Throughline Desk · May 15, 2026

Throughline Intelligence — May 15, 2026

Markets at a Glance

Brent crude: Trading above $100/barrel as of May 15, 2026, fluctuating since a mid-March surge amid the Iran war; Strait of Hormuz transit effectively at a standstill (Enterprise Bank)
S&P 500: Has recovered the full 9% pullback it suffered in March and hit new all-time highs during the April rally (Enterprise Bank)
U.S. 10-year Treasury yield: Briefly rose above 4.5% intraday on Trump-Xi summit repricing as investors trimmed near-term tariff-relief expectations
Zhipu (Z.ai parent): Closed up 15.92% on the day GLM-5.1 launched (Air Street Press)
HawkEye 360 (pre-IPO): Targeting a $2.4B valuation, ~$400M raise at $24–$26/share (Securing Our Future)

The Thread

A single current runs beneath Friday's traffic across all five domains: the operational fusion of artificial intelligence, autonomous systems, and kinetic conflict has stopped being theoretical. Anthropic's unreleased Claude Mythos was reported to have found thousands of zero-days — including a 27-year-old OpenBSD bug — and the company decided the model was too dangerous to release. Microsoft's MDASH agent swarm independently surfaced 16 Windows vulnerabilities including four critical remote-code-execution flaws. Google confirmed the first AI-authored zero-day exploit in the wild, developed by a criminal group for a planned mass-exploitation event. The Five Eyes intelligence alliance published joint guidance on agentic AI in critical infrastructure the same week. None of these developments are coincidences.

The defense layer mirrors the cyber layer. The Pentagon's Defense Autonomous Warfare Group (DAWG) request grew from $225 million in fiscal year 2026 (FY26) to $54.6 billion in FY27 — roughly 15% of a $350 billion defense reconciliation package proposal. The Air Force ran its first operational agentic wargame, WarMatrix, with outputs reaching senior Air Force leadership. Ukrainian Sky Map drone-defense software now runs at Prince Sultan Air Base in Saudi Arabia, where an E-3 AWACS was damaged by a drone strike on March 27.

The connective tissue: frontier AI has, in the words of Air Street's State of AI report, "crossed the rubicon" into offensive cyber operations — and the same capabilities now drive procurement, doctrine, and battlefield software. The Trump-Xi summit concluded without a trade breakthrough; yields and futures repriced. Markets are paying attention to the wrong story.

Developing

Anthropic Project Glasswing zero-day pipeline [AI][CYBER] — Claude Mythos Preview, given to AWS, Apple, Cisco, Google, JPMorgan Chase, and Microsoft, surfaced thousands of zero-days across every major OS and browser. Anthropic committed $100M+ in model credits and confirmed no public release of Mythos due to dual-use risk. Coordinated CVE disclosures from participating vendors are expected in coming weeks.
Pentagon DAWG procurement [DEFENSE][AI] — The $54.6B FY27 request, with $53.6B proposed via reconciliation funding, is now the largest single technology procurement signal in U.S. defense planning in recent history. Modular Open Systems Architecture (MOSA) compliance and Zero Trust Strategy 2.0 enrollment are entry requirements for vendors.
Ukraine drone-defense agreement [WORLD][DEFENSE] — U.S. and Ukraine moved closer to a landmark drone defense deal; the Ukrainian National Security Council projects $55B in 2026 production capacity against roughly $15B in domestic purchasing power.

