"what types of vulnerabilities a model can reliably discover or exploit; the token cost per useful vulnerability, exploit, or patch; and the effectiveness of post-training guardrails to prevent misuse," wrote 35 bipartisan U.S. House members to National Cyber Director Sean Cairncross, urging a federal plan to manage a coming cascade of AI-driven vulnerability disclosures.
Congressional push to plan for an AI-driven wave of disclosures
Led by Rep. Bob Latta, R-Ohio, nearly three dozen House members asked the White House to convene federal agencies and private-sector executives to design a framework for handling security flaws discovered by advanced AI models — specifically naming Anthropic's Mythos-level models as a driver of change. The lawmakers recommended routine early access to AI tools for open-source maintainers, non-profit security organizations and widely installed developers, and urged the federal government to offer patching assistance to critical infrastructure operators lacking sufficient cybersecurity capacity.
The letter also called for a disclosure framework to decide when proof-of-concept exploit chains should be restricted to affected vendors or "vetted defenders," and for processes to assess the types of vulnerabilities models can find, token costs per vulnerability, and the effectiveness of post-training guardrails.
YellowKey and GreenPlasma: new Windows exploits published
A researcher using the aliases "Nightmare-Eclipse" and "Chaotic Eclipse" released two proof-of-concept exploits on GitHub that they say affect Windows 11 and Windows Server 2022 and 2025. The first, dubbed "YellowKey," reportedly bypasses Microsoft BitLocker by exploiting NTFS transactions and the Windows Recovery Environment (WinRE). The exploit can be triggered by placing crafted files on a USB drive or EFI partition and booting into WinRE; holding the control key during reboot spawns a command shell with access to BitLocker-protected volumes.
The researcher said YellowKey works against the default TPM-only BitLocker configuration used on most consumer machines and claimed it also works against TPM+PIN configurations, though they declined to publish that variant. The researcher described a behavior difference between WinRE and standard Windows components as evidence of a deliberate backdoor. A second exploit, "GreenPlasma," targets the ctfmon process to plant an arbitrary memory section and manipulate registry and permission rules; in default configurations it triggers a user account control prompt, though the researcher said it can be turned into a full privilege escalation.
Škoda, a GeForce NOW partner, Foxconn and OpenLoop: breaches and claims
Škoda Auto's German online shop suffered a breach after attackers exploited a vulnerability in the standard software used by the shop, the automaker said. Škoda temporarily shut down the shop to patch the flaw and reported exposed customer names, postal addresses, email addresses, phone numbers, order details, account information and password hashes; payment card data was not affected. The company said logging limits prevented investigators from determining whether customer information was exfiltrated.
An Armenia-based GeForce NOW partner, GFN.am, disclosed system access between March 20 and 26 after a forum post claimed millions of user records for sale for $100,000. The seller used a "ShinyHunters" handle; the real ShinyHunters group denied involvement, and researchers have noted impersonation patterns tied to threat clusters UNC6040 and UNC6240. Nvidia said its own infrastructure was unaffected.
Separately, the Nitrogen ransomware gang claimed it stole eight terabytes and more than 11 million files from Foxconn — including materials tied to Apple, Nvidia, Google, Dell and Intel projects — and Foxconn acknowledged an attack affecting some North American factories. And Iowa telehealth firm OpenLoop revised its disclosure, telling federal regulators that a January breach affected 716,000 patients, potentially exposing names, addresses, dates of birth and medical information while excluding electronic health records, Social Security numbers and financial account details.
BO Team and MuddyWater: espionage, masquerade and evolving tactics
Kaspersky reported that pro-Ukraine hacktivist group BO Team expanded espionage-focused operations against Russian manufacturing, telecom and oil-and-gas companies, deploying updated ZeronetKit malware and a Linux tool called "ZeroSSH" while collaborating with a group dubbed Head Mare. BO Team has shifted from destructive actions toward stealthier intrusions and has reused overlap in command-and-control infrastructure with other actors.
Rapid7 documented an Iranian-linked campaign that disguised espionage as a Chaos ransomware attack, attributing it to MuddyWater (Seedworm). The campaign used Microsoft Teams social engineering and screen-sharing to harvest credentials, altered multifactor authentication settings and deployed remote access tools such as DWAgent and AnyDesk. Attackers used a custom remote access Trojan, Game.exe, disguised as a Microsoft WebView2 application, and focused on persistent access and data exfiltration while using ransomware branding as a false flag.
Microsoft's May Patch Tuesday and critical CVEs to watch
Microsoft's May 2026 Patch Tuesday fixed approximately 120 vulnerabilities across Windows, Office, SharePoint, Azure and productivity platforms with no zero-day disclosures. The release included 17 critical vulnerabilities, many involving remote code execution. Notable fixes include CVE-2026-41089 (a Windows Netlogon stack-based buffer overflow that could allow attackers to gain SYSTEM on domain controllers), CVE-2026-41103 (an Entra ID authentication bypass), CVE-2026-41096 (a Windows DNS client remote code execution via crafted DNS responses) and CVE-2026-40365 (a SharePoint Server remote code execution requiring site owner privileges).
Office products were also patched for multiple remote code execution flaws — several of which can be triggered through the preview pane without opening attachments — and Microsoft fixed CVE-2026-35421, a Windows GDI flaw exploitable via malicious EMF files.
What this means for technologists, policymakers, and affected enterprises
- Technologists and security teams: expect a higher cadence of AI-assisted vulnerability discovery and new exploit proofs such as YellowKey and GreenPlasma; prioritize patch management for the CVEs Microsoft released and investigate WinRE and BitLocker configurations where feasible.
- Policymakers and regulators: the House letter frames concrete policy requests — convening federal and private actors, defining disclosure limits, and offering patching aid for critical infrastructure — and presses for metrics on model capability and guardrail effectiveness.
- Affected enterprises and service operators: breaches at Škoda, GFN.am, Foxconn and OpenLoop underline exposure across retail, gaming, manufacturing and healthcare; log completeness, third-party risk and incident response readiness will be immediate priorities.
As lawmakers press for a structured federal response to AI-discovered vulnerabilities, organizations face concurrent live threats — published Windows exploits, active espionage masquerading as ransomware, and multiple large-scale breaches — leaving one concrete question: can policy, patching and operational controls align quickly enough to blunt a modeled surge in exploit discovery?
