=========================================== SAGE INTELLIGENCE BRIEF Saturday, May 16, 2026 =========================================== LEAD STORY AI agents can now write working exploits, not just flag vulnerabilities. Mythos and GPT-5.5 are leading that capability according to new research out this week. Pair that with Git infrastructure already straining under AI-generated code volume and you've got two compounding pressures hitting the development and security stack simultaneously. This is the week the "AI accelerates attackers" story moved from theoretical to demonstrated. --- IT INFRASTRUCTURE ARCHITECTURE Git is buckling under AI coding agents GitHub's architecture wasn't designed for the commit velocity AI agents are generating. We're talking about a qualitative change in traffic patterns, not just more of the same. If your teams are running AI coding assistants at scale, start thinking about what that does to your CI/CD pipeline throughput and repo storage costs. Source: https://www.theregister.com/devops/2026/05/15/git-is-unprepared-for-the-ai-coding-tsunami/5241480 Data center power costs jumped 75% in PJM's market The largest US energy market saw prices spike 75% driven by data center demand. Hyperscalers are now looking at co-located or dedicated power generation to escape grid pricing. For anyone modeling cloud cost trajectories, this is a structural input cost increase that will work its way into pricing. Source: https://www.theregister.com/on-prem/2026/05/15/datacenters-slurping-juice-help-drive-75-jump-in-pjm-power-prices/5241491 Discord's March voice outage traced to a circular dependency Discord published their postmortem. A hidden circular dependency in their service graph took down voice for a significant portion of users. The failure mode was invisible until load exposed it. Worth reading if you're doing any microservices architecture work, because this is exactly the category of bug that doesn't show up in unit tests. Source: https://www.infoq.com/news/2026/05/discord-circular-dependency/ Microsoft launches a driver stability initiative Microsoft is moving to put more guardrails around driver quality after years of driver-related BSODs and instability complaints. The UI changes get the headlines but the driver certification work is what actually matters for enterprise fleet stability. Watch how this plays out across OEM partnerships over the next two quarters. Source: https://www.theregister.com/oses/2026/05/15/microsoft-puts-stability-in-the-drivers-seat-with-new-initiative/5241381 --- CYBERSECURITY & COMPLIANCE Exchange Server OWA flaw is being actively exploited This one's operational right now. Attackers are using a flaw in Exchange Server to turn Outlook Web Access inboxes into script execution launchpads. Microsoft has a mitigation available but it breaks inline image rendering and calendar printing. The proper patch isn't out yet. If you've got on-prem Exchange in any customer environment, this needs attention this weekend, not Monday morning. Source: https://www.theregister.com/on-prem/2026/05/15/exploited-exchange-server-flaw-turns-owa-inboxes-into-script-launchpads/5241150 AI agents are now building functional exploits Research published this week shows AI models, specifically Mythos and GPT-5.5, can generate working exploit code, not just identify where vulnerabilities exist. The gap between "AI finds a bug" and "AI weaponizes the bug" has closed. Your threat model needs to account for dramatically compressed time-to-exploit windows. Source: https://www.theregister.com/ai-ml/2026/05/15/ai-agents-show-they-can-create-exploits-not-just-find-vulns/5241453 Fourth Linux kernel flaw this month, this one leaks SSH host keys Qualys flagged it. The vulnerability can lead to SSH host key theft, which is a serious credential exposure path in any Linux-heavy environment. A patch exists but isn't available across all distros yet. Audit your Linux server inventory and track which distros are covered. Prioritize anything internet-facing or managing sensitive workloads. Source: https://www.zdnet.com/article/qualys-flags-a-linux-kernel-security-issue-that-could-lead-to-stolen-ssh-keys/ Google's API fraud victims got reimbursed but Google won't fix auto-expanding budgets Google quietly reimbursed sources who got hit by API fraud after Register coverage. The underlying behavior, where Google auto-expands API spending limits, is still in place. If you're managing GCP environments or any client running Google APIs, check whether budget caps are actually hard caps or soft recommendations. There's a real exposure here. Source: https://www.theregister.com/devops/2026/05/15/google-reimburses-register-sources-who-were-victims-of-api-fraud/5241429 --- CLOUD PLATFORMS & STRATEGY Cloudflare Workflows V2 ships with deterministic execution Cloudflare rebuilt their workflow orchestration engine. V2 supports deterministic, replayable execution and scales to 50,000 concurrent workflows. For anyone building event-driven automation or serverless orchestration on Cloudflare's stack, this is a meaningful architectural improvement. Deterministic replay is the feature that makes debugging distributed workflows actually tractable. Source: https://www.infoq.com/news/2026/05/cloudflare-workflows-v2-release/ Anthropic's Claude Code gets automated Routines Anthropic shipped a Routines feature for Claude Code that lets developers configure recurring, automated coding workflows. This moves Claude from interactive assistant to autonomous agent operating on a schedule. The integration and access control story around AI coding agents running unattended is something every org needs to think through before deployment. Source: https://www.infoq.com/news/2026/05/anthropic-routines-claude/ AI agents benchmarked on Kubernetes, results are mixed A CNCF-published study tested AI coding agents against Kubernetes environments. The agents handled isolated, well-scoped bugs reasonably well. Complex, multi-component issues are still beyond reliable autonomous resolution. Useful calibration data if you're evaluating where to deploy AI agents in your ops workflows versus