COGNOSCERE Daily Tech Review — Issue T113 · Tuesday, May 12, 2026

Or visit Intelligence Overview for deeper analysis.

ACTFake OpenAI Repository on Hugging Face Distributes Rust-Based Infostealer Malware

A malicious Hugging Face repository named Open-OSS/privacy-filter impersonated OpenAI to distribute Rust-based infostealer malware, reaching 244,000 downloads before removal; the malware targets browser credentials, cryptocurrency wallets, and other sensitive data using anti-analysis evasion techniques. Organizations that may have downloaded the package are advised to reimage affected machines and immediately rotate all credentials.

TLDR InfoSec / The Hacker News · Cybersecurity Incidents · Relevance: 0.9 · Source →

malware, supply chain attack, infostealer, credential theft, AI infrastructure security, ML security, Hugging Face

ACTInstructure Canvas Breach: ShinyHunters Threatens Data of 275 Million Users at 9,000 Institutions

Threat actor group ShinyHunters defaced Canvas learning management system login pages with a ransom note threatening to leak data tied to approximately 275 million users across nearly 9,000 institutions, forcing Instructure to take Canvas offline during finals week while initially characterizing the outage as scheduled maintenance. Stolen data reportedly includes names, emails, institutional IDs, and messages.

TLDR InfoSec · Cybersecurity Incidents · Relevance: 0.9 · Source →

ransomware, data breach, education technology, supply chain risk, threat actor, PII exposure

PREPARECISA Launches CI Fortify Initiative to Prepare Critical Infrastructure for Geopolitical Cyber Conflict

CISA released the CI Fortify initiative on May 5, 2026, urging all critical infrastructure operators to immediately begin developing isolation and recovery capabilities to sustain essential services even during a disruptive cyberattack or geopolitical conflict. The guidance explicitly frames the threat around nation-state actors — particularly China's Volt Typhoon campaign — and requires operators to assume that third-party networks, vendors, and internet services will be unavailable during a crisis scenario.

CISA · Cybersecurity Policy · Relevance: 0.9 · Source →

critical infrastructure, OT security, cyber resilience, isolation, recovery, nation-state threats, geopolitical risk, operational technology

PREPAREPalo Alto Networks Announces Intent to Acquire Portkey to Secure AI Agents

Palo Alto Networks announced its intent to acquire Portkey, an AI gateway startup processing trillions of tokens per month, to integrate its centralized control plane into Prisma AIRS as a unified governance and security layer for autonomous AI agents. The acquisition — valued by industry reports at approximately $120–140 million — addresses the growing attack surface created by autonomous AI agents operating with high-privilege access across enterprise systems; closing is expected in Q4 fiscal 2026.

Palo Alto Networks · Cybersecurity · Relevance: 0.9 · Source →

AI security, agentic AI, AI gateway, enterprise security, acquisition, autonomous agents, identity governance

PREPAREExposed AI Services Create Enterprise-Scale Attack Surface, Researchers Find

Security researchers scanned more than one million publicly exposed AI services and found widespread weak defaults, misconfigurations, and unnecessary public exposure across AI infrastructure components, with many connected to real production data. The findings highlight that AI infrastructure is being deployed with experimental-software practices despite access to sensitive enterprise systems.

The Hacker News · Cybersecurity · Relevance: 0.9 · Source →

AI infrastructure security, misconfiguration, attack surface, enterprise security, AI deployment, vulnerability management

WATCHMedtronic Faces Class Action Lawsuits Following Corporate IT Systems Cyberattack

Medical device manufacturer Medtronic is facing at least a half-dozen proposed class action lawsuits in federal court following confirmation that cybercriminals recently hacked into its corporate IT systems, with plaintiffs including patients who use the company's cardiac devices and other products. The incident underscores the compounding legal exposure that now accompanies major enterprise healthcare data breaches.

DataBreachToday · Cybersecurity Incidents · Relevance: 0.8 · Source →

healthcare cybersecurity, ransomware, data breach, litigation, corporate IT, medical devices, critical infrastructure

ACTOpenAI Launches $4 Billion Deployment Company to Accelerate Enterprise AI Adoption

OpenAI officially launched the OpenAI Deployment Company on May 11, 2026, a new $4 billion+ venture majority-owned by OpenAI and backed by 19 global investment firms including TPG, Bain Capital, Goldman Sachs, and McKinsey. The company will embed Forward Deployed Engineers directly inside client organizations and has agreed to acquire AI consulting firm Tomoro, bringing approximately 150 engineers from day one, with a stated enterprise value of $10 billion.