World & Markets

Ukrainian drones reportedly damaged Ryazan oil refinery; Sen. Marco Rubio calls Ukrainian military "strongest in Europe" — A swarm of long-range strike drones reportedly bypassed electronic-warfare screens to damage the Ryazan facility, more than 100 miles inside Russia, which supplies a significant portion of Moscow's refined fuel. Sen. Marco Rubio's assessment of Ukrainian military strength came as peace talks stalled and the Kremlin reiterated President Putin's 2024 demand for four Ukrainian oblasts. Watch for possible Russian retaliation on Ukrainian power infrastructure within 48–72 hours. (Reuters)
[CROSS-DOMAIN] U.S.-Ukraine near landmark drone defense deal; Pentagon studies Ukrainian battlefield up close — The U.S. Department of Defense confirmed American personnel deployed to Ukraine to study modern drone warfare. One Ukrainian manufacturer alone plans 3 million+ low-cost FPV (first-person-view) military drones in 2026 versus the roughly 300,000 the U.S. produced in all of 2025. Ukrainian production know-how paired with U.S. financing and scale is cited as the rationale for cooperation. (CBS News)
Trump-Xi summit concludes in Beijing with no trade breakthrough — Ahead of the May 14–15 summit, Beijing hosted Taiwan opposition Kuomintang head Cheng Li-wun and announced 10 incentives for Taiwan including eased tourism restrictions and restored flights. The dual-track play — sweeteners for Taipei's opposition while negotiating with Washington — drove market repricing as Treasury yields briefly rose above 4.5% intraday and Dow futures declined. (ZeroFox monthly geopolitical report)
Strait of Hormuz operationally constrained as oil holds above $100 — The Strait functions as a de facto Iranian-controlled bottleneck. Tanker traffic around the Cape of Good Hope has reached its highest level since early 2025. Equities have looked past the disruption — the S&P 500 recovered its March pullback and hit new highs in April — while energy markets continue to price in a long war, not a quick ceasefire. (Enterprise Bank)
FBI offers $200,000 for former Air Force intelligence specialist charged with spying for Iran — The public reward, with the subject reportedly outside U.S. jurisdiction, fits a pattern of accelerated Iran-linked espionage prosecutions since the U.S.-Iran conflict began. An intelligence specialist with access to ISR (intelligence, surveillance, and reconnaissance) data represents a top-tier insider compromise during active conflict. (CBS News)
U.S. citizen convicted of running secret Chinese "overseas police station" in New York City — The verdict is the first federal conviction for operating an undeclared Chinese government surveillance node on U.S. soil. Such stations function as collection points for diaspora monitoring and have been identified globally by human rights groups; the verdict sets a legal precedent for future cases. (Euromaidan Press)

AI & Agents

OpenAI rolls out GPT-5.5 Instant as ChatGPT default; launches in-product advertising platform (GA) — GPT-5.5 Instant replaces GPT-5.3 Instant as the default model and chat-latest API endpoint; paid users retain GPT-5.3 Instant for three months. Developers now select from minimal/low/medium/high/xhigh reasoning effort, with low as default. Putting ads inside the most-used AI assistant restructures how AI interfaces compete with search. (Releasebot)
[CROSS-DOMAIN] Anthropic Project Glasswing deploys unreleased Claude Mythos to find thousands of zero-days — Mythos Preview, given to AWS, Apple, Cisco, Google, JPMorgan Chase, and Microsoft, identified thousands of zero-day vulnerabilities across every major OS and browser, including a 27-year-old OpenBSD bug. Anthropic committed $100M+ in usage credits and has no plans for public release due to dual-use cybersecurity risk. The decision tacitly confirms that sufficiently capable AI can be an asymmetric offensive cyber weapon. (Crescendo AI)
Four Chinese labs ship open-weight frontier coding models within 12 days at ~⅓ of Claude Opus 4.7 cost — Z.ai's GLM-5.1, MiniMax M2.7, Moonshot's Kimi K2.6, and DeepSeek V4 landed at comparable agentic-engineering capability ceilings to Western frontier models. Zhipu stock closed up 15.92% on GLM-5.1 launch day; MiniMax demoed M2.7 running 100+ rounds of self-scaffold optimization; Kimi shipped a 12-hour continuous tool-use trace porting an inference engine to Zig. NIST's CAISI aggregate cross-domain benchmark places DeepSeek V4 roughly eight months behind the U.S. frontier. (Air Street Press)
Microsoft Agent 365 reaches general availability; Mistral ships 128B model with agentic "Work" mode in Le Chat — Microsoft Agent 365 (GA on May 2) extends governance — compliance, audit trails, access controls — to enterprise AI agents inside Microsoft 365 tenants. Mistral's 128B flagship (May 3) adds async cloud coding sessions and the new Work agentic mode in Le Chat. Agent 365 is the first enterprise-grade agentic governance layer available at scale. (AIToolsRecap)
ClawBench shows best frontier agent (Claude Sonnet 4.6) completes only 33.3% of real-world web tasks — Developed by the University of British Columbia (UBC) and Vector Institute, ClawBench tests 153 tasks across 144 live production websites in 15 categories — purchases, appointments, job applications. Unlike sandboxed prior benchmarks, ClawBench uses live sites. Two-thirds of the time, the best available agent fails at tasks a human completes in minutes. (Air Street Press)
xAI co-founder Igor Babuschkin raising up to $1B at ~$5B valuation for new AI research startup — Per Forbes, General Catalyst may lead the round. Babuschkin was a core technical architect behind Grok. A $5B founding valuation before any product ships reflects the premium being paid for frontier-AI research talent. No product details confirmed. (LLM-Stats)
Princeton eliminates 133-year-old honor code, will supervise exams for the first time — The university cites the impossibility of detecting AI-assisted cheating under an unsupervised system, against a backdrop of rising A-grade prevalence across U.S. universities since ChatGPT's arrival. A 133-year institutional norm collapsing is a policy signal for online degrees, professional certifications, and bar exams.

