Summer is here, and Disneyland is continuing its year-long 70th anniversary, a celebration of the original Disney theme park opening its gates in 1955. Three new rides are also being built at the California Disney Parks, as well as a sprawling new Avatar area.

Over at Walt Disney World in Florida, four new lands are being constructed right now, themed around villains, Pixar characters and more.

Here’s everything you need to know about Disneyland and Disney World — starting with offerings coming this summer and then exploring what’s arriving beyond 2026.

Disneyland’s 70th anniversary

Disneyland continues its celebration of its 70th anniversary, following its kick-off in May 2025, for much of the summer. Its last day is Aug. 9, 2026 — after which the parks will transition to Halloween decor on Aug. 21, then the holidays on Nov. 18, before fully returning to its natural state in early 2027.

There are many 70th anniversary shows to see, including the Paint the Night parade, Celebrate Happy Cavalcade and the Wondrous Journeys fireworks and projection show on the castle. Mickey and friends are also wearing 70th celebration outfits.

You can catch 70th anniversary-themed merchandise, food and drink items as well as a projection show at Carthay Circle and a 50-foot sculpture of Sleeping Beauty Castle on the esplanade between Disneyland and California Adventure; you can also find decorations sprinkled throughout Downtown Disney, Main Street USA, Disney’s hotels and even inside rides.

Advertisement

Rock ‘n’ Roller Coaster starring The Muppets opens this week

While MuppetVision 3D closed last year to make way for an entire land themed around the Monsters Pixar movies at Hollywood Studios, the Muppets are being moved to the Rock ‘n’ Roller Coaster. That overlay didn’t take long to complete — Rock ‘n’ Roller Coaster Starring Aerosmith had its last day of operation on March 1, and the Muppets-themed version opens on Tuesday, May 26.

“The legendary ride roars back to life with a rock-charged remix that drops guests straight into the middle of The Electric Mayhem’s biggest night yet. With high-speed thrills, a pulse-pounding soundtrack, and a VIP list like no other, this reimagined attraction hits all the right notes,” the Disney Parks Blog posted on April 16.

Advertisement

Replacing the old Muppets area of Hollywood Studios, meanwhile, Monstropolis — home of the Monsters, Inc. movies, shorts and Disney Plus streaming series — will feature Disney’s first suspended roller coaster inside the city’s laugh/scream factory.

“The first time I saw Monsters, Inc., all I wanted to do was ride on one of those doors like Mike and Sulley,” Disney Experiences Chair Josh D’Amaro said at D23 in 2024. “Remember in the movie how those claws grab the doors and hoist them up into the air to take them away? We’re doing that too. And you’re going along for the ride.” This TikTok shows the design concept for the Monsters Inc. ride.

MuppetVision 3D closed permanently on June 8, 2025, but we don’t expect Monstropolis to be complete for another year or two.

Soarin’ Across America, coast to coast

At Disney’s California Adventure and Disney World’s Epcot, the Soarin’ Around the World attraction is getting a US-themed makeover. Soarin’ Across America will arrive on July 2, 2026, and will feature scenes, sounds and scents from more than a dozen cityscapes and scenic areas.

Disney released a trailer starring Patrick Warburton, the original Soarin’ narrator and pilot, in which he says we’ll soon “sail across spacious skies” and may see “amber waves of grain” and “purple mountain majesties.” It’s part of Disney’s celebration of America’s 250th anniversary.

Juneteenth at Disneyland

On June 19, Downtown Disney will host Disney on the Yard Presents Yardfest: Part of Celebrate Soulfully, which celebrates HBCUs, including performances by drum majors.

This event on Juneteenth kicks off the Celebrate Soulfully: Summer Vibes celebration, which goes from June 19 until July 19 to celebrate Black music, food, art and culture. Concerts will be held on certain days at Paradise Gardens in California Adventure, as well as “special character encounters and live variety acts” on Fridays and Saturdays, per Disney.

Bluey has arrived at Disneyland

Bluey and her family are now hosting a stage show and themed area at the original Disney park. Debuting two months ago, Bluey’s Best Day Ever is located at the Fantasyland Theatre next to Mickey’s Toontown, which has been transformed into Bluey’s school classroom and grounds, including a gnome village and fairy garden. 

Bluey and her sister, Bingo, appear several times each day, along with actors and musicians, to “bring to life the popular music and games emblematic of beloved Bluey episodes.” Those games will include “keepy uppy” and the “grannies,” as well as appearances by Chattermax and Unicorse.

There are also puzzles, games and photo ops throughout the Bluey area, and Disneyland is serving up Bluey-themed foods at Troubadour Tavern.

The hugely popular Australian cartoon about a family of dogs is a worldwide hit, and Disney is slated to release a Bluey movie in 2027. (In the meantime, you can watch Bluey episodes and minisodes on Disney Plus.)

Star Wars Galaxy’s Edge: Old characters, new Mandalorian missions

New characters have begun roaming around the Star Wars-themed lands in Disneyland, as the area “expands its timeline” to include Luke Skywalker, Leia Organa and Han Solo. The original trio of Star Wars main characters arrived in Batuu on April 29 and are now interacting with guests and other characters.

To help tie them in with the more modern Star Wars land, there are also new props, merch, graphics and music (featuring the legendary John Williams score) in Galaxy’s Edge.

