Tech Digest – May 24, 2026
AI Audits the Code It Runs On
Anthropic’s Glasswing Partners Find 10,000 Vulnerabilities in Critical Software — Only 97 Patched
Anthropic’s Project Glasswing, powered by the unreleased Claude Mythos Preview model, has enabled partners to discover over 10,000 high- or critical-severity vulnerabilities across systemically important software in its first month. Cloudflare identified 2,000 bugs, 400 of them high or critical. Mozilla fixed 271 Firefox vulnerabilities — a tenfold increase compared to findings from an earlier Claude model.
In a separate audit of 1,000 open-source projects, the model flagged 6,202 high- and critical-severity issues, of which 1,094 were confirmed as real and exploitable after human validation. Only 97 have been fixed upstream. Some open-source maintainers have asked Anthropic to slow the pace of disclosures because they cannot keep up with patches.
Note: The bottleneck has inverted. Finding vulnerabilities used to be the hard part — now patching them is. With 97 out of 10,000+ fixed, open-source maintainers are drowning in reports they cannot act on fast enough. Any institution running critical systems on open-source components just inherited a new risk: the widening gap between what has been found and what has been fixed.
Sources: Anthropic, Security Affairs
Linus Torvalds: AI Now Does “a Big Chunk” of Linux Patch Work
Linus Torvalds reported that AI tooling is now responsible for a significant portion of Linux kernel patch work, with submissions jumping 20% and many being “actually solid.” The shift is visible in the economics of AI-assisted development too: SemiAnalysis finds that 42% of modern agentic coding time is spent on CPU performing tool use — editing files, running lints, executing scripts — recasting traditional compute from a cost centre into the upstream multiplier on AI-generated code output.
Note: If AI is already writing a meaningful share of patches for the most reviewed codebase on Earth, the practical ceiling for AI-generated code in less scrutinised institutional systems is considerably higher. The question is not whether AI writes your code. It is whether your review process can keep pace — see the item above.
Sources: TechStrong AI, SemiAnalysis
From Proofs to Paperwork
Google DeepMind Resolves 9 Open Erdos Problems at a Few Hundred Dollars Each
Google DeepMind’s AlphaProof Nexus autonomously resolved 9 of the 353 open Erdos problems and proved 44 of 492 OEIS conjectures. Each solve cost a few hundred dollars in compute, was formally verified in the Lean proof assistant, and logged on Terence Tao’s wiki tracking AI contributions to mathematics. The system also expanded into graph theory and algebraic geometry. All formal proofs have been made publicly available.
Note: Mathematical proof — the hardest form of human reasoning — is now a line item. At a few hundred dollars per open problem, the constraint on mathematical progress shifts from talent to compute budget. Research institutions still budgeting on the assumption that breakthroughs require decades of human effort may be planning for a world that no longer exists.
Sources: arXiv, CryptoBriefing
ChatGPT Fills Scanned Forms by Voice, Google Docs Drafts by Dictation — The Document Layer Goes Hands-Free
OpenAI announced that ChatGPT can now accept uploaded scanned paperwork, interpret the fields, and return a completed version — combining voice mode and vision to automate what has been the last analogue step in many bureaucratic workflows. Separately, Google launched Docs Live, a feature that lets users draft documents entirely by speaking, with AI structuring and formatting the output in real time.
Note: Scanned forms are the institutional dark matter — the PDFs that sit between every process and its digital twin. Two of the dominant platforms just shipped tools that dissolve this bottleneck. For any digitalization programme stuck behind paper intake, the timeline just shortened.
Sources: ChatGPT, Wall Street Journal
Capability Forces the Hand
AI Recreates Dead Pilots’ Voices from a PDF — NTSB Suspends Public Access to Crash Database
Internet users fed spectrogram images — visual representations of cockpit audio frequencies — from a published NTSB accident investigation PDF into AI-powered audio synthesis tools, producing approximations of the final moments of UPS Flight 2976, which crashed after departing Louisville in November 2025. Federal law explicitly prohibits releasing cockpit voice recorder audio, but the spectrogram visualisation inadvertently provided enough data to reconstruct it.
The NTSB temporarily removed its entire public docket system, later restoring access but keeping 42 investigations closed while it evaluates what materials can be safely published.
Note: A spectrogram that was safe to publish for decades became an audio source overnight. The lesson for any institution publishing data: the line between “description of sensitive information” and “the sensitive information itself” no longer holds. Metadata, visualisations, and redacted-but-patterned data are all vulnerable to reconstruction.
