical enterprise sales meeting. This is Anthropic briefing South Korea's national security and intelligence apparatus on Mythos's cybersecurity capabilities -- and those agencies apparently deciding the capabilities are worth a formal cooperative relationship.

Industry sources cited by The Elec expect that once Anthropic Korea formally launches under Choi's leadership, Korean conglomerates and cybersecurity firms could gain controlled access to Mythos and the Claude Security public beta. The combination of a formal Seoul office, a credible country head with government relationships, and an active Mythos workshop with intelligence agencies creates a clear path to Korea joining the Glasswing consortium in some form.

The geopolitical context: South Korea is one of the countries most immediately threatened by North Korean state-sponsored cyberattacks. The NIS (National Intelligence Service) has documented North Korean hacking operations against Korean financial, nuclear, and defense sectors for years. Mythos's capability to autonomously identify vulnerabilities in legacy financial and government systems is not a theoretical benefit for Korea. It is a direct national security capability.

8. Amazon Custom Silicon Hits $20 Billion Annual Run Rate -- Trainium, Graviton, and Nitro Are Top-3 Globally

Amazon CEO Andy Jassy confirmed in his Q1 2026 earnings call disclosure (April 2026, now circulating in the AI press this week) that Amazon's custom silicon business, spanning Graviton CPUs, Trainium AI accelerators, and Nitro virtualization chips, has exceeded a $20 billion annual revenue run rate. The business grew nearly 40 percent quarter-over-quarter in Q1 2026 and triple-digit percentages year-over-year.

Jassy made the competitive claim explicit: "If our chips business was a standalone business, and sold chips produced this year to AWS and other third parties as other leading chip companies do, our annual revenue run rate would be approximately $50 billion." That would make it one of the top-three data center chip businesses globally, directly comparable to NVIDIA's and AMD's data center revenue.

Trainium2 has largely sold out. Trainium3, which began shipping in early 2026 and is 30 to 40 percent more price-performant than Trainium2, is nearly fully subscribed at launch. Trainium4, 18 months from broad availability, has already been significantly reserved. Amazon holds over $225 billion in revenue commitments for Trainium across multi-year contracts.

The Amazon-Anthropic supply relationship puts the Glasswing and IPO stories in a new light. Anthropic has committed to up to 5 gigawatts of Trainium capacity from AWS, representing the largest single customer commitment Amazon has disclosed for its chip business. OpenAI has committed approximately 2 gigawatts. These are not abstract infrastructure agreements. At current power density levels, 5 gigawatts is roughly 500,000 to 700,000 Trainium2 accelerators. Anthropic is the anchor customer of Amazon's biggest and fastest-growing hardware business.

For the full compute infrastructure context including the SpaceX Colossus 1 and 2 deals alongside AWS, our AI News Today May 22, 2026 has the detailed analysis of Anthropic's multi-vendor compute strategy.

9. Anthropic Committed 5 Gigawatts to Trainium. OpenAI Committed 2 Gigawatts. The Gap Is Compute.

The specific AWS capacity commitments disclosed in Amazon's Q1 2026 reporting deserve more analysis than they have received in the mainstream press. Anthropic has committed to up to 5 gigawatts of Trainium capacity. OpenAI has committed approximately 2 gigawatts. The ratio is approximately 2.5:1 in Anthropic's favor on the Trainium specifically, even though OpenAI has made its own separate NVIDIA and Microsoft Azure infrastructure commitments.

At current data center power density, 5 gigawatts represents an enormous amount of AI compute. For comparison, Google's entire global data center fleet consumes approximately 7 to 8 gigawatts. Anthropic's Trainium commitment alone approaches the scale of a major hyperscaler's current global infrastructure.

Why does this matter beyond the technical footnote? Because the Q2 2026 revenue projection of $10.9 billion -- Anthropic's first projected quarterly profit -- is only achievable if the compute is available to run the workloads that generate that revenue. Anthropic's multi-vendor compute strategy (SpaceX Colossus 1 and 2, AWS Trainium, Google Cloud, Akamai) is the operational infrastructure behind the revenue trajectory. The $900 billion valuation is, fundamentally, a bet that Anthropic can continue monetizing that infrastructure at the rate it has demonstrated in May 2026.