“Black Spire Outpost will roll back in time several decades, thoughtfully introducing beloved characters from across the Star Wars timeline,” the Disney Parks Blog announced in April. “Each era will be brought to life with the same care and attention to detail that the land was originally designed with, masterfully weaving together stories from across time and space in one location.”

Darth Vader has also joined the fun, and you can still see Ahsoka Tano, The Mandalorian, Grogu, Rey, Chewbacca and R2-D2. 

Over in Tomorrowland, Space Mountain has transformed into Hyperspace Mountain for a limited time.

Disneyland (and Hollywood Studios at Disney World) has also now added Mandalorian and Grogu missions to the Millennium Falcon: Smuggler’s Run ride in Star Wars: Galaxy’s Edge, tying in with the release of The Mandalorian and Grogu in cinemas. The new missions launched on May 22.

Discounted summer Disney tickets

Disneyland now has a Kids’ Summer Ticket deal, with a one-day Park Hopper ticket costing $50 per child, ages 3 through 9. It can be used until Sept. 7.

Disneyland is also adding (and removing) a Magic Key option: The Explore Key will replace the Enchant Key. All California residents will be able to purchase it — not only Southern California residents. It will allow access on weekdays in June and July, which were blocked out for Enchant Key holders. The Explore Key costs $999, with a $99 down payment and 0% APR on repayments for 12 months. Disney said its “full value” can be unlocked in just four visits to the parks, thanks to Park Hopper admission, 25% off parking, Lightning Lane Multi-Passes and 10% off merchandise and dining.

For what Disney World is calling Cool Kids’ Summer, it’s offering two free nights and two free theme park days when you buy a four-night, four-day Disney hotel and ticket package for a visit during May 26 through Sept. 15. You can also save up to 30% on some Disney hotels between May 1 and Oct. 4.

Also part of Cool Kids’ Summer is a free day at a Disney World water park (Typhoon Lagoon or Blizzard Beach) on your check-in day when staying at a Disney hotel between May 26 and Sept. 8; and a free dining plan for kids aged 3-9 when you buy a dining package for guests over 10 and a room at a Disney hotel.

California Adventure celebrates 25 years

The second Disney theme park built in Anaheim opened 25 years ago on Feb. 8, 2001. While the look of the park has changed a lot over those years, California Adventure has a few ways it’s celebrating the quarter-century milestone: It’s switching the Soarin’ attraction back to Soarin’ Over California until July 1; dressing Mickey Mouse and Minnie Mouse on Buena Vista Street with new outfits, featuring sun motifs like the one originally on the roller coaster; and offering anniversary-themed food items, merchandise and drinks.

Disneyland expansion: Avatar area begins construction

Disneyland is finally expanding after unveiling plans almost five years ago. The expansion is expected to take a couple of years to complete and will push the park’s current boundaries past Downtown Disney and into the nearby parking lots. It’ll also transform “a portion of the current Hollywood Backlot area,” leading to the closure of the Monsters Inc. attraction permanently in 2027.

The biggest part of the expansion will be adding an Avatar-themed land, based on the second film, The Way of Water, as well as Avatar: Fire and Ash. It will include a dark boat ride much like Pirates of the Caribbean, “taking guests all the way to the wide-open seas of Pandora.”

It follows the success of the world of Pandora, based on the original Avatar film, in Disney World’s Animal Kingdom. Disney has no dates or details yet on when it’ll be complete.

Coming sooner than the Avatar land, however, is a new esplanade entry “experience” to replace the current walkway entry at the east side of Disneyland, as well as a new parking structure and pedestrian bridge over Harbor Boulevard. Construction on this begins in the fall.

Advertisement

A Coco ride is coming to California Adventure

It won’t be launching this year, but construction has begun backstage at California Adventure to build a new dark ride. It’ll be themed for the beloved Pixar movie Coco and populated by audio-animatronics.

The Coco ride will be located in the area near Pixar Pier and Paradise Gardens, in what is primarily backstage areas for cast members currently. It’ll have characters and music from the movies as you travel through the land of the dead with Miguel.

Advertisement

Two more Avengers Campus rides 

Avengers Campus already has two rides: Spider-Man Web Slingers and Guardians of the Galaxy. Soon, this will double as Disney builds two more Marvel attractions at California Adventure. 

“We’re doubling the size of the land with two new attractions,” a structural engineer said in a video posted to Walt Disney Imagineering’s Instagram account on Feb. 26. The engineer showed off how the Avengers Infinity Defense structure is looking now, including its columns, foundations and a catwalk that will “support projectors, speakers and other types of show elements.”

Avengers Infinity Defense will see you assemble alongside the Avengers, battling King Thanos — set in a multiverse — featuring appearances by Black Panther, Ant-Man and Hulk.

Stark Flight Lab, the second ride, will see you help test Tony Stark’s latest tech.

“In Stark Flight Lab, guests will sit in ‘gyro-kinetic pods’ and roll along a track before stopping in front of a giant robot arm,” Disney said. “This robot arm will hoist you into the air where you’ll make several high-speed maneuvers inspired by Iron Man and some other Avengers.”

Construction began in 2025, but no launch dates have been revealed yet.

Villains Land at Disney World

While it won’t be ready in time for 2026, construction is well underway for Disney’s first villains-themed area. Villains Land, which will celebrate all the classic baddies from Disney films, is coming to the Magic Kingdom at Disney World in Florida.

