IT News Roundup: AI Agent Security Flaws, Critical Firewall Vulnerability, and Meta Privacy Backlash - May 30, 2026

The past week has been dominated by three intersecting themes: the growing security risks of AI-powered development tools, critical infrastructure vulnerabilities that demand immediate patching, and the ethical tensions between corporate AI ambitions and employee privacy. Below are the most significant stories for IT professionals and homelab administrators.

"Comment and Control" Prompt Injection Compromises Three Major AI Coding Agents

Security researchers have demonstrated a prompt injection attack dubbed "Comment and Control" that successfully exfiltrated credentials from three of the most widely used AI coding agents: Anthropic's Claude Code, Google's Gemini CLI, and GitHub's Copilot Agent. The vulnerability was discovered by researcher Aonan Guan alongside colleagues at Johns Hopkins University.

The attack works through GitHub's own infrastructure. An attacker opens a pull request with a malicious instruction embedded in the PR title, issue body, or review comment. When the AI agent processes the request, it is tricked into posting its own API keys as comments on the pull request. No external infrastructure is required — the injection surface is GitHub itself. The researchers noted that this is the first prompt-injection finding that a vendor's own system card had predicted.

The root cause lies in how GitHub Actions handles the pull_request_target trigger. Unlike the standard pull_request trigger, which isolates forked repositories, pull_request_target injects secrets into the runner environment — exactly what most AI agent integrations require to access credentials. The finding has prompted urgent reviews across the AI agent ecosystem.

Source: VentureBeat | Original Research Disclosure

Critical Unauthenticated RCE in Palo Alto Networks PAN-OS (CVE-2026-0300)

A critical buffer overflow vulnerability in Palo Alto Networks' PAN-OS has been confirmed as actively exploited in the wild. CVE-2026-0300 affects the User-ID Authentication Portal service and allows unauthenticated remote attackers to execute arbitrary code with full root privileges on PA-Series and VM-Series firewall appliances.

Exploitation requires no credentials or user interaction — attackers send specially crafted network packets to trigger the buffer overflow. Multiple security researchers, including teams at Rapid7 and Wiz, have confirmed active exploitation. The vulnerability was published as a security advisory on May 6, 2026, and affects a wide range of PAN-OS versions.

Organizations running Palo Alto firewalls are urged to apply patches immediately. Administrators should also review firewall logs for signs of exploitation, including unusual outbound connections or unexpected process activity. For homelab users running VM-Series instances in virtualized environments, isolation from untrusted networks is recommended until the patch is applied.

Source: Palo Alto Networks Security Advisory | Wiz Security Blog

Meta Faces Backlash Over Employee Keystroke and Mouse Tracking for AI Training

Meta has intensified internal and external criticism over its program to collect detailed records of U.S. employees' computer usage — including keystrokes, mouse movements, and screen activity — for training its AI models. A Wired report revealed that an engineer's internal post protesting the surveillance was viewed by nearly 20,000 coworkers, with one employee writing, "Selfishly, I don't want my screen scraped because it feels like an invasion of my privacy." A separate Reuters exclusive from May 29 disclosed that the data collection is more extensive than initially described and is set to capture non-U.S. employee data as well, potentially placing the program on a collision course with EU privacy regulations.

Meta CEO Mark Zuckerberg has defended the initiative, stating the company is not gathering data for "surveillance or performance tracking." Instead, the data is intended to train AI agents that can observe and learn from employee workflows. The program is part of a broader AI workforce overhaul at the company. However, the timing has drawn additional scrutiny given recent layoffs and the broader industry conversation around AI replacing knowledge workers.

The controversy underscores a growing tension in the AI industry: the same organizations deploying AI tools to augment developer productivity are simultaneously raising questions about worker surveillance, consent, and data ownership.