Sources: Ars Technica, TechCrunch, CNN
One in Five Dissertations Now AI-Assisted, Analysis of 23,000 Papers Finds
A Pangram analysis of nearly 23,000 dissertations found that more than one in five are now AI-assisted, with much of the usage involving AI performing all of the writing. The analysis used Pangram’s four-tier classification system, which distinguishes between lightly AI-assisted work and fully AI-generated text.
Note: The dissertation was the last credentialing gate that assumed human-only authorship. If a fifth of doctoral output is now AI-assisted, the signal a PhD sends to employers about individual capability is decaying. Hiring managers and civil service commissions already struggling with credential inflation face a compounding problem: the credential itself may not test what it used to.
Sources: Cremieux (Pangram analysis)
Spotify and Universal Music Group Sign First Major Licensing Deal for AI Covers and Remixes
Spotify and Universal Music Group announced a licensing framework that allows Spotify Premium users to create AI-generated covers and remixes of participating UMG artists’ catalogues. Participation is opt-in for artists, with the framework built on three pillars: consent, credit, and compensation. The tool launches as a paid add-on. Spotify stock rose 13-16% on the announcement.
Note: This is the first major rights-holder licensing framework for generative AI content — and the market rewarded it immediately. The consent-credit-compensation model becomes the template every other rights negotiation will be measured against, in music, text, image, and video.
Sources: Billboard, TechCrunch
Sovereign Compute
France Commits Another billion to Quantum, Warns EU Must Keep Pace
President Macron announced an additional EUR 1 billion for France’s Quantum Plan, on top of the EUR 1.8 billion allocated for 2021-2025 and a EUR 500 million defence procurement supplement added in 2024. France also committed EUR 550 million to a future European semiconductor programme. Cumulative French quantum investment now exceeds EUR 3.3 billion.
Note: France is betting that quantum is a sovereignty issue, not a research curiosity. For context, crypto firms are simultaneously bracing for quantum computers that could crack Bitcoin’s underlying cryptography. The same technology one EU member state is racing to build may force a rewrite of the financial infrastructure others are trying to regulate.
Sources: France 24, Quantum Computing Report
Private Equity Exits China Data Centres as US Approves Secret $9 Billion for Spy Agency AI Chips
Princeton Digital Group, backed by Warburg Pincus, initiated a sale of its China data centre assets that could reach $1 billion, marking the near-conclusion of a decade-long investment push by global buyout firms into Chinese digital infrastructure. Beijing’s tightening data protection regime has made foreign ownership of critical digital infrastructure increasingly untenable.
Moving in the opposite direction, the White House quietly approved a $9 billion request from the CIA and NSA for Grace Blackwell GPU capacity inside classified systems. On the commercial side, Dell reported that its AI Factory programme now serves 5,000 clients, up from 4,000 in February — a 25% increase in three months.
Note: Compute infrastructure is reorganising along sovereign lines. Private equity exits China, classified budgets absorb GPUs, and enterprise demand grows 25% per quarter. Any institution planning a data centre strategy or cloud procurement is operating in a market where geography is no longer just a latency variable — it is a security classification.
Sources: Financial Times (Princeton Digital), New York Times (CIA/NSA), Bloomberg (Dell)
EU Monetary Defence
ECB Rebuffs Euro Stablecoin Proposals, Warns of Threat to Bank Lending and Interest Rate Control
The European Central Bank rejected proposals from Brussels-based think tank Bruegel to ease liquidity requirements for crypto issuers and potentially grant them access to ECB funding. ECB President Lagarde warned that boosting euro stablecoins could make bank deposits more volatile, raise funding costs, and curb banks’ lending capacity. Euro-denominated stablecoins currently account for just 0.3% of total supply. The ECB’s preferred alternative: tokenised commercial bank deposits that combine traditional account safety with the speed of distributed-ledger technology.
Note: The ECB draws a bright line: programmable money, yes — but through existing banks, not new stablecoin issuers. For institutions exploring blockchain-based payments or digital treasury tools, the regulatory direction in the eurozone is now explicit. The innovation channel runs through your bank, not around it.
Sources: Reuters
Today’s items share an uncomfortable thread: the systems institutions rely on — code, proofs, forms, records, credentials, financial infrastructure — are all being rewritten simultaneously. AI is finding vulnerabilities faster than they can be patched, writing kernel patches that pass review, solving open mathematical problems for the price of a lunch, and turning safe-to-publish spectrograms into reconstructed voices. The institutions responding fastest — whether the ECB drawing lines on stablecoins, France committing billions to quantum, or Spotify building a licensing framework before the market forces one — are treating AI capability not as a future planning consideration but as a present operational reality.