10. Microsoft Build 2026: Three Days Away -- Windows Agent Framework, GitHub Copilot Agent Mode

Microsoft Build 2026 opens in three days, June 2 to 3, at Fort Mason Center in San Francisco. Satya Nadella's opening keynote is the central event. The theme: Windows as the platform for AI agents. The strategic claim: the operating system is no longer a container for applications. It is becoming an orchestration layer for autonomous digital workers.

Confirmed announcement categories from pre-event communications:

Windows Agent Framework: New APIs for autonomous AI agents embedded directly into the Windows shell, task scheduler, and security model.
Copilot Agent Mode: A new autonomous mode for GitHub Copilot capable of multi-step coding workflows inside VS Code, with specialized sub-agents for testing, documentation, security scanning, and code review running in parallel.
Windows Agent Store: A curated marketplace for AI agents that integrate with Windows applications, similar to how the App Store organized mobile applications.
Azure AI Foundry Multi-Model: Formal announcement of Anthropic Claude alongside OpenAI in Azure AI Foundry with full enterprise pricing and SLA support.
AI Foundry for Windows SDK: A development package bundling ONNX Runtime, DirectML, and Copilot Runtime for on-device AI application development.

The Claude Code cancellation story (covered in our May 29 blog) provides the backdrop for every Build announcement. Microsoft will spend two days showing why GitHub Copilot CLI is the future of developer AI tooling and why the Windows Agent Framework makes Microsoft the right governance layer for enterprise AI agents regardless of which underlying model runs the intelligence. The narrative needs to address the ROI question that Uber, NVIDIA's Bryan Catanzaro, and the cost reckoning raised this week.

For the full Claude Code cancellation context and how the enterprise AI cost reckoning changes the Build narrative, our AI News Today May 29, 2026 has the detailed breakdown.

11. Full Month Recap: What May 2026 Confirmed About AI's Actual Trajectory

May 2026 is the month AI stopped being about what models could do in theory and started being about what deployment actually costs and what it actually defends against. The summary:

Google I/O (May 19): Gemini 3.5 Flash, Gemini Omni, Gemini Spark, $100 AI Ultra. Distribution wins. Consumer AI agents go live.

The IPO wave (May 20-22): SpaceX files public S-1. OpenAI files confidential S-1. Anthropic closes $900B round. The three-company $3.7T wave is real and starts with SpaceX trading June 12.

Glasswing (May 22 update): 10,000+ vulnerabilities in 30 days. Bottleneck shifts from discovery to remediation. IBM joins. Korea in pipeline. The most important AI security moment of the year.

The cost reckoning (May 27-29): Microsoft cancels Claude Code. Uber burns its budget. Sam Altman admits he was wrong about jobs. Enterprise AI enters the discipline phase.

Global expansion (May 26-27): Anthropic Korea (KiYoung Choi, Seoul). Anthropic Milan (Italy). Six international offices in 2026 alone. The enterprise deployment geography is global.

Compute lock-in (May throughout): AWS Trainium at $20B run rate with $225B in commitments. SpaceX Colossus. Akamai $1.8B deal. Compute access is the defining competitive variable for the rest of 2026.

The AI industry in May 2026 looks almost nothing like the AI industry in May 2025. Models are better, but that is the smallest part of the story. The enterprise deployment layer is forming, the regulatory framework is being negotiated in real time, and the infrastructure investments are locking in competitive positions for years. June begins in three days. Microsoft Build, Apple WWDC, and the SpaceX IPO will each add chapters to this story.

Frequently Asked Questions

What did Project Glasswing find in its first 30 days?