Defense & Cyber

[CROSS-DOMAIN] Pentagon DAWG drone budget request grows from $225M (FY26) to $54.6B (FY27) — The Defense Autonomous Warfare Group accounts for roughly 73 cents of every dollar in the $74B FY27 Pentagon drone envelope and about 15% of a $350B defense reconciliation proposal. Only $1B sits in the base budget; the remaining $53.6B is proposed via reconciliation funding. MOSA compliance and Zero Trust 2.0 enrollment are entry requirements — vendors who can't expose a standardized autonomy API face exclusion.
[CROSS-DOMAIN] Air Force WarMatrix completes first operational use at GE 26 Benchmark Wargame — The AI-powered wargaming environment ran March 13–27 in Alexandria, Virginia, with 150+ participants including Pacific Air Forces leadership and allied planners. Six 24-hour game-time moves used physics-based modeling and AI-assisted adjudication at up to 10,000× real time. This is the first confirmed operational agentic AI system informing decisions for senior Air Force leaders. (Crescendo AI)
[CROSS-DOMAIN] Pentagon deploys Ukrainian Sky Map drone-defense software at Prince Sultan Air Base — Ukrainian personnel trained American service members on Sky Map under Operation Epic Fury, a $350M Joint Integrated Task Force 401 initiative. On March 27, an E-3 AWACS surveillance aircraft was damaged and several KC-135 tankers were damaged in separate drone/missile strikes at the Saudi base. The U.S. is now learning counter-drone tactics from Ukraine in a live combat theater. (United24 Media)
Microsoft MDASH agent swarm finds 16 Windows vulnerabilities, four Critical RCEs — The Multi-Model Agentic Scanning Harness orchestrates 100+ specialized AI agents in a structured debate pipeline. Findings include Critical remote-code-execution flaws in the Windows kernel TCP/IP stack and IKEv2 service. One bug spans six source files — invisible to single-file analysis. MDASH is in limited private preview with select customers. (Microsoft Security Blog)
Google confirms first AI-generated zero-day exploit in the wild, designed for mass exploitation — Google Threat Intelligence Group reports "high confidence" that a criminal group used an AI model to develop a Python-implemented zero-day to bypass two-factor authentication on an open-source web-based system administration tool. The group "planned to use it in a mass exploitation event" before Google's counter-discovery. China- and North Korea-linked actors were observed deploying agentic tools Strix and Hexstrike against a Japanese tech firm. (SecurityWeek)
CVE-2026-20182: Cisco SD-WAN auth bypass (CVSS 10.0) added to CISA KEV catalog under Emergency Directive 26-03 — Unauthenticated remote attackers can bypass peering authentication in Cisco Catalyst SD-WAN Controller and SD-WAN Manager to obtain administrative privileges, log in as internal high-privileged non-root user, weaponize for NETCONF access, and manipulate network configuration. First exploitation attempts were observed less than four hours after public disclosure. (CISA KEV)
CVE-2026-0300: Palo Alto PAN-OS unauthenticated root RCE under active exploitation — Buffer overflow in the User-ID Authentication Portal service of PAN-OS allows unauthenticated attackers to execute arbitrary code with root privileges via specially crafted packets. Workaround: restrict portal access to trusted zones or disable. Palo Alto used Anthropic's Mythos to find dozens of additional flaws — AI-assisted discovery now runs on both vendor and attacker sides. (SecurityWeek)
HawkEye 360 prepares IPO at up to $2.4B valuation, ~$400M raise — Shares expected at $24–$26. Constellation collects and analyzes radio-frequency (RF) data — detecting radar, communications, and electronic-warfare signatures from orbit — for U.S. government and allied defense customers. The valuation signals defense space-ISR has matured into a public-markets category. (Securing Our Future)
Japan approves $7B submarine export contract with Australia under revised defense export rules — Mid-April 2026 revisions permit overseas transfer of a broader range of military equipment including missiles and warships. The Australia deal includes Japanese technology transfers and binds Australia and Japan more tightly as strategic partners — a structural break from 80 years of post-WWII pacifist defense policy with China's naval expansion cited as the explicit driver. (ZeroFox)