where you still need human judgment in the loop. Source: https://www.infoq.com/news/2026/05/ai-agents-kubernetes-rag/ --- AI IN INFRASTRUCTURE & AIOPS AI as a thinking partner for large-scale engineering, not just a code generator Julie Qiu's presentation at InfoQ covers five distinct roles AI can serve for engineering leaders: architect, advisor, analyst, author and assistant. The framing matters because most orgs are still using AI as a fancy autocomplete. The teams getting real leverage are treating it as a systems-level thinking tool. Worth watching if you're figuring out how to embed AI into engineering practice beyond the IDE. Source: https://www.infoq.com/presentations/ai-large-scale-engineering-systems/ Anthropic is lobbying hard for US chip and model export controls before 2028 Anthropic went to Washington with a clear message: restrict China's access to frontier AI models and chips before 2028 or risk ceding the rules of the road to authoritarian governments. This is vendor positioning but it's also real policy advocacy. The outcome of this debate shapes what AI infrastructure looks like globally for the next decade. Source: https://www.theregister.com/ai-ml/2026/05/15/anthropic-urges-uncle-sam-to-kneecap-chinas-ai-ambitions-before-2028/5241201 AI agents creating exploits, detailed Covered in cybersecurity above but worth flagging again from an AIOps angle. The same agent capabilities being sold as vulnerability scanners are now demonstrably capable of generating attack code. The dual-use nature of these tools is going to drive compliance and procurement conversations faster than most security teams are ready for. Source: https://www.theregister.com/ai-ml/2026/05/15/ai-agents-show-they-can-create-exploits-not-just-find-vulns/5241453 --- HARDWARE, GPU & COMPUTE Data center power costs are becoming a hardware procurement variable The 75% PJM price spike is pushing hyperscalers toward bring-your-own-power models for AI compute facilities. For enterprise buyers, this signals continued upward pressure on cloud GPU instance pricing. Anyone running workloads on reserved capacity should be looking at their renewal windows carefully. Source: https://www.theregister.com/on-prem/2026/05/15/datacenters-slurping-juice-help-drive-75-jump-in-pjm-power-prices/5241491 Nothing in the feed tonight on specific firewall or switching hardware releases. Monitoring for Cisco, Palo Alto, Fortinet and Arista announcements, nothing confirmed this cycle. --- NETWORK MANAGEMENT & MONITORING Nothing in tonight's feed directly covering RMM platforms, PSA tools or network monitoring vendors. No confirmed announcements from NinjaRMM, ConnectWise, Datto, N-able, SolarWinds, Datadog or Dynatrace this cycle. --- MANAGED SERVICE PROVIDERS Decentralized architecture is becoming an MSP delivery pressure point InfoQ's minibook on architecting autonomy inside organizations is aimed at enterprise teams, but the dynamic applies directly to MSPs. As AI accelerates delivery cycles, centralized architecture governance becomes a bottleneck. MSPs that are still running every technical decision through a single architect or CTO are going to feel this. The ones distributing decision authority with clear guardrails will move faster. Source: https://www.infoq.com/minibooks/architecting-autonomy/ AI coding automation changes what clients expect from managed development services Anthropic's Routines feature for Claude Code is one signal in a broader trend. Clients are starting to understand that AI can run automated, scheduled coding tasks. That changes the conversation about what they're paying for when they engage managed development or DevOps services. MSPs with any software delivery in their portfolio need a clear answer to "what does your team do that the AI doesn't." Source: https://www.infoq.com/news/2026/05/anthropic-routines-claude/ --- IT VENDOR ECOSYSTEM & M&A Google holds firm on auto-expanding API budgets despite fraud reimbursements Google paid back the people who got burned, but the policy that enabled the fraud is still in place. This is a vendor accountability story. Google is making a calculated bet that the friction of hard budget caps costs them more in developer experience than the fraud liability costs them in reputational terms. Procurement teams running GCP should treat this as a governance gap and implement their own hard controls. Source: https://www.theregister.com/devops/2026/05/15/google-reimburses-register-sources-who-were-victims-of-api-fraud/5241429 Microsoft's driver stability initiative signals a platform maturity push This is part of a broader Microsoft pattern: after years of feature velocity, there's organizational pressure to shore up reliability. The driver initiative, combined with Windows quality improvements in recent builds, suggests the platform team is responding to enterprise complaints. Good signal for orgs managing large Windows fleets, but track whether it actually translates to fewer patch-related incidents over the next two quarters. Source: https://www.theregister.com/oses/2026/05/15/microsoft-puts-stability-in-the-drivers-seat-with-new-initiative/5241381 --- EDGE COMPUTING & IOT Nothing in tonight's feed with direct edge computing or OT/IoT enterprise relevance. Monitoring for 5G private network, industrial IoT and edge AI deployments. Nothing confirmed this cycle. --- WHAT TO WATCH The AI exploit generation story is the one to track closely this week. The moment AI moves from vulnerability discovery to exploit creation is the moment the offensive security economics change permanently. Expect this to accelerate conversations around AI use policies, model access controls and the regulatory frameworks that govern AI-assisted security tooling. This is a months-long story, not a one-week news cycle. --- CONVERSATION STARTER AI agents benchmarked on Kubernetes can reliably fix isolated, well-scoped bugs but fail on complex multi-component issues. That's your calibration point for any executive asking whether AI can replace senior ops engineers. Narrow tasks, yes. Judgment-dependent ones, not yet. ===========================================