May 17, 2026 | Listen online | Read online

In partnership with

Welcome, humans.

A viral r/SoftwareLabs post claimed one solo operator built a 7-agent Claude Code system that runs cold email campaigns for 38 B2B clients at $3K each.

The supposed stack: one orchestrator, six sub-agents, MCP servers, Smartlead, Higgsfield, Calendly, a local file system, and an iPhone agent that books meetings on the go.

The comments split into two very internet-native camps: "I need to learn this immediately" and "source: trust me bro." One person did the math and landed at $114K a month. Another replied that believing random financial claims online might be the first problem.

Still, the workflow idea is useful even if the revenue claim is sus:

One agent owns writes.
Helper agents do narrow jobs.
Evals check quality.
And the human only approves exceptions.

That is a good pattern for agents. But please, use responsibly… my LinkedIn can only take so much AI content before it turns it needs to be (insert dirty word no one wants to hear post 2020 global pandemic… ugh fine i’ll just say it) quarantined.

Here's what happened in AI this week:

😿 Google found an AI-assisted zero-day exploit.
📰 AISI said Mythos completed two cyber ranges.
📰 TanStack packages were hit by a supply-chain attack.
📰 Microsoft's security agents topped a cyber benchmark.
🌟 Genspark explained its shift from search to agents.

NEW from The Neuron: Check out our full breakdown of Thinking Machines' interaction models and what they could enable in time.

Hey: Want to reach 700,000+ AI-hungry readers? Advertise with us!

P.S: Love robots? We’re starting a new robotics newsletter! Sign up early here.

😿 AI Hit Cybersecurity From Both Sides This Week

Cybersecurity had a very Mr. Robot week, except this time, Rami Malek’s iconic hoodie came with AI agents instead of a split personality of his deceased father. That was a weird show, huh?

Let’s start with the weird bug. Last week, Google said a criminal threat actor appeared to have used AI to help find and weaponize a zero-day. Zero day means a flaw attackers can use before the developer has a fix for it. This one targeted two-factor authentication, the extra login step that asks for a code or phone approval.

The important part was the shape of the flaw. Google said it came from a hardcoded trust assumption, meaning the system quietly decided a user should be trusted when they should have been checked again. So it’s fixable, right? Don’t hard code trust!

Here’s what else happened:

TanStack, the company behind popular open-source web development tools, said attackers pushed 84 malicious versions of its software across 42 npm packages. Npm packages are reusable JavaScript code bundles that developers install into apps, which means one poisoned package can travel fast through real products.
- The attack abused GitHub Actions, the automation system developers use to test and publish code.
- That matters because the attackers did not need to steal npm passwords; they went after the trusted publishing machinery around the code instead.
Meanwhile, the UK-based AISI organization said frontier models’ autonomous cyber “time horizon” has doubled on the order of months.
- So models are getting better at staying on longer hacking tasks without a human steering every step, which is exactly the kind of persistence attackers need to turn one weird flaw into a bigger compromise.
- A newer Mythos Preview checkpoint (meaning a newer version of the model) made that trend feel less abstract.
- It completed “The Last Ones,” a 32-step simulated corporate network attack, in 6/10 attempts, and solved a previously unsolved industrial-control range called “Cooling Tower” in 3/10 attempts. Wicked fast, bro.

Why all this matters: AI changes what attackers are good at looking for. Traditional security tools are great at spotting broken locks: crashes, unsafe memory, sloppy inputs. Models are getting better at tracing the steps a user takes through a system, then spotting the moment the system grants access without checking enough.

That same trust problem gets worse when software moves through packages, scripts, permissions, cache systems, and cloud tokens. Once one trusted link gets poisoned, “bad dependency” can become “stolen credentials” fast. Hence the term “supply chain attack”; in attacks like the TanStack one, the whole supply chain is poisoned.

So the issue is whether models can keep going through a messy sequence of cyber steps: find a weak point, test it, pivot, and keep moving.

Enter the defense: Microsoft showed off MDASH, its multi-agent vulnerability-finding system, which found 16 Windows bugs, including four critical remote-code execution flaws (those are bugs that can let attackers run code on a target system).

So instead of handing humans another pile of maybe-bugs, systems like this can audit, debate, and prove which threats are real. Translation: attackers will use AI to find where a system says yes too easily. Defenders will use agents to turn suspicious code into proof, patches, and the team of humans that actually has to fix the thing.

FROM OUR PARTNERS

The ops hire that onboards in 30 seconds.

Viktor is an AI coworker that lives in Slack, right where your team already works.

Message Viktor like a teammate: "pull last quarter's revenue by channel," or "build a dashboard for our board meeting."

Viktor connects to your tools, does the work, and delivers the actual report, spreadsheet, or dashboard. Not a summary. The real thing.

There’s no new software to adopt and no one to train.

Most teams start with one task. Within a week, Viktor is handling half of their ops.

Add Viktor to Slack for free.

🎓 AI Skill of the Day: Run an AI Security Gut Check

You do not need to be a security engineer to ask better security questions.

Today's skill: use AI to run a defensive "gut check" on any workflow where software, customer data, accounts, or automation are involved. The goal is simple: find the places where trust is being assumed.