Imagineers have been drawing inspiration from architectural structures in Paris and Barcelona — like Gaudí’s buildings in the latter — to design Villains Land, Disney revealed during Destination D23 in August 2025.

Advertisement

“Paris is a city full of classic Art Nouveau … natural motifs and swirling designs there make nature appear to be ‘cursed,’ like magic has frozen it into place,” Disney said on its Parks Blog. “Barcelona’s art style is Modernisme, which has less natural patterns but gives the architecture an otherworldly, unnerving appearance.”

Villains Land, first teased during D23 2022, will be positioned on the other side of Big Thunder Mountain at the top left edge of the current Magic Kingdom map and will stretch around to where the Haunted Mansion is.

Two major attractions are planned, along with dining and shopping. Still no word yet on when it’ll open.

First peek at Piston Peak

The Rivers of America and Tom Sawyer Island at Disney World’s Magic Kingdom have been closed and removed from the online map, as Disney works to construct a new land themed after Pixar’s Cars movies. Cars Land, which was added to Disney’s California Adventure back in 2012, remains extremely popular in the west, so it was only a matter of time before it was added to the eastern outpost.

In an expansion of Frontierland — which also includes Tiana’s Bayou Adventure and Big Thunder Mountain Railroad — Route 66 will feature a look inspired by the Rocky Mountains and the “American Frontier and its national parks.”

The Disney Parks Blog described the new area as “an awe-inspiring wilderness filled with towering trees, snowcapped mountains, breathtaking waterfalls, roaring rivers and impressive geysers.” Disney Imagineers are “using a style of architecture called ‘Parkitecture,’ which was developed by the National Park Service to create structures that harmonize with the natural environment.”

There will be two attractions, one of which is a rally race. Pixar Chief Creative Officer Pete Docter and Imagineer Michael Hundgen spoke about the new ride vehicle for this, and you can see a TikTok of Imagineers testing out off-road vehicles in the Arizona desert to create what the ride will feel like. Each rally car will have its own personality, name and racing number, Docter said.

“These are all things Lightning McQueen and Mater haven’t experienced before, like racing over rocky terrain, ascending to mountain peaks and dodging around geysers — how do you take these real-world elements and put a Cars spin on it?” Disney Parks said in a previous blog post. 

While construction has begun and Disney has even released a map showing what the land may look like (geysers shooting water, a running river, an off-road rally track, mountains, a visitor’s lodge, a Ranger HQ and walking trails), we don’t expect Piston Peak to open until at least 2027 or 2028.

Tropical Americas Land at Animal Kingdom

Animal Kingdom’s DinoLand USA area is no more, with the area on the Disney World map now a blank sea of grass as Disney slowly builds out the new Tropical Americas Land. 

Construction began in the fall of 2024, with TriceraTop Spin and the midway area closing down in January 2025. The Dinosaur ride remained open until Feb. 1 this year, but has since closed its doors as it’s transformed into a new Indiana Jones ride through a Maya temple (a relatively easy overlay since Disneyland’s Indiana Jones reportedly follows almost exactly the same ride track as Disney World’s Dinosaur).

The Pueblo Esperanza area will be themed like a South American village, with an Encanto-themed attraction, where you get to explore Antonio’s rainforest room inside the Casita, as well as a huge quick-service dining location, a fountain and a carousel.

Tropical Americas is planned to open in 2027.

Disney Cruise Line: New ships

Disney has been all in on launching cruise ships over the last few years, including the Disney Wish in 2022, the Disney Treasure in 2024 and the Disney Destiny in 2025.

The Disney Adventure sailed on its maiden voyage from Singapore on March 10, the first of four new ships set to embark soon. Disney’s next cruise liner, the Disney Believe, was unveiled by new CEO Josh D’Amaro on March 18. 

“The Disney Believe will bring to life the magical worlds of Encanto and Frozen, the wishing wells of Snow White and the Seven Dwarfs, and the depths of the sea with Moana and The Little Mermaid,” Disney said.

The Disney Believe is expected to set sail in late 2027. The other ship names and destinations have yet to be revealed, but they’re expected to sail before 2031.

Everything else new at Disneyland and Disney World

Here’s what else is new and coming soon to the theme parks:

• A 3D-printed prop canoe was added to the Jungle Cruise ride in January.
• Buzz Lightyear’s Space Ranger Spin closed at the Magic Kingdom in August to receive new ride vehicles with video monitors and two handheld blasters featuring always-on lasers in two different colors (so you can finally see which laser is yours). It’s also getting a new opening scene starring Buddy the friendly robot, and static Z targets will light up when you hit them. The ride reopened on April 8.
• Big Thunder Mountain Railroad reopened on May 3 at Magic Kingdom after a lengthy refurbishment. It will include “a journey through the spectacular natural phenomena of the Rainbow Caverns.”
• Disney World’s water park Blizzard Beach reopened on Feb. 15, and Typhoon Lagoon reopened on May 12.
• Kids summer shows at Disneyland include Disney Friends Dance Party at Hollywood Land in Disney California Adventure, and Stitch’s Intergalactic Beach Party Blast at Tomorrowland Terrace in Disneyland.
• Bluey and Bingo meet-and-greets are coming to Disney World at the Conservation Station at Animal Kingdom as part of the Cool Kids’ Summer celebration, which goes from May 26 until Sept. 8.
• Cinderella Castle at Magic Kingdom is currently being repainted in its original theme colors: gray, cream, blue and gold.
• From July onwards, you’ll be able to book a wedding at the Haunted Mansion in Disneyland. Weddings will be hosted at the courtyard right outside the mansion’s front doors. The area can seat up to 25 guests. Unfortunately, it doesn’t include thematic midnight ceremonies — you can only host your wedding there in the early morning before park opening. Other new Disneyland wedding venues include the Magnolia Park Gazebo (right outside Tiana’s Palace), Magnolia Park Terrace (right outside the new Haunted Mansion queue) and Fantasy Faire Garden (opposite the castle).
• Following the release of the Walt Disney animatronic at Disneyland, Disney announced that a similar animatronic will be added to Disney World’s Carousel of Progress at Magic Kingdom in a new introductory scene to the ride.

