COGNOSCERE Daily Tech Review — Issue T114 · Wednesday, May 13, 2026

Or visit Intelligence Overview for deeper analysis.

ACTGoogle's Threat Intelligence Group Confirms First AI-Built Zero-Day Exploit Used in Cyberattack

Google's Threat Intelligence Group identified the first confirmed case of a criminal group using an AI model to both discover and weaponize a zero-day exploit targeting a popular open-source web-based system administration tool, specifically designed to bypass two-factor authentication. Google worked with the affected vendor to patch the vulnerability before the attack could execute at scale, with GTIG chief analyst John Hultquist declaring the 'era of AI-driven vulnerability and exploitation is already here.'

SecurityWeek · Cybersecurity Incidents · Relevance: 1.0 · Source →

zero-day, AI-generated exploit, 2FA bypass, nation-state hacking, cybercrime, offensive AI, GTIG

ACTTanStack npm Supply Chain Compromise: 84 Malicious Package Versions Published via GitHub Actions Attack

Threat actor group TeamPCP launched a coordinated supply chain attack on May 11 against npm and PyPI ecosystems, compromising 84 artifacts across 42 TanStack packages — including @tanstack/react-router with over 12 million weekly downloads — by chaining a GitHub Actions Pwn Request, cache poisoning, and OIDC token extraction to publish malicious versions without stealing credentials. The attack spread to packages including the official Mistral AI TypeScript client, UiPath tooling, and Guardrails AI, with all teams urged to rotate all secrets accessible from any install environment running on May 11.

Snyk · Cybersecurity Incidents · Relevance: 0.9 · Source →

supply chain attack, npm, software security, CI/CD, OIDC, credential theft, open source, developer tools

ACTInstructure Pays Ransom to ShinyHunters After Canvas Breach Exposes 275 Million Users at 8,800 Institutions

Instructure confirmed it reached an agreement and paid a ransom to criminal extortion group ShinyHunters after two successive breaches of its Canvas LMS exposed data from approximately 275 million users across nearly 9,000 institutions worldwide, including names, email addresses, student ID numbers, and private messages. The breach — described as the largest educational security breach on record — disrupted final exams across North America and prompted FBI involvement before Instructure received digital confirmation of data destruction.

Inside Higher Ed · Cybersecurity Incidents · Relevance: 0.9 · Source →

ransomware, data breach, edtech, supply chain, extortion, ransom payment, SaaS security

PREPAREAnthropic Signs $1.8 Billion Seven-Year Cloud Infrastructure Deal with Akamai

Anthropic has signed a $1.8 billion, seven-year cloud infrastructure deal with Akamai Technologies — the largest contract in Akamai's history — as the company scrambles to secure additional compute capacity following reported 80x growth in annualized revenue and usage in Q1 2026 for its Claude models. The deal is part of a broader infrastructure spree that also includes capacity agreements with Google, SpaceX's Colossus data center, CoreWeave, Amazon, Broadcom, and xAI.

Bloomberg · Cloud Computing · Relevance: 0.9 · Source →

cloud infrastructure, AI compute, enterprise AI, infrastructure investment, hyperscaler, CDN, Anthropic

PREPARECISA Issues CI Fortify Guidance Urging Critical Infrastructure Operators to Build Isolation and Recovery Capabilities

CISA released new CI Fortify guidance directing critical infrastructure operators to proactively plan for disruptive cyberattacks by establishing isolation and recovery capabilities before a crisis occurs, with specific relevance to IT and security teams responsible for systems that must continue operating when cloud services or vendor networks are degraded. The guidance arrives alongside the formation of a new Alliance for Critical Infrastructure coalition focused on improving national-level cybersecurity crisis planning and response.

Cybersecurity Dive · Cybersecurity Policy · Relevance: 0.9 · Source →

CISA, critical infrastructure, cyber resilience, incident response, policy, operational technology

WATCHUS Bank Shifts Critical Applications to AWS to Modernize Infrastructure for AI Workloads

US Bank is migrating critical applications to AWS as financial services firms accelerate cloud modernization driven by the requirements of enterprise AI adoption, illustrating how AI strategy is forcing banks to rethink foundational infrastructure rather than simply layering AI tools on existing systems. The move reflects a broader financial sector trend of cloud-first architectural overhaul as a prerequisite for AI at scale.

