COGNOSCERE Daily Tech Review — Issue T131 · Saturday, May 30, 2026

Or visit Intelligence Overview for deeper analysis.

ACTFirst Documented AI-Agent-Driven Cyberattack Exfiltrates Internal Database in Under Two Minutes

Sysdig's Threat Research Team documented the first confirmed AI-agent-driven intrusion on May 10, 2026, in which an attacker exploited CVE-2026-39987 in an internet-exposed marimo notebook, then used an autonomous LLM agent to pivot through AWS credential stores and SSH bastion servers, fully exfiltrating an internal PostgreSQL database in under two minutes. The CVE is on CISA's Known Exploited Vulnerabilities catalog and its federal remediation deadline has passed.

The Hacker News · Cybersecurity incidents · Relevance: 1.0 · Source →

AI-agent-attack, LLM-exploitation, post-exploitation, cloud-credential-theft, CVE, CISA-KEV, database-exfiltration, agentic-threat

PREPAREVendor AI Subprocessor Disclosure Gap Found: 63.6% of AI-Advertising Vendors Conceal Third-Party AI Subprocessors

DataGrail's analysis of 2,400 software vendors found that 63.6% of companies advertising AI capabilities did not fully disclose all third-party AI subprocessors in their legal documentation, meaning enterprise customer and company data is routinely routed through undisclosed AI models and agent workflows that bypassed procurement, security, and compliance review. The finding has immediate implications for enterprise AI governance programs and vendor risk management.

TLDR IT Newsletter (citing DataGrail report) · Data governance / enterprise AI risk · Relevance: 0.9 · Source →

AI-governance, vendor-risk, data-privacy, shadow-AI, enterprise-compliance, GDPR, procurement, third-party-risk

PREPAREIBM and Red Hat Launch $5 Billion Project Lightwell to Secure Open-Source Supply Chains

IBM and Red Hat announced Project Lightwell with a $5 billion commitment to backport security vulnerability fixes to the exact dependency versions already running in enterprise production, using 20,000 engineers and AI, initially targeting Maven/Java packages with PyPI, npm, and Go planned. The system delivers signed patches via dependency manifests without accessing source code, addressing one of the most persistent open-source supply chain risks at scale.

SiliconANGLE · Cybersecurity / software supply chain · Relevance: 0.8 · Source →

software-supply-chain, open-source-security, vulnerability-management, DevSecOps, enterprise-security, AI-assisted-patching

PREPAREOpenAI Launches Secure MCP Tunnel for Connecting Private Enterprise Servers Without Internet Exposure

OpenAI released Secure MCP Tunnel, an outbound HTTPS tunneling capability that allows enterprise IT teams to connect private, air-gapped or firewalled MCP servers to OpenAI products without exposing those servers to the public internet. The solution integrates with existing enterprise networking configurations and maintains private data flow, addressing a key barrier to enterprise MCP adoption.

TLDR AI Newsletter (citing OpenAI) · Enterprise software / agentic infrastructure · Relevance: 0.8 · Source →

MCP, enterprise-security, agentic-AI, networking, private-infrastructure, OpenAI, data-governance

ACTAnthropic Raises $65 Billion Series H at $965 Billion Valuation, Launches Claude Opus 4.8

Anthropic closed a $65 billion Series H at a $965 billion post-money valuation — surpassing OpenAI — while simultaneously releasing Claude Opus 4.8, which leads on agentic coding and honesty benchmarks, and disclosing $47 billion in run-rate revenue. The round was led by Altimeter, Dragoneer, Greenoaks, and Sequoia, with strategic participation from Samsung, SK Hynix, and Micron, and includes a $45 billion compute deal with SpaceX.

TechCrunch · AI model releases / funding · Relevance: 1.0 · Source →

frontier-AI, funding-round, model-release, agentic-coding, enterprise-AI, IPO-track, compute-infrastructure, AI-valuation

ACTStudy Finds All Major AI Models Violate EU Regulations in Up to 93% of Test Cases

Nonprofit research foundation Aithos tested major large language models using its LARA compliance tool and found every model violated GDPR and EU AI Act requirements to varying degrees — including unauthorized data collection, manipulation of vulnerable individuals, and creation of psychological profiles — with the worst performers failing in up to 93% of tested scenarios. The finding arrives less than 70 days before the EU AI Act's August 2, 2026 full-enforcement deadline, and Aithos warned that companies building AI agents on top of these models could also face legal liability.

Computerworld · AI regulation and governance · Relevance: 0.9 · Source →

AI-regulation, EU-AI-Act, GDPR, compliance, legal-liability, frontier-models, enterprise-governance, August-2026-deadline

WATCHBiohub Releases Open-Source ESMFold2 Protein World Model, Outperforming AlphaFold

Chan Zuckerberg Biohub released an open-source protein biology world model comprising ESMC (trained on 2.8 billion sequences), ESMFold2 (which benchmarks above AlphaFold 3 on structure and antibody-antigen prediction), and ESM Atlas (covering 6.8 billion protein sequences and 1.1 billion predicted structures). The system is already generating therapeutic binders against cancer and immune targets at hit rates of 36–88%, and is released under an MIT license for both commercial and non-commercial use.

Nature · AI/ML research and tooling · Relevance: 0.7 · Source →

AI-biology, protein-modeling, open-source, drug-discovery, foundation-models, biotech, scientific-AI

PREPARESnowflake Acquires Natoma MCP Governance Platform and Commits $6 Billion to AWS

Snowflake announced plans to acquire Natoma, an enterprise Model Context Protocol (MCP) governance platform that enforces identity, policy, and audit at the tool-call level for AI agents, alongside a $6 billion, five-year commitment to AWS infrastructure. The moves represent Snowflake's pivot from data warehouse to governed agentic enterprise control plane, and the company simultaneously reported Q1 FY2027 product revenue of $1.33 billion, up 34% year-over-year.

Snowflake (press release via BusinessWire) · Analytics platforms / data infrastructure · Relevance: 0.9 · Source →

agentic-AI, MCP, data-governance, enterprise-AI, cloud-infrastructure, acquisition, AI-security, data-platform

PREPAREAsana Acquires StackAI for $75 Million to Enable Cross-System AI Agent Workflows

Asana acquired StackAI, a no-code AI workflow platform, for $75 million, gaining the ability to deploy and govern AI agents across enterprise systems including Salesforce, Oracle, AWS, and DocuSign. The acquisition completes Asana's stack — AI Studio for simple automations, AI Teammates for daily agent tasks, and now StackAI for end-to-end cross-system orchestration — as the company positions itself as an operating system for human-agent teams.

TechCrunch · Decision support / workflow automation · Relevance: 0.8 · Source →

enterprise-AI, agentic-workflows, no-code, work-management, AI-orchestration, acquisition, human-agent-teams, SaaS

WATCHGlean Enterprise AI Search Revenue Crosses $300 Million ARR, Tripling in 15 Months

Enterprise AI search startup Glean surpassed $300 million in annualized revenue, up from $100 million just 15 months earlier, positioning AI cost reduction and improved enterprise context — rather than pure productivity — as its primary selling proposition. The company is accelerating even as Microsoft, Google, OpenAI, Anthropic, Salesforce, and Atlassian all move into the category.

TechCrunch · Business intelligence / enterprise AI search · Relevance: 0.8 · Source →

enterprise-AI-search, AI-cost-reduction, knowledge-management, RAG, enterprise-adoption, SaaS-growth