On this week’s episode of the Smart Home Insider podcast, we talk about security systems, and how they can integrate with other devices to protect your home and family.

Joining as guest host for this security episode is Jimmy Lin, Vice President of Product Management at ADT. We dive into what’s new with ADT as well as security systems and Matter in the latter half of the episode.

First, we talk through the news. Bose has a new lifestyle collection of smart speakers, complete with AirPlay support and sleek, upscale designs.

Govee has two new releases to check out, starting with the Govee TV Backlight 3. This uses an updated hybrid lens camera to synchronize what is on-screen with a light strip positioned around your television.

Then the firm has also released a new G25 filament-style bulb. The bulb has a cool double-helix filament in the center that is able to do different colors, and not just tunable hues of white.

Moving into security, guest Jimmy Lin talks through new releases from ADT, such as its innovative Live Light smart sign to help first responders find your home and its DIY Blu system.

We start to talk more broadly then, such as how security devices can do more than just protect your home. Lin discusses various scenarios such as identifying anomalies in your home, like if a cupboard door doesn’t open or someone doesn’t arrive home at an expected time.

Of course, we couldn’t end this interview without getting into Matter. Currently, ADT still doesn’t support Matter and we get into the weeds on whether or not it needs to and what users should look for now.

Links from the Smart Home Insider podcast

Those interested in sponsoring the show can reach out to us at [email protected]

Keep up with everything Apple in the weekly AppleInsider Podcast. Just say, “Hey, Siri,” to your HomePod mini and ask it, and our latest Smart Home Insider episode too. If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple’s Podcasts app, or via Patreon if you prefer any other podcast player.

Pope Leo XIV published his first encyclical on Monday. Titled Magnifica Humanitas, it addresses “safeguarding the human person in the time of artificial intelligence.” And while AI is the hook, the problems Leo focuses on are older and more pervasive: inequality, war, the erosion of democracy, and the concentration of power in the hands of those who don’t necessarily care whether humanity writ large remains magnificent.

Throughout the 200-page document, which the pope presented alongside Chris Olah, co-founder of AI company Anthropic, Leo argues that technology built and governed by a small elite cannot, by definition, serve the common good. 

“When such power is concentrated in the hands of a few, it tends to become opaque and evade public oversight, increasing the risk of distorted forms of development that give rise to new dependencies, exclusions, manipulations and inequalities,” he writes. 

“In fact, as with every major technological shift, AI tends to amplify the power of those who already possess economic resources, expertise and access to data,” the encyclical continues, highlighting concerns that elites can use their power to “shape information and consumption patterns, influence democratic processes and steer economic dynamics to their own advantage.”

The encyclical comes a few days after President Donald Trump delayed signing his executive order on AI, which would have given the government oversight over new models before they are released, reportedly on the urging of VC investor and former White House AI czar David Sacks.

Pope Leo called for AI to be guided by “clear criteria and effective oversight” rooted in participation from communities that will be affected by it. More concretely, Leo called for an end to the AI arms race — the push to build “ever more powerful algorithms and larger datasets” that companies and countries believe will “secure geopolitical or commercial dominance.”

“To disarm means discrediting the assumption that technical power automatically confers the right to govern,” he wrote.

Again, these dynamics predate AI. Pope Leo XIII’s 1891 Rerum Novarum addressed the same concentration of power during the Industrial Revolution, but we needn’t look back that far. Consider Elon Musk’s acquisition of Twitter and his deployment of the platform to help elect Trump, or the hundreds of millions flowing from tech elites into super PACs to block AI regulation — patterns that clearly inspired Leo XIV’s work.

The pope arrives at a conclusion many have already reached: the surreal power and capabilities of today’s AI raise the stakes enormously. 

Notre Dame Law School professor Paolo Carozza, a member of the Pontifical Academy of Social Sciences and chair of the Meta Oversight Board, told TechCrunch that AI-driven misinformation and deepfakes have “corroded our capacity to recognize what’s true and what’s not true, and that really has consequences for democratic politics.” The tech industry’s practice of “harvesting and manipulating” human data, he added, poses “fundamental challenges to cognitive freedom.”

AI PCs are quickly becoming the next big thing in the laptop world, but desktops haven’t seen the same level of attention yet. ASUS now wants to change that with the launch of the new VM441 AiO, which is designed to offer a smarter desktop experience by combining the Snapdragon X platform with Microsoft’s Copilot+ PC features. In simpler terms, ASUS wants this to feel less like a traditional bulky desktop and more like a modern AI-first machine for everyday users.