OpenAI · Enterprise AI Adoption · Relevance: 1.0 · Source →

enterprise AI, AI deployment, forward deployed engineers, consulting, private equity, AI services, agentic AI

PREPAREEU Council and Parliament Agree to Simplify and Delay EU AI Act High-Risk Rules

On May 7, 2026, EU co-legislators reached a provisional agreement under the Digital Omnibus VII package to amend the AI Act, delaying high-risk AI system compliance deadlines to December 2027 and August 2028, shortening the AI-generated content transparency watermarking grace period to three months (deadline December 2, 2026), and extending SME compliance flexibilities to small mid-cap companies. The provisional deal must be formally adopted by both Parliament and Council before August 2, 2026, and also introduces a new ban on AI-generated non-consensual sexual content and CSAM.

Council of the EU · AI Regulation and Governance · Relevance: 1.0 · Source →

EU AI Act, AI regulation, compliance deadlines, high-risk AI, watermarking, GPAI, governance, simplification

PREPAREServiceNow and NVIDIA Unveil Project Arc: Governed Autonomous Desktop AI Agent for Enterprises

At ServiceNow Knowledge 2026, ServiceNow and NVIDIA announced Project Arc, an enterprise autonomous desktop agent that executes complex multi-step work across enterprise tools while being governed by ServiceNow AI Control Tower and sandboxed by NVIDIA OpenShell. The AI Control Tower integration with NVIDIA Enterprise AI Factory is now generally available, while Project Arc is in early preview, with open-source benchmarks (NOWAI-Bench) released to measure enterprise agent performance.

ServiceNow · Agentic Systems · Relevance: 0.9 · Source →

agentic AI, autonomous agents, enterprise AI governance, desktop automation, AI security, AI factory, benchmarking

PREPARETrump Administration Considers AI Oversight Pivot Driven by Anthropic Mythos Security Concerns

The Trump administration is reportedly reconsidering its anti-regulation AI stance and considering oversight measures for advanced frontier AI models, driven by national security concerns about Anthropic's Mythos model and its capacity to identify and exploit cybersecurity vulnerabilities. The administration also invoked the Defense Production Act to require large model developers to share safety testing results with the government, and tapped a new director for the rebranded AI safety body CAISI.

Fortune · AI Safety and Alignment · Relevance: 0.9 · Source →

AI regulation, AI safety, national security, frontier AI, Defense Production Act, AI oversight, US AI policy

WATCHGoogle DeepMind Publishes AI Co-Mathematician: Agentic Research Workbench Sets New FrontierMath High Score

Google DeepMind published a paper introducing the AI co-mathematician, a multi-agent stateful workbench built on Gemini 3.1 models that enables parallel research workstreams, code execution, and literature search for open-ended mathematical problems, scoring 48% on FrontierMath Tier 4 — more than doubling the base Gemini 3.1 Pro score of 19% and outperforming GPT-5.5 Pro (39.6%). Oxford mathematician Marc Lackenby used the system to resolve an open problem in the Kourovka Notebook, demonstrating practical human-AI research collaboration.

arXiv / Google DeepMind · AI Model Releases · Relevance: 0.8 · Source →

agentic AI, multi-agent systems, scientific research, mathematics, Gemini, AI capabilities, research automation

PREPAREWriter 2026 Enterprise AI Adoption Survey: 79% of Organizations Face Challenges, 54% Say AI Is 'Tearing Company Apart'

A survey of 2,400 executives and employees by Writer and Workplace Intelligence found that 79% of organizations face significant challenges adopting AI — a double-digit increase from 2025 — with 54% of C-suite executives saying AI adoption is creating organizational rupture, and only 23% reporting meaningful ROI from AI agents. Despite near-universal deployment (97% of executives reporting AI agent use), fewer than one in four companies has a mature governance model for autonomous AI agents.

Writer · Strategic Planning and Decision Frameworks · Relevance: 0.9 · Source →

enterprise AI adoption, AI governance, AI ROI, organizational transformation, agentic AI, workforce strategy, C-suite

WATCHStarburst Launches AIDA AI Data Assistant to Enable Natural Language Enterprise Intelligence

Starburst announced its AI Data Assistant (AIDA), which enables enterprise users to query federated data across on-premises, multi-cloud, and hybrid environments using natural language, moving organizations from static dashboards to context-aware decision-making without data consolidation. The announcement accompanied Starburst's recognition on CRN's 2026 AI 100 list in the data and analytics category.

Business Wire / Starburst · Business Intelligence Platforms · Relevance: 0.8 · Source →

business intelligence, natural language query, federated data, enterprise analytics, data governance, AI-powered analytics, decision support