This is useful because this week's biggest security stories were all about assumptions. A package install assumed the code was safe. A login system assumed a user with partial access could be trusted. A security team assumed old scanning methods could catch new attack patterns.

Copy this into ChatGPT or Claude:

Act as a defensive security reviewer.

Review this workflow, system, or automation:
[PASTE DESCRIPTION]

Look for places where the system assumes trust too early.

Focus on:
1. User accounts and permissions
2. Third-party packages or integrations
3. API keys, tokens, and credentials
4. Automated actions that could cause damage
5. Data that should stay private
6. Approval steps before anything public or irreversible
7. Monitoring logs I should check regularly

For each risk, explain:
- What could go wrong
- Why a normal check might miss it
- The safest practical fix
- Whether this needs an expert review

Keep this defensive only. Do not provide exploit steps.

Want more tips like this? Check out our AI Skill of the Day Digest for May.

Have a specific skill you want to learn? Request it here.

🍪 Treats to Try

*Asterisk = from our partners (only the first one!). Advertise to 700K+ readers here!

*With Wrike, you get award-winning tools that empower collaboration, visibility, and adaptability. Try for free.
ChatGPT personal finance lets Pro users in the U.S. connect bank accounts and ask questions about spending, subscriptions, portfolio performance, and goals (Pro preview).
Microsoft MDASH uses 100+ specialized agents to find, debate, and prove security bugs across software systems, limited preview.
WhatsApp Incognito Chat lets you chat with Meta AI in a privacy-preserving mode where Meta says it cannot access your questions or answers.
Alexa for Shopping brings Amazon's shopping assistant into the search bar so you can ask product, reorder, and recommendation questions (read more).
OpenEvidence gives physicians an AI medical reference tool that checks doctor credentials before access.
TinyPPO Snake runs a live neural-net Snake training demo in your browser, turning PPO and WebGPU into something you can actually watch learn; HN thread; free to try.

NEW: How real businesses are already using Genspark like an AI employee.

Click to watch on YouTube!

In our latest podcast episode, Wen Sang, co-founder and COO of Genspark, showed what AI agents look like when they move from demos to actual work.

He walked through building a VC pitch deck live, then shared how customers are already using it across consulting, advertising, real estate, sales ops, banking, insurance, oil and gas, government, dev shops, and marketing teams.

The wildest example: one power user runs a 600-agent sales business through a Genspark Claw agent named “Goose,” and spends $2K/month on Genspark credits because it helps him make more money.

The big idea: You can now run a services business with software thanks to agents. Your agent learns the tools, connects the apps, remembers the context, and pushes work toward a finished output.

Watch and/or Listen: YouTube | Spotify | Apple Podcasts

📰 Around the Horn

Apple is reportedly planning a privacy-focused Siri revamp with auto-deleting chats and a standalone Siri chat app powered by Google Gemini.
Malta became the first country to offer every citizen free ChatGPT Plus after completing an AI literacy course.
Bloomberg reported a second year of job losses (0.2% drop) across 18 AI-exposed roles like customer service, sales, and secretarial work (worth about 10M jobs in 2025); meanwhile, overall employment is up 0.8%.
- If this 4 to 1 ratio growth-to-loss ratio holds, the overall jobs picture post AGI is maybe okay? The crummy part about the overall job market tho is just because jobs exist, doesn’t mean the new ones are jobs you are qualified for / want to do…
The Information reported that 34 top AI startups doubled revenue in six months to roughly $80B ARR (~$6.7B per month), but 89% of that money (~$5.93B/month) still flows to Anthropic and OpenAI.
ProgramBench said GPT-5.5 became the first model to fully solve one of its coding benchmark instances.

FROM OUR PARTNERS

AI coding tools are scaling fast. So are the costs, and most teams can't explain them to the CFO. Join us at Agentic DevOps World on May 19 for live data and real answers on AI at enterprise scale.

🌟 Sunday Special: Top of the Week

Here are the top 5 stories and top 5 tools from last week; to catch up on everything that happened this week, read our Week in Review Around the Horn Digest here.

Top 5 New Tool Launches

OpenAI Daybreak: Uses GPT-5.5 and Codex Security to find threats, generate patches, and verify remediation across code and systems.
Claude Code Agent View: Gives developers one place to manage parallel Claude Code sessions, unblock agents, and jump between running tasks.
Kimi WebBridge: Connects Kimi's desktop agent to your browser so it can research, click, fill forms, and compare options locally.
OpenAI Codex Plugin For Claude Code: Lets developers run Codex inside Claude Code for reviews, adversarial checks, and background coding tasks.
Velo 2.0 turns a raw screen recording into a polished video and written doc, then lets you edit both by chat.

A Cat’s Commentary

That’s all for now.

What'd you think of today's email?

🐾🐾🐾🐾🐾 Like a hit of catnip

🐾🐾🐾 Good, not great

🐾 It sucked

P.P.S: Love the newsletter, but only want to get it once per week? Don’t unsubscribe—update your preferences here.

Advertise with us and get in front of over 650,000 AI enthusiasts

Update your email preferences or unsubscribe here

3343 Perimeter Hill Dr. Ste. #215
Nashville, Tennessee 37211, United States