ASUS VM441 AiO Features

The AiO delivers up to 45 TOPS of NPU performance for advanced functions on the device. The Copilot+ PC helps its users perform all their daily activities, multitask, and communicate during discussions and collaborations. The VM441 AiO comes with an impressive 24-inch full-HD touch-screen monitor with great aesthetics. The screen has a wide 178-degree viewing angle and 100% sRGB color coverage.

ASUS VM441 AiO comes with two 3W stereo speakers that feature Dolby Atmos technology for clear, immersive audio. The inclusion of a bass reflex system helps deliver clearer audio output while you stream content and participate in video conferencing sessions. It also features a 5 MP IR camera with Windows Hello technology.

ASUS has designed the device to provide a complete desktop package for everyday users. It comes with quick SSD storage options, free wireless accessories, and compatibility with productivity suite software. Buyers also receive a one-year Microsoft 365 Basic subscription with 100GB cloud storage access for files and backups.

Price and Availability

ASUS has priced the ASUS VM441 AiO starting at ₹1,01,990 for the 512GB model. The higher 1TB storage variant starts at ₹1,11,990. The desktop will be available across online and offline platforms, including Amazon, Flipkart, ASUS stores, and Croma. ASUS also includes No Cost EMI plans and cashback benefits on eligible bank cards.

IBM India’s Sandip Patel says the country can become the world’s AI skill capital by 2030. The arithmetic of getting there is harder than the headline number suggests.

Anthropic appears to be preparing for the public rollout of “Mythos,” which was announced in April as a restricted model that poses major security risks to private and public software.

On April 7, Anthropic announced the Mythos in early preview and called it a new frontier model with strikingly advanced capabilities in computer security tasks.

Anthropic said the Mythos model shows major improvements in code reasoning and autonomy, far above its current flagship model, Opus 4.7.

Coding improvements aren’t new for AI models, but in the case of Mythos, Anthropic found that the model can automatically develop functional cyberattacks at a highly professional level.

The company also claimed its rollout poses a severe risk to global digital infrastructure.

“The advantage will belong to the side that can get the most out of these tools,” Anthropic warned.

“In the short term, this could be attackers, if frontier labs aren’t careful about how they release these models. In the long term, we expect it will be defenders who will more efficiently direct resources and use these models to fix bugs before new code ever ships.”

To prevent attackers from exploiting a massive volume of unpatched vulnerabilities in popular apps, such as Firefox, Anthropic decided against the public rollout of the Mythos model until it prepared a powerful guardrail system.

It looks like Anthropic may have developed a strong guardrail system, as Claude Code and Claude Security now have references to the Mythos model.

In fact, some users briefly noticed the toggle to enable Mythos in the public version of Claude Code before it was taken offline.

The model is called claude-mythos-1-preview, and it also briefly appeared in the public version of Claude Security.

This confirms that Anthropic is preparing the model for public rollout, but it’s unclear whether it’ll be available across all subscription tiers.

Anthropic says it’s working with companies on finding potential AI-driven exploits

Anthropic has confirmed it’s working on a new project called “Glasswing,” where the AI startup collaborates with other companies to secure the world’s most critical software from potential AI-driven exploits.

This initiative uses the unreleased Claude Mythos Preview, and it has already managed to help up to 50 organizational partners.

Mythos model managed to uncover 10,000 high- or critical-severity vulnerabilities in its first month alone, which explains why Anthropic has been holding off its public release.

Anthorpic currently offers Claude Opus 4.7, Opus 4.6, Opus 4.5, Sonnet 4.6, and Haiku 5.5.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.

This guide covers the 6 surfaces you actually need to validate.

Download Now

Security

AI flaw-finder still under lock and key for now while company figures out guardrails, but extends access to more users including governments

Anthropic has revealed its intention to one day release models that match the performance of its Mythos bug-finding AI to the public, once it can make them safe.

In case you came in late, in early April Anthropic announced it had developed a model called Mythos that is so good at finding security vulnerabilities in programming code that the company decided to offer it only to select entities because allowing unfettered access would mean cybercriminals could quickly discover and exploit software flaws.

That access program is called “Project Glasswing” and participants report it quickly finds many bugs but few that humans couldn’t find given enough time and resources. Those with access to Mythos have also sometimes said the quantity of bugs it finds somewhat overwhelms their ability to patch them all.

The mere existence of Mythos has sparked a little panic – Japan’s government ordered a sweeping security review and Indian authorities demanded a patching spree at financial institutions – plus a general realization that even lesser AI models are also decent bug-finders, meaning cyber-defenders must now expect attackers will weaponize more flaws, more often.

No company—including Anthropic—has developed safeguards strong enough to prevent such models from being misused

Anthropic last week published an “initial update” on Project Glasswing that in its second-to-last paragraph reveals the company’s next step will see it “… work with critical partners – including US and allied governments – to expand Project Glasswing to additional partners. And in the near future, once we’ve developed the far stronger safeguards we need, we look forward to making Mythos-class models available through a general release.”

The company didn’t explain what it means by “near future” and admits that “At present, no company—including Anthropic—has developed safeguards strong enough to prevent such models from being misused and potentially causing severe harm.”

Further illustration of that assertion can be found earlier in the company’s post, which reveals that Anthropic has used Mythos to scan more than 1,000 open-source projects that it says “collectively underpin much of the internet – and much of our own infrastructure.”