Anthropic published its first Project Glasswing progress update on May 22, 2026. In approximately 30 days, Claude Mythos Preview and ~50 partner organizations identified more than 10,000 high- or critical-severity vulnerabilities in systemically important software. Of those: 6,202 were initially classified as high or critical severity across more than 1,000 open-source projects; 1,726 were confirmed as valid true positives; and 1,094 were confirmed as high or critical severity. Notable specific findings include a 27-year-old remote crash vulnerability in OpenBSD, a 16-year-old flaw in FFmpeg, and CVE-2026-5194 in WolfSSL with a CVSS 9.1 score. Anthropic is maintaining a 90-day Coordinated Vulnerability Disclosure policy, meaning details of specific vulnerabilities remain private during remediation.

Why did Anthropic open offices in Korea and Italy?

Anthropic opened its Seoul office (announced May 26, 2026) because South Korea is one of its fastest-growing markets globally. According to Anthropic's March 2026 Economic Index, Korean Claude usage exceeds population-predicted levels by 3.5 times. KiYoung Choi (former Snowflake Korea Country Manager, previously at Google Cloud, Adobe, Autodesk, and Microsoft Korea) was named Representative Director. The Milan office (announced May 27) serves Italian enterprise, research, and developer communities and is Anthropic's second European office. Both openings are part of Anthropic's global expansion alongside offices in London, Tokyo, Bengaluru, and Singapore.

What is the most critical vulnerability found by Project Glasswing?

Three findings stand out from the Project Glasswing update for their severity and implications. (1) A 27-year-old remote crash vulnerability in OpenBSD, an operating system specifically designed around security as its core philosophy. (2) A 16-year-old flaw in FFmpeg, the audio-video processing library used in virtually every streaming platform and media tool globally. (3) CVE-2026-5194, a WolfSSL vulnerability with a CVSS 9.1 score affecting the embedded TLS library used in automotive systems, industrial controllers, and IoT devices. All three findings were kept under Anthropic's 90-day coordinated disclosure policy while affected projects patched them.

How big is Amazon's chip business?

Amazon CEO Andy Jassy confirmed in the Q1 2026 earnings call that Amazon's custom silicon business, spanning Graviton CPUs, Trainium AI accelerators, and Nitro virtualization chips, has exceeded a $20 billion annual revenue run rate, growing nearly 40 percent quarter-over-quarter and triple-digit percentages year-over-year. Jassy said that if the business were standalone and sold chips to third parties like NVIDIA, it would generate approximately $50 billion annually, making it one of the top-three data center chip businesses globally. Amazon holds $225 billion in Trainium revenue commitments. Anthropic has committed up to 5 gigawatts of Trainium capacity; OpenAI has committed approximately 2 gigawatts. Trainium2 is largely sold out; Trainium3 is nearly fully subscribed; Trainium4 is already significantly reserved.

What is IBM's role in Project Glasswing?

IBM joined Project Glasswing on May 19, 2026. As a Glasswing partner, IBM Research is using Claude Mythos Preview to identify and remediate vulnerabilities in widely used software systems and sharing findings with the broader community. IBM Concert, IBM's AI-driven vulnerability management platform, is being applied to unify application, infrastructure, and security intelligence for Glasswing workflows. IBM operates across more than 175 countries and manages critical mainframe, hybrid cloud, and financial transaction systems. IBM's SVP Rob Thomas stated: "AI-powered attacks have already moved beyond what traditional defenses can match." Glasswing's consortium also includes AWS, Apple, Google, Microsoft, Cisco, JPMorgan Chase, Palo Alto Networks, Cloudflare, Mozilla, and approximately 40 additional organizations.

What should developers expect from Microsoft Build on June 2?

Microsoft Build 2026 runs June 2 to 3 in San Francisco at Fort Mason Center. Satya Nadella delivers the opening keynote. Based on confirmed pre-event communications and session catalog, expected announcements include: Windows Agent Framework with new APIs for autonomous AI agents embedded in the Windows OS shell, task scheduler, and security model; Copilot Agent Mode for multi-agent coding workflows in VS Code; Windows Agent Store for curated AI agents; Azure AI Foundry updates formally adding Anthropic Claude alongside OpenAI with full enterprise SLAs; AI Foundry for Windows SDK bundling ONNX Runtime, DirectML, and Copilot Runtime; and major GitHub Copilot autonomous agent capabilities. The keynote is livestreamed free at build.microsoft.com. On-demand recordings will follow.