What Most People Missed

PraisonAI agentic framework ships with authentication disabled by default (CVE-2026-44338, CVSS 7.3) — The legacy Flask API server hard-codes AUTH_ENABLED = False and AUTH_TOKEN = None, exposing /agents and /chat endpoints to anyone who can reach the network port. PraisonAI is a multi-agent orchestration framework with a significant open-source install base. An unauthenticated trigger on a production agentic workflow is a direct execution path into whatever tools the agent can touch. (The Hacker News)
arXiv papers flag "hallucinated routing" in production multi-agent systems — Three papers (arXiv:2605.13848, 2605.13849, 2605.13851) document failure modes in prompted orchestration where agents confidently send tasks to the wrong downstream agent — the agentic equivalent of a hallucinated fact, except the output is an action. Hidden-coordinator architectures are now the default. No CVEs yet, but this is pre-CVE territory. (LLM-Stats)
Data-center NIMBY (Not In My Back Yard) opposition blocks H200-class GPU buildouts on U.S. East Coast — Local opposition in Virginia and Maryland is delaying multiple AI compute facilities, creating geographic divergence in where large-scale AI infrastructure can be sited. The bottleneck is shaping corporate site selection and could accelerate offshoring of buildouts — a compute-sovereignty issue most market coverage ignores.

What to Watch

If coordinated CVE disclosures from Project Glasswing participants begin appearing on the National Vulnerability Database (NVD) in the next 2–4 weeks — [CYBER] AWS, Apple, Cisco, Google, JPMorgan Chase, and Microsoft would each face simultaneous patch-prioritization pressure. A clustered disclosure wave from a single AI source would likely accelerate enterprise procurement of AI-assisted defensive tooling and could compress the window between vulnerability discovery and exploitation across the industry.
If reconciliation funding for DAWG's $53.6B is not enacted into law — [DEFENSE][AI] The Pentagon would need to absorb autonomous-systems procurement through standard appropriations processes, likely delaying the FY27 ramp and giving Ukrainian and allied production partners a longer runway. Defense primes positioned around MOSA-compliant autonomy stacks could face consolidation pressure.
If Russia conducts a major retaliatory strike on Ukrainian power infrastructure within 48–72 hours of the Ryazan refinery damage — [WORLD][DEFENSE] The escalation pattern would mirror prior cycles and could deepen European Union pressure for additional sanctions on Russian energy infrastructure. Brent crude could push higher as Strait of Hormuz constraints compound with renewed European energy concerns.
If Anthropic, OpenAI, or Google formally restrict frontier-model access to vulnerability-discovery use cases — [AI][CYBER] Following Anthropic's decision not to release Claude Mythos publicly, a broader vendor policy shift would establish dual-use AI as a regulated capability class. The Five Eyes joint guidance could become a template for formal export controls within 6–12 months.
If Cisco SD-WAN (CVE-2026-20182) or Palo Alto PAN-OS (CVE-2026-0300) exploitation expands to confirmed nation-state activity — [CYBER] Both vulnerabilities sit on the management plane of enterprise network fabric. Confirmed nation-state use would likely prompt CISA Emergency Directive escalation and accelerate federal agency mandates for compensating controls across SD-WAN and next-generation firewall deployments.
If the U.S.-Ukraine drone defense agreement is signed with confirmed financial terms — [WORLD][DEFENSE] Closing the roughly $40B gap between Ukraine's $55B production capacity and $15B purchasing power would reshape the global drone supply chain. U.S. domestic FPV production — roughly 300,000 units in 2025 — could be eclipsed by joint output within a single fiscal year.

The Closer

The same week Anthropic decided Claude Mythos was too dangerous to release after it reportedly found thousands of zero-days, Google confirmed a criminal group had already used AI to build a zero-day for mass exploitation, and the Five Eyes published joint guidance on agentic AI in critical infrastructure. Air Street's "rubicon," named in its State of AI report, is already the present operating environment. The Pentagon's $54.6B DAWG request and the Air Force's WarMatrix deployment are the procurement and doctrine responses to a threshold that has already been crossed.