To date, Mythos has found an estimated 6,202 high-or-critical-severity vulnerabilities in these projects – and 23,019 flaws in all.

The post reveals that when Mythos finds a flaw, Anthropic and its pals in the security community reproduce the issue that Mythos has found and “re-assess its severity.”

“Once we’ve confirmed that a vulnerability is real, we check for whether there are already fixes in place, and write a detailed report to the software’s maintainers,” Anthropic explains. “We take considerable care here: on top of the regular challenges of maintaining open-source software, maintainers have been facing a deluge of low-quality, AI-generated bug reports. Indeed, several maintainers have told us they’re currently severely capacity constrained, and some have even asked us to slow down our rate of disclosures because they need more time to design patches.”

1,752 of the high-or-critical-rated vulnerabilities Mythos found in FOSS have gone through that process and 90.6 percent (1,587) proved to be valid flaws. Of those, 62.4 percent (1,094) “were confirmed as either high-or-critical-severity,” the post states.

One of the critical flaws impacted the wolfSSL cryptography library used by billions of devices worldwide.

“Mythos Preview constructed an exploit that would let an attacker forge certificates that would (for instance) allow them to host a fake website for a bank or email provider,” Anthropic wrote. “The website would look perfectly legitimate to an end user, despite being controlled by the attacker.” Thankfully, developers have already patched wolfSSL, and Anthropic said it will deliver a full technical analysis “in the coming weeks.”

Keep an eye out for CVE-2026-5194 to learn more about this one.

Mythos is adding to an already overloaded security ecosystem

“75 of the 530 high-or-critical-severity bugs we’ve reported have now been patched, and 65 of those have been given public advisories,” the post states, then explains that low fix rate by revealing Anthropic is “still early in the 90-day window that’s set out in our Coordinated Vulnerability Disclosure policy: we expect many more patches to land soon.” The company thinks it is also “likely to be undercounting patches because some vulnerabilities are patched without a public advisory.” Lastly, the flood of bugs Mythos found “is adding to an already overloaded security ecosystem.”

Anthropic’s suggestion for security teams struggling to develop fixes for bugs AI discovered is, unsurprisingly, more AI such as skills that improve its Claude model’s ability to help developers. ®

We still don’t have a release date for the new game engine.

HANDS ON Even after 60 releases, to borrow Carlsberg’s slogan, OpenBSD is probably the most secure FOSS Unix-like OS in the world.

OpenBSD 7.9 arrived just a couple of days after
project lead Theo de Raadt’s birthday. Our congratulations to both. The
last four months or so have seen the fastest succession of security
issues in Linux that we can remember in the project’s existence so far,
but OpenBSD sails on serenely.

Back in March, Anthropic announced that
its Claude Mythos LLM had found a successful OpenBSD attack – but it
wasn’t a hole. A TCP/IP packet with malformed Selective
Acknowledgement options could crash the kernel. This was a real
problem, and the bug that caused it went back 27 years, but it doesn’t
let anyone in. The OpenBSD developers had already included a fix
for the bug two weeks earlier, so OpenBSD 7.8 users would get it the
next time they ran sysupdate, and it is of course fixed in
this version.

The new features in version 7.9 are relatively modest. On x86-64
machines – which it terms amd64 – 7.9 now supports a
maximum of 255 processor cores, and fixes a bug on machines with over
512 GB of RAM. It can also handle up to 52 partitions per disk.
Internally, there can be up to 64, but the limit is now the number of lowercase and uppercase letters of the Roman alphabet, which it uses in
labels.

On x86-64 and Arm64, the CPU scheduler now understands heterogeneous
CPU cores with different performance levels, and can assign processes to
four different performance levels described by the letters S-P-E-L,
denoting SMT, performance, efficient, and lethargic.

This should improve power management, and another feature called
“delayed hibernation” can also help. Rather than letting a suspended
laptop simply turn off if its battery runs out, when power levels get
very low, the machine will wake up then immediately hibernate – a
process that ends with it turning completely off. OpenBSD still doesn’t have a
journaling file system. It uses FFS2, an improved
version of the original Berkeley Fast File
System developed by Kirk McKusick. This used to include a
performance enhancement called soft updates (McKusick’s
own explanation) but these were removed
in 2023. That means that turning off a running machine without
shutting it down could cause disk corruption. Delayed hibernation will
help prevent one cause of that, at least.

The release announcement also lists other changes, including improved support for RISC-V boards, basic support for Wi-Fi 6, the
graphics driver stack from Linux kernel 6.18, and even more
optimizations to the already-low-latency sound driver stack. There are
various tweaks and bug fixes for the various RISC
platforms it supports. Version upgrades include LibreSSL 4.3.0,
OpenSSH 10.3, and many improvements to the Berkeley Packet Filter (bpf) and Packet Filter firewall (pf), including source
and state limiters.

Desktop use is not the primary goal of OpenBSD, but you certainly
can. It includes multiple window managers and desktops, as documented
in its handbook – although this is slightly out of date. Version 7.9
includes GNOME 49, KDE Plasma 6.6, MATE 1.28, Xfce 4.20, LXQt 2.2, and
various more minimal window managers. It has its own X11 server, Xenocara, based on X.org 7.7 and
Xserver 21.1.21, but you can also run XLibre with some manual effort,
and some desktops support Wayland. There is also a downstream project to
build a live bootable medium called FuguIta, although it hasn’t caught up
with the new release just yet.