References

AI News Today - May 30, 2026: 10,000 Vulnerabilities, Two New Anthropic Offices, and Three Days to Build

Microsoft Build is three days away. The SpaceX IPO roadshow starts in five days. Here are the 11 stories worth reading today.

1. Project Glasswing Update: 10,000+ Vulnerabilities Found in 30 Days -- The Bottleneck Has Shifted

2. The Most Shocking Finds: 27-Year OpenBSD Bug, 16-Year FFmpeg Flaw, WolfSSL CVSS 9.1

Within the 10,000-plus vulnerability count, two findings stand out for their sheer age and the implications for critical infrastructure security.

3. Cloudflare Found 2,000 Bugs. Mozilla Fixed 271 Firefox Vulnerabilities (10x Previous Rate)

Two specific partner disclosures from the Glasswing update deserve separate attention for what they reveal about deployment outcomes.

4. IBM Joins Project Glasswing -- The Consortium Now Spans 50+ Organizations

5. Anthropic Opens Milan Office -- Italian Enterprise, Research, and Developer Community

6. Anthropic Korea: KiYoung Choi Named Seoul Country Head, Korea Runs 3.5x Expected Claude Usage

7. Korea's Mythos Access: Government Agencies, Cybersecurity Firms, and Conglomerates in Pipeline

8. Amazon Custom Silicon Hits $20 Billion Annual Run Rate -- Trainium, Graviton, and Nitro Are Top-3 Globally

9. Anthropic Committed 5 Gigawatts to Trainium. OpenAI Committed 2 Gigawatts. The Gap Is Compute.

10. Microsoft Build 2026: Three Days Away -- Windows Agent Framework, GitHub Copilot Agent Mode

Confirmed announcement categories from pre-event communications:

Windows Agent Framework: New APIs for autonomous AI agents embedded directly into the Windows shell, task scheduler, and security model.
Copilot Agent Mode: A new autonomous mode for GitHub Copilot capable of multi-step coding workflows inside VS Code, with specialized sub-agents for testing, documentation, security scanning, and code review running in parallel.
Windows Agent Store: A curated marketplace for AI agents that integrate with Windows applications, similar to how the App Store organized mobile applications.
Azure AI Foundry Multi-Model: Formal announcement of Anthropic Claude alongside OpenAI in Azure AI Foundry with full enterprise pricing and SLA support.
AI Foundry for Windows SDK: A development package bundling ONNX Runtime, DirectML, and Copilot Runtime for on-device AI application development.

For the full Claude Code cancellation context and how the enterprise AI cost reckoning changes the Build narrative, our AI News Today May 29, 2026 has the detailed breakdown.

11. Full Month Recap: What May 2026 Confirmed About AI's Actual Trajectory

May 2026 is the month AI stopped being about what models could do in theory and started being about what deployment actually costs and what it actually defends against. The summary:

Google I/O (May 19): Gemini 3.5 Flash, Gemini Omni, Gemini Spark, $100 AI Ultra. Distribution wins. Consumer AI agents go live.

The IPO wave (May 20-22): SpaceX files public S-1. OpenAI files confidential S-1. Anthropic closes $900B round. The three-company $3.7T wave is real and starts with SpaceX trading June 12.

Glasswing (May 22 update): 10,000+ vulnerabilities in 30 days. Bottleneck shifts from discovery to remediation. IBM joins. Korea in pipeline. The most important AI security moment of the year.

The cost reckoning (May 27-29): Microsoft cancels Claude Code. Uber burns its budget. Sam Altman admits he was wrong about jobs. Enterprise AI enters the discipline phase.

