EAIDaily - AI News Briefing | May 23, 2026
Focus Areas: AI Coding & Embodied Intelligence Selected: 8 key developments | Date: Saturday, May 23, 2026
1. Anthropic Project Glasswing: Claude Mythos Preview Uncovers 10,000+ Critical Vulnerabilities in One Month
Source: Anthropic Research Blog (May 22, 2026) / CyberSecurityNews
Anthropic released the first-month results of Project Glasswing, a collaborative cybersecurity initiative involving approximately 50 partner organizations. Using the Claude Mythos Preview model, the project has discovered over 10,000 high- and critical-severity vulnerabilities in critical software infrastructure in just 30 days. The findings shift the cybersecurity bottleneck from “finding vulnerabilities” to “verification and remediation.” Anthropic enforces a strict coordinated disclosure policy with up to 90-day confidentiality before public disclosure.
Why It Matters: This represents the largest-scale demonstration of AI-powered vulnerability discovery to date. For AI coding specifically, it validates that frontier models can audit entire codebases at superhuman speed — and raises the dual-use question: if Claude can find these vulnerabilities, could AI also exploit them? Project Glasswing is Anthropic’s proactive answer to this existential risk.
2. GitHub Supply Chain Attack: 3,800 Internal Repositories Compromised via Poisoned VS Code Extension
Source: GitHub Official (May 20, 2026) / Google Threat Intelligence (UNC6780)
A sophisticated supply chain attack by TeamPCP (aka UNC6780) compromised a trojanized version of the popular Nx Console VS Code extension (2.2M+ installations). The malicious version was live on the Visual Studio Marketplace for only 18 minutes (May 18, 12:30–12:48 UTC), yet successfully exfiltrated 1Password vaults, Anthropic Claude Code configurations (~/.claude/settings.json), npm tokens, GitHub tokens, and AWS credentials. Approximately 3,800 internal repositories were cloned via compromised CI/CD pipelines. Confirmed victims include OpenAI (2 employee devices breached, code signing certificates rotated), Mistral AI (developer device compromised, 25K USD Monero ransom demand), and the European Commission.
Why It Matters: This is the most consequential supply chain attack targeting AI coding infrastructure to date. The attack specifically targeted Claude Code and developer credentials, exposing the massive attack surface created by AI coding tools. It underscores that AI coding security is only as strong as the weakest link in the extension/package ecosystem.
3. Jack Clark’s Oxford Lecture: “60% Probability AI Trains Its Successor by End of 2028”
Source: Jack Clark, Anthropic Co-founder — 2026 Cosmos Lecture, Oxford University (May 20, 2026) / Axios
Anthropic co-founder Jack Clark delivered a provocative lecture at Oxford University predicting: (1) Nobel-level discoveries from human-AI collaboration within 12 months; (2) bipedal robots assisting skilled trades within 2 years; (3) fully AI-operated companies generating millions in revenue within 18 months; and (4) a 60%+ probability that AI models can fully train their successors by end of 2028. Clark explicitly acknowledged “non-zero probability” of AI existential risk and compared AI preparedness failures to COVID-19 response failures. Critically, Andrej Karpathy has joined Anthropic to lead a team using Claude to accelerate pre-training research — an early, deliberate practice of recursive self-improvement.
Why It Matters: When an Anthropic co-founder puts “intelligence explosion” into an official research document alongside a specific probability and timeline, the AI safety conversation has fundamentally shifted. For embodied intelligence, the prediction that bipedal robots will assist trades workers within 2 years directly connects to the accelerating robotics investment wave we’ve been tracking.
4. Superpowers Hits #1 on GitHub Trending: The Standardized Framework for Coding Agents
Source: GitHub Trending (obra/superpowers) / AIToolly (May 23, 2026)
The open-source project Superpowers (obra/superpowers) surged to the #1 position on GitHub Trending with 198,582 stars and 1,422 new stars in a single day. It provides a complete software development methodology and modular architecture specifically designed for building coding agents — using composable skills and base initialization instructions to assemble complex agent behaviors from simple, reusable components. The project represents a shift from ad-hoc AI coding configurations toward standardized, production-grade agent frameworks.
Why It Matters: The explosive growth of Superpowers signals that the AI coding community is moving beyond individual prompt engineering toward systematic agent architecture. At nearly 200K stars, it’s becoming the de facto standard for how developers structure coding agents — comparable to what React did for front-end frameworks.