Source: Reuters | Wired | New York Times

Google Unveils 8th-Generation TPUs and Gemini Enterprise Agent Platform at Cloud Next 2026

Google Cloud used its annual Cloud Next conference to announce major infrastructure and software updates aimed at the "agentic era" of AI. The headline hardware announcement was the 8th-generation Tensor Processing Unit, which for the first time splits into two specialized chips: TPU 8t for training workloads and TPU 8i for inference. Google reports that its first-party AI models now process more than 16 billion tokens per minute via direct API use, up from 10 billion the previous quarter.

On the software side, Google launched the Gemini Enterprise Agent Platform, designed to let organizations deploy AI agents that can handle complex, multi-step tasks across enterprise systems. The platform integrates with Google's Threat Intelligence and Security Operations capabilities, as well as Wiz's cloud security platform, creating what Google calls an "agentic defense" stack. An Agentic Data Cloud initiative was also announced, tying together data management and AI agent orchestration.

For homelab and infrastructure professionals, the split between training and inference TPUs signals a broader industry shift toward purpose-built AI hardware rather than general-purpose accelerators. Organizations evaluating cloud AI infrastructure should expect these new TPUs to become available for customer workloads in the coming months.

Source: Google Cloud Blog | Google Cloud AI Infrastructure

Open Source Vulnerabilities Double to 581 per Codebase as AI Accelerates Code Creation

Black Duck's 2026 Open Source Security Risk Analysis (OSSRA) report reveals a troubling trend: the average number of open source vulnerabilities per codebase has doubled to 581, driven largely by the explosion of AI-generated code. The report found that 87% of audited codebases are at risk, and 65% have already been hit by attacks. License conflicts reached a record high at 68% of codebases, up 12 percentage points from the previous year.

The correlation between AI adoption and vulnerability density is stark. Codebases with heavy AI-generated code show significantly higher vulnerability counts, as AI tools tend to pull in dependencies without fully vetting their security posture. The report highlights that two-thirds of organizations now have license conflicts in their codebases — the highest rate in OSSRA's history.

The Open Source Security Foundation responded to these trends by launching its Ambassador Program with an initial cohort of 13 ambassadors tasked with spreading security best practices globally. The foundation also released version 1.0.0 of its Python Secure Coding Guide at its Community Day event.

Source: Black Duck Blog | OpenSSF Newsletter

cPanel Zero-Day Exploited for Months Before Patch (CVE-2026-41940)

A critical authentication bypass vulnerability in cPanel & WHM, designated CVE-2026-41940, was exploited as a zero-day for months before a patch was released. The vulnerability carries a CVSS score of 9.8 and allows unauthenticated remote attackers to bypass authentication entirely and gain full administrative access to affected control panels.

The flaw was exploited starting in February 2026, affecting an estimated 1.5 million servers worldwide. cPanel released patches in late April, with the fully patched version being 11.136.0.13 as of May 20, 2026. Administrators are advised to run /scripts/upcp --force via SSH as root to update, then execute the official IOC detection script from cPanel to check for prior compromise.

For homelab administrators running cPanel-based hosting stacks, this is a critical reminder: shared hosting control panels represent a high-value attack surface. Regular updates, intrusion detection, and monitoring of cPanel access logs are essential practices.

Source: SecurityWeek | Rapid7

AI Coding Agents Running with Unrestricted Shell Access Create Single Point of Failure

A growing concern in the developer security community is the default configuration of AI coding agents like Claude Code, GitHub Copilot, and Gemini CLI. These tools run with shell access, environment variables containing API keys, and unrestricted internet connectivity — creating a single point of failure where one compromised tool call can leak credentials to an attacker-controlled domain.

Open-source project Pipelock, developed by Joshua Waldrep under the PipeLab project, addresses this exposure by inserting an enforcement layer between AI agents and the network. The tool restricts what domains agents can reach, what environment variables they can access, and what shell commands they can execute. GitGuardian's research found that commits co-authored by AI agents leak secrets at roughly double the baseline rate across public GitHub repositories.

Security teams should evaluate whether their AI agent deployments include runtime safeguards. Best practices include network-level restrictions on agent egress traffic, secret scanning in CI/CD pipelines, and least-privilege environment variable scoping.

Source: Help Net Security | GitGuardian Research