OpenBSD releases are each accompanied by a unique banner painting and theme tune. This time, it’s a swinging jazz instrumental called Diamond in
the Rough [MP3], which we really enjoyed. It’s by Bob Kitella, who along
with de Raadt is one of the team at the Alberta internet
exchange YYCIX.

Calling OpenBSD a diamond in the rough seems quite
appropriate. It does have some significant gaps in its
functionality, but it is small, clean, and secure. We very much enjoyed
a recent essay on ascetic computing by
Dave “Ratfactor” Gauer, in
which he discusses why his OS of choice is OpenBSD.

Out there in the chaos of the open source communities on the social
networks that this vulture visits, we often encounter great resistance
when we tell people that they’re experiencing problems because of their
poor choice of equipment. For an easy life and a reliable computing
experience, we advise against wireless devices (peripherals or
networks), Bluetooth audio devices, and so on. The vicissitudes of
Nvidia support on Linux have long been well understood, and eloquently
conveyed by Torvalds himself.

Avoid this stuff, use devices with plain old cables, and things tend
to work more easily and more reliably. Here, we are coming to
appreciate the OpenBSD stance on Bluetooth, for instance: it simply does
not support it at all. This approach reminds us of the way that Python
sliced through the Gordian knot of indentation styles. For instance,
this C
style guide [PDF] identifies 14 named indentation systems. Python
dispenses with all that by making indentation syntactically significant,
ending the flame wars at a stroke. Of course, many veterans howl their
dismay and rage at this – and yet Python consistently ranks as the
world’s favorite language, over
and over
and over
again. OpenBSD cuts through some of the complexities of Linux and
the other BSDs in a broadly similar way.

There has been some
controversy recently over OpenBSD’s inclusion of code written with
AI assistance. The OS includes the tmux
terminal multiplexer – and recently, the tmux developers accepted some LLM-assisted code, including the recent DECSET 2026
support. This is now also
in OpenBSD, and it’s not
the only one.

No LLM-created code has been committed directly into OpenBSD as yet – and it looks unlikely, if only for copyright reasons, as de Raadt
laid
out in March. The tmux changes were grandfathered in indirectly because OpenBSD has included tmux in its base system since 2009. We’ve
looked at the changes and they seem small, clean, and innocuous to us.
Arguably, the objection is an ideological one of purity. We fear that
OpenBSD may end up on the Open
Slopware list we mentioned in January. When we reported
recently on Fedora and Ubuntu’s AI moves, we mentioned the Stop slopware site and the No-AI Software
Directory. This probably means OpenBSD won’t appear on the latter either, but we suspect that the team will not care.

OpenBSD version upgrades are relatively simple, straightforward, and
well
documented. So, to take 7.9 for a spin, we first tried it in a
VirtualBox VM. Although it’s a small OS, it wants a large virtual drive because by default it creates nine separate partitions, and
because of their different permissions, they’re a key part of the OS’s
enviable security. Worse still, their sizes cannot be dynamically
adjusted. Since the installation program is a very low-tech plain-text
affair, it offers no help with customizing the layout: if you don’t like
its proposal, then you must devise your own completely from scratch. It
really would help massively if OpenBSD had some kind of simple Logical
Volume Manager.

Give it enough space, though, and installation goes smoothly. We
also tried on the bare metal of an old Lenovo ThinkPad X220, with its
own dedicated 128 GB SSD. This threw up an interesting wrinkle: it found
the machine’s Wi-Fi controller no problem, identifying it as an
Intel Centrino Advanced-N 6205 – but because the necessary firmware was not included on the 761 MiB ISO
download, it couldn’t activate the device, even though it let us enter our WLAN credentials. That’s a problem, as the installer defaults to
fetching the installation file sets from the internet. We plugged in an
Ethernet cable, and then installation continued and finished
successfully. The installer automatically installed the required
firmware package, so on our first reboot, the Wi-Fi connection came
online all on its own.

Installing this vulture’s preferred desktop
environment was as simple as logging in as root and
entering pkg_add xfce. Selecting it is not quite so easy,
though: OpenBSD’s display manager, xenodm,
lacks the ability to choose a desktop environment. To fix that, we
needed a one-line, two-word script: create an ~/.xsession file containing exec startxfce4, and that was it – a fully working graphical desktop. We added a second monitor, and it was
detected, added, and enabled automatically, and we could set it to
portrait mode in Xfce’s display settings.

Although the X11
section of the OpenBSD Handbook says that KDE’s
recently replaced SDDM is available, as far as we can tell, it has been removed from 7.9 – as has Ubuntu’s LightDM. Even so,
just saying “yes” when the installation program asks if you want GUI
results in a working Fvwm 2.2.5
environment.

The Reg FOSS desk has been exploring OpenBSD since version
7.1 in 2022, including 7.2,
7.5,
7.6,
7.7,
and 7.8.
It’s still not an easy OS to install, but if you can dedicate a computer
to it, installation is much easier. We recommend avoiding complexities
like dual-booting and multiple drives. As a small bonus, it boots and
installs perfectly from a Ventoy
multi-OS USB key.