5. Microsoft .NET Team Launches Official “Skills” Repository for AI Coding Agents
Source: GitHub Trending (dotnet/skills) / AIToolly (May 23, 2026)
Microsoft’s .NET team published a new GitHub repository called “skills” (dotnet/skills), providing AI coding agents with specialized .NET and C# capabilities. The repository serves as a centralized agent development resource hub, aiming to bridge the gap between AI and traditional software engineering frameworks, promoting automation and integration within the .NET ecosystem.
Why It Matters: When Microsoft’s own platform team starts building agent skill libraries, it signals that agent-native software development is becoming a first-class paradigm in enterprise engineering. This follows Anthropic’s official Claude Code plugin directory launch and Google’s Chrome DevTools MCP — all major platforms are now investing in agent-compatible interfaces.
6. Waymo Suspends All Freeway Robotaxi Operations Nationwide Over Safety Concerns
Source: TechCrunch / Los Angeles Times / The Verge (May 21–22, 2026)
Waymo has suspended all freeway robotaxi rides across the United States, including in Atlanta and San Antonio, following safety incidents involving construction zones and flooded roadways. The decision comes weeks after a software defect caused approximately 3,800 autonomous taxis to drive into flooded areas, prompting a fleet recall. Customers reported harrowing experiences including sudden lane changes and “neck-breaking” rides in construction zones.
Why It Matters: This is a significant setback for embodied AI in autonomous driving. After years of expanding aggressively, Waymo’s retreat to local-street-only operations exposes the persistent gap between AI performance on structured urban roads and the unpredictable complexity of highway environments. It also demonstrates that embodied AI safety challenges are not just theoretical — they have immediate commercial consequences.
7. Trump Cancels AI Executive Order After Direct Calls from Musk, Zuckerberg, and Sacks
Source: Axios (May 21, 2026)
President Trump cancelled a planned AI executive order that would have established a voluntary 90-day pre-release review framework involving NSA participation in confidential testing. The cancellation came hours before the signing ceremony, after direct phone calls from Elon Musk, Mark Zuckerberg, and AI czar David Sacks, who warned the framework could slow AI development. Trump stated: “I think it gets in the way — we’re ahead of China, ahead of everyone.” The order had been in development through months of cross-agency work.
Why It Matters: The episode reveals the extraordinary informal influence that AI CEOs now wield over US technology governance. For embodied intelligence and AI coding development, the absence of pre-release safety review frameworks means frontier capabilities — including those relevant to autonomous systems — will continue to deploy without structured government oversight.
8. Anthropic Acquires Stainless to Build World-Class Claude API SDKs
Source: Anthropic Official (May 18, 2026) / TechTarget Weekly Roundup
Anthropic confirmed the acquisition of Stainless, the startup responsible for building high-quality API SDKs for OpenAI, Cloudflare, and Merge. While deal terms were not disclosed, industry sources estimate the value at over €280 million (~¥22.18 billion). Stainless generates SDKs from OpenAPI specifications with consistent patterns, strong typing, and idiomatic language conventions. Claude’s Python, TypeScript, Java, Go, and Ruby SDKs are expected to improve significantly within 6–12 months.
Why It Matters: This is a strategic infrastructure play for the AI coding ecosystem. By acquiring the same company that built OpenAI’s SDK, Anthropic is directly investing in the developer experience layer that determines which AI model developers choose to integrate. SDK quality is increasingly the differentiator in API-driven AI coding workflows.
This Week’s Trend Summary
| Theme | Stories | Signal |
|---|---|---|
| AI Coding Security Crisis | #1, #2, #8 | Supply chain attacks targeting AI coding tools are the most immediate operational threat |
| Recursive Self-Improvement Goes Mainstream | #3 | “Intelligence explosion” is now an official Anthropic research term with 60% probability by 2028 |
| Agent Infrastructure Standardization | #4, #5 | Major platforms converge on agent-native tooling (Superpowers, .NET Skills, Claude Plugins, Chrome DevTools MCP) |
| Embodied AI Safety Reality Check | #6 | Waymo’s freeway suspension shows embodied AI is not yet ready for unstructured environments |
| AI Governance Vacuum | #7 | CEO influence over government policy leaves frontier AI development unconstrained |
Report generated by WoLoveAI | Focus: AI Coding & Embodied Intelligence