CIO Dive · Cloud Computing · Relevance: 0.8 · Source →

cloud migration, financial services, enterprise AI, AWS, data infrastructure, digital transformation, banking

ACTColorado AI Act Compliance Deadline Approaching June 30 Amid Federal-State AI Governance Battle

Colorado's comprehensive AI Act — the most expansive state-level AI governance law in the US, requiring risk management programs, consumer disclosures, and algorithmic discrimination mitigation for high-risk AI systems — takes effect June 30, 2026, while the Trump administration continues pursuing federal preemption of state AI laws through the DOJ AI Litigation Task Force. Organizations operating in Colorado or deploying AI for consequential decisions in employment, healthcare, education, financial services, or housing must have compliance controls documented before the deadline.

Software Improvement Group · AI Regulation and Governance · Relevance: 0.9 · Source →

AI regulation, Colorado AI Act, compliance, algorithmic discrimination, state law, federal preemption, high-risk AI, enterprise governance

PREPAREEU Reaches AI Act Omnibus Deal: Simplifies High-Risk Rules, Bans AI Nudification Apps, Delays Enforcement to 2027

The European Parliament and Council reached a provisional political agreement on the EU AI Act Omnibus, delaying high-risk AI system compliance deadlines (biometrics, critical infrastructure, employment, education) from August 2026 to December 2027 while adding an outright ban on AI 'nudification' apps and extending SME-level regulatory relief to small mid-cap companies with up to 500 employees. The deal also accelerates watermarking obligations for AI-generated content to December 2, 2026 and expands the AI Office's supervisory powers, with formal parliamentary adoption targeted before August 2, 2026.

European Commission · AI Regulation and Governance · Relevance: 1.0 · Source →

EU AI Act, AI regulation, compliance, high-risk AI, omnibus, nudification ban, watermarking, AI governance, Europe

WATCHThinking Machines Lab Releases TML-Interaction-Small: Full-Duplex Real-Time Multimodal AI Model

Thinking Machines Lab, founded by former OpenAI CTO Mira Murati, released a research preview of TML-Interaction-Small, a 276-billion-parameter Mixture-of-Experts model capable of simultaneously processing and generating audio, video, and text in 200ms micro-turn chunks without turn-taking pauses, achieving 0.40-second response latency versus 1.18 seconds for GPT-Realtime-2.0 and 0.57 seconds for Gemini-3.1-flash-live on the FD-bench interaction benchmark. The model pairs with an asynchronous background agent for complex reasoning and tool use, and is currently available only to select research partners with a broader release planned for later in 2026.

TechCrunch · AI Model Releases · Relevance: 0.9 · Source →

real-time AI, multimodal, full duplex, voice AI, agentic AI, AI model release, interaction models, enterprise AI

WATCHGoogle Gemini 3.1 Flash-Lite Reaches General Availability with Sub-Second Latency for Enterprise Workloads

Google launched Gemini 3.1 Flash-Lite into general availability via Google Cloud, positioning it as the most cost-efficient Gemini 3 model with sub-second response times and p95 latency around 1.8 seconds, targeting high-volume enterprise use cases in software engineering, financial services, and customer service operations. The model supports multimodal tasks and agentic capabilities including tool calling and orchestration.

TLDR AI · AI Model Releases · Relevance: 0.8 · Source →

Google, Gemini, AI model, enterprise AI, cloud AI, low latency, multimodal, agentic

WATCHIBM Think 2026: SQL Data Insights Pro, Confluent Integration, and GPU-Accelerated Watsonx.data Previewed

At Think 2026 in Boston, IBM announced SQL Data Insights Pro — an intelligence layer for Db2 for z/OS that converts SQL queries into real-time decision-ready insights without data movement — alongside the integration of Confluent's streaming platform into watsonx.data for real-time AI-ready data, and a private preview of GPU-accelerated query processing for watsonx.data Presto C++ built with NVIDIA. IBM also unveiled Content Cortex, an enterprise intelligent content services system for agentic automation, and positioned watsonx.data as an agent-ready, governed analytics platform.

IBM · Business Intelligence Platforms · Relevance: 0.8 · Source →

business intelligence, data analytics, enterprise data, agentic AI, real-time analytics, IBM, cloud BI, decision support

WATCHYum Brands Builds Unified AI Data Backbone Across 35,000 Taco Bell, KFC, and Pizza Hut Restaurants

Yum Brands is implementing a standardized common data model across all 35,000 Taco Bell, KFC, and Pizza Hut locations as the foundation for AI and digital operations, demonstrating that enterprise AI transformation at scale requires data standardization and legacy system consolidation before AI tools can be operationalized. The initiative is being cited as a representative case study for the path from fragmented operational data to enterprise-wide agentic AI readiness.

TLDR IT · Decision Frameworks · Relevance: 0.8 · Source →

enterprise AI, data standardization, digital transformation, AI readiness, restaurant technology, operational data, decision support