Global expansion (May 26-27): Anthropic Korea (KiYoung Choi, Seoul). Anthropic Milan (Italy). Six international offices in 2026 alone. The enterprise deployment geography is global.

AI News Today - May 30, 2026: 10,000 Vulnerabilities, Two New Anthropic Offices, and Three Days to Build

1. Project Glasswing Update: 10,000+ Vulnerabilities Found in 30 Days -- The Bottleneck Has Shifted

2. The Most Shocking Finds: 27-Year OpenBSD Bug, 16-Year FFmpeg Flaw, WolfSSL CVSS 9.1

3. Cloudflare Found 2,000 Bugs. Mozilla Fixed 271 Firefox Vulnerabilities (10x Previous Rate)

4. IBM Joins Project Glasswing -- The Consortium Now Spans 50+ Organizations

5. Anthropic Opens Milan Office -- Italian Enterprise, Research, and Developer Community

6. Anthropic Korea: KiYoung Choi Named Seoul Country Head, Korea Runs 3.5x Expected Claude Usage

7. Korea's Mythos Access: Government Agencies, Cybersecurity Firms, and Conglomerates in Pipeline

8. Amazon Custom Silicon Hits $20 Billion Annual Run Rate -- Trainium, Graviton, and Nitro Are Top-3 Globally

9. Anthropic Committed 5 Gigawatts to Trainium. OpenAI Committed 2 Gigawatts. The Gap Is Compute.

10. Microsoft Build 2026: Three Days Away -- Windows Agent Framework, GitHub Copilot Agent Mode

11. Full Month Recap: What May 2026 Confirmed About AI's Actual Trajectory

Frequently Asked Questions

What did Project Glasswing find in its first 30 days?

Why did Anthropic open offices in Korea and Italy?

What is the most critical vulnerability found by Project Glasswing?

How big is Amazon's chip business?

What is IBM's role in Project Glasswing?

What should developers expect from Microsoft Build on June 2?

Recommended Reads

References

AI News Today - May 30, 2026: 10,000 Vulnerabilities, Two New Anthropic Offices, and Three Days to Build

1. Project Glasswing Update: 10,000+ Vulnerabilities Found in 30 Days -- The Bottleneck Has Shifted

2. The Most Shocking Finds: 27-Year OpenBSD Bug, 16-Year FFmpeg Flaw, WolfSSL CVSS 9.1

3. Cloudflare Found 2,000 Bugs. Mozilla Fixed 271 Firefox Vulnerabilities (10x Previous Rate)

4. IBM Joins Project Glasswing -- The Consortium Now Spans 50+ Organizations

5. Anthropic Opens Milan Office -- Italian Enterprise, Research, and Developer Community

6. Anthropic Korea: KiYoung Choi Named Seoul Country Head, Korea Runs 3.5x Expected Claude Usage

7. Korea's Mythos Access: Government Agencies, Cybersecurity Firms, and Conglomerates in Pipeline

8. Amazon Custom Silicon Hits $20 Billion Annual Run Rate -- Trainium, Graviton, and Nitro Are Top-3 Globally

9. Anthropic Committed 5 Gigawatts to Trainium. OpenAI Committed 2 Gigawatts. The Gap Is Compute.

10. Microsoft Build 2026: Three Days Away -- Windows Agent Framework, GitHub Copilot Agent Mode

11. Full Month Recap: What May 2026 Confirmed About AI's Actual Trajectory

Frequently Asked Questions

What did Project Glasswing find in its first 30 days?

Why did Anthropic open offices in Korea and Italy?

What is the most critical vulnerability found by Project Glasswing?

How big is Amazon's chip business?

What is IBM's role in Project Glasswing?

What should developers expect from Microsoft Build on June 2?

Recommended Reads

References

You Might Also Like

AI News Today - May 18, 2026: 13 Biggest Stories

AI News Today (May 25, 2026): Top AI Stories & Headlines

You Might Also Like

AI News Today - May 18, 2026: 13 Biggest Stories

AI News Today (May 25, 2026): Top AI Stories & Headlines