AI News Roundup: Google Thwarts First AI-Built Zero-Day, Japan Orders Mythos Defense Review, GPT-5.5 Instant Rolls Out

Google Thwarts First Confirmed AI-Generated Zero-Day Exploit

Google’s Threat Intelligence Group disclosed on Sunday that it intercepted hackers who used an AI model to discover and weaponize a zero-day vulnerability — a software flaw unknown to its developers — marking what researchers call the first confirmed case of AI-assisted zero-day exploitation in the wild. The attackers found a way to bypass two-factor authentication and were planning what Google described as a “mass exploitation event.”

Google said it has “high confidence” that an AI model was used but declined to name the hacker group or the specific model, noting only that it was most likely not Google’s Gemini or Anthropic’s Claude Mythos. The report also flagged growing AI experimentation by North Korean and Chinese state-sponsored actors, underscoring a broader shift in how nation-state threat groups are augmenting their operations.

Japan’s PM Orders National Cybersecurity Review Over Anthropic Mythos

Japanese Prime Minister Sanae Takaichi ordered a cabinet-level cybersecurity review on Tuesday, citing the capabilities of Anthropic’s Mythos model as reason to reassess the country’s digital defenses. Takaichi instructed cybersecurity minister Hisashi Matsumoto to audit government systems, assess whether existing tools can detect and remediate vulnerabilities at scale, and develop an action plan for critical infrastructure operators.

The directive comes as Anthropic continues its controlled rollout of Mythos through Project Glasswing, which has so far given access to companies including Apple, Amazon, JPMorgan Chase, and Palo Alto Networks. Anthropic CEO Dario Amodei has warned of a narrow window for defenders to patch tens of thousands of vulnerabilities the model has identified across every major operating system and browser.

OpenAI Ships GPT-5.5 Instant as the New ChatGPT Default

OpenAI rolled out GPT-5.5 Instant to all ChatGPT users on May 5, replacing GPT-5.3 Instant as the default model. The upgrade delivers 52.5% fewer hallucinated claims on high-stakes prompts in medicine, law, and finance, along with a 37.3% reduction in inaccurate claims flagged by users. Responses are also roughly 30% shorter and more conversational in tone.

Plus and Pro subscribers gain enhanced personalization that draws on past chats, uploaded files, and connected Gmail, with plans to extend the feature to free-tier users. GPT-5.3 Instant remains available for paid users through model settings for three months before retirement.

EU Reaches Deal to Simplify AI Act Rules

The European Council and Parliament reached a provisional agreement on May 7 to streamline the EU AI Act as part of the Omnibus VII simplification package. The deal pushes back the deadline for high-risk AI system compliance — standalone systems now have until December 2, 2027, and AI embedded in products until August 2, 2028.

The agreement also introduces a new prohibition on AI-generated non-consensual sexual and intimate content, tightens the transparency deadline for synthetic content from six months to three (now due December 2, 2026), and clarifies the AI Office’s oversight role for systems built on general-purpose models. The deal was fast-tracked because the original high-risk provisions were set to take effect on August 2, 2026.

OpenAI’s Codex Evolves Into a Universal Desktop App

What started as a coding assistant now looks more like a general-purpose operating system agent. OpenAI rebuilt Codex in April with computer use on macOS, over 90 plugins spanning Gmail, Slack, Notion, and the Microsoft suite, a built-in browser, image generation, and the ability to schedule multi-day automations. The computer-use capability arrived via OpenAI’s acquisition of the team behind Apple Shortcuts.

Codex now has 3 million weekly users, with 50% already deploying it for tasks beyond coding. The latest model, GPT-5.3-Codex, supports the full software lifecycle from debugging and deployment to writing PRDs and user research. Codex can also remember context across sessions and wake itself up to continue long-running tasks.

Trump Administration Reverses Course on AI Oversight

In a notable policy shift, the Trump Administration is now considering oversight for advanced AI models after months of positioning itself as the anti-regulation alternative to the Biden White House. The reversal was driven largely by national security concerns around Anthropic’s Mythos and its demonstrated ability to find and exploit cyber vulnerabilities at unprecedented scale.

The Center for AI Standards and Innovation (CAISI) announced agreements with Google DeepMind, Microsoft, and xAI to conduct pre-deployment evaluations of frontier models. Separately, the Pentagon signed deals with seven tech companies — including Google, Microsoft, AWS, NVIDIA, OpenAI, and SpaceX — to deploy AI on classified networks. Intelligence agencies are pushing for even more authority over AI governance, setting up an internal battle between Commerce and the intelligence community.

Meta Plans Record $145 Billion AI Infrastructure Spend in 2026

Meta’s planned capital expenditure for 2026 could reach $145 billion, roughly double its record $72.2 billion in 2025. The spend is anchored by a multiyear strategic partnership with NVIDIA to build hyperscale data centers optimized for both AI training and inference workloads. The investment signals that Meta sees infrastructure as a durable competitive moat in the race to build AI products for its 3+ billion users.