OpenBSD still supports x86-32, there’s no trace of systemd and never
will be, and if you really want GNOME or KDE, you can have them.
Bringing up a GUI-based system remains substantially easier than it does
on FreeBSD. If you’re prepared to obtain the hardware it wants, rather
than hoping that it will support whatever kit you happen to already
have, this is an excellent way to improve your Unix skills – as well as
starting to enjoy computing again, free of the distractions of shinier
FOSS OSes. ®

OPINION At Google’s I/O 2026 developer conference last week, the company’s Search VP Liz Reid celebrated the rapid growth of AI Mode, which Google refers to as its end-to-end AI search experience. External observers refer to it as simply as the end of search.

“We’re seeing phenomenal growth with AI mode queries more than doubling every quarter since launch,” said Reid, noting that AI Mode now has more than one billion monthly users. 

She continued, “But what’s even more remarkable, you’re asking your real questions in all their super specific and detailed glory, knowing search can really tackle them.”

Reid is absolutely right! We put this real question to AI Mode, “Why does Google Search suck now?” And you won’t believe the answer! (Actually, you won’t be surprised.)

The Chocolate Factory’s AI search substitute offered this completely trustworthy reply:

“You are definitely not imagining it. Users, tech critics, and researchers have documented a measurable decline in Google Search quality. The core issue is that the search engine no longer feels like a tool designed to find the best corner of the web; instead, it feels like a vehicle designed to keep you on Google-owned properties or clicking on monetized links. 

“The degradation of Google Search stems from a mix of aggressive monetization, an ongoing arms race with web spammers, and the disruptive introduction of AI features.”

Despite the absence of explicit blame assignment and the obsequious initial sentence, this all seems reasonable. However, in the low-rent area of the results page, there was some fine print: “AI can make mistakes, so double-check responses.”

In other words, Google disclaims responsibility for AI Mode while providing a way for you, the user, to double-check its responses. If you look carefully at the results, you may see citation links back to the websites laundered to generate the unvouched-for text. 

The top AI Mode paragraph represents the remains of four morsels of online text swallowed and digested by Google’s site crawler: “This is Why Google Search is Dying* and How to Search Instead” from Tadeusz Szewczyk’s seo2 blog, “Why Has Google Search Become So Annoyingly Bad? (and some useful workarounds),” a post to Medium by Terry Hutchins, a Reddit thread titled, “Is Google Search actually getting worse, or is it just me?” by Severe_Aardvark_3109, and “Some Simple Economics of the Google Antitrust Case” by Alex Tabarrok.

The second paragraph is calling from within Google’s house. It’s sourced from a YouTube video by AlexFalcone and a different Reddit thread, “Am I going crazy or are search engine results becoming less and less accurate?” by Ok-Extent-7596.

Google generously presents these links, in the form of inline citations or source chips – clickable, numbered footnotes that have been embedded with AI Mode emissions – as a nod to shouty traditionalists who value information provenance.

Not that it helps these websites much. As noted recently by SEO biz Ahrefs, “Google’s AI Overviews now result in a 58 percent lower average clickthrough rate for top-ranking pages, up from 34.5 percent just eight months ago.” (Google last year said the opposite.)

AI Overviews differ from AI Mode. AI Overviews have been integrated into the Search experience and appear in response to certain kinds of queries, generally atop traditional search results. 

AI Mode “expands on the benefits of AI Overviews with more advanced reasoning and multimodal capabilities,” as Google puts it in its explainer [PDF]. It’s accessible through a tab icon on the right-hand side of Chrome’s omnibox when a new tab is opened and through an “AI Mode” button within the Google.com search box.

They may or may not provide similar answers and may or may not cite the same sources.

For example, when we put the question “Why does Google Search suck now?” to AI Overviews, here’s what we got:

“Google Search often feels worse today because it prioritizes profits over precision. The search results page is heavily cluttered with AI-generated summaries, sponsored ads, and search-engine-optimized (SEO) spam, which forces you to dig past multiple links to find the actual information you want.”

Google’s AI again cites Szewczyk’s seo2 blog as a reference, along with two new sources, “These Results Illustrate Why Google Search Is So Awful in 2025,” from Make Use Of, and “Enough is enough: I ditched Google’s broken search engine and boosted my productivity,” from Android Authority.

Just for the sake of completeness, here’s AI Overview answering, “Why is Google Search great?”

“Google Search is great because it combines unmatched speed, advanced AI capabilities, and a massive index of information. It does more than just provide links, allowing you to easily plan trips, research local businesses in your immediate San Francisco vicinity, and understand complex topics with minimal effort.”

Among the five citation links for that result, three reference Google blog posts. The privacy intrusion – having the browser surface location information unbidden – is just a reminder about the consequences of browser personalization.

This is the new (horrible) normal

Like it or not, there’s going to be more AI in search going forward. 

Reid described how Google’s redesigned Search box now includes deeper AI integration.

“We’re making it even easier to continue the conversation with Search, bringing AI Overviews and AI Mode into one seamless AI search experience, so you can flow effortlessly from your question to your response on the main search results page to follow-ups in AI mode,” she said.

Why not just let users decide which sites they trust?

The anticipated result, at least among those outside of Google, is that search results links to external websites will be further deemphasized.

The problem with this approach is that it means Google makes its AI into a traffic routing layer, as opposed to presenting a set of site and document referral options that users can select. It wants to direct the flow of traffic instead of just providing a map.

The endgame, presumably, is capturing some portion of automated transactions made by software agents through mechanisms like Google’s Universal Cart, Agent Payments Protocol (AP2), and Universal Commerce Protocol (UCP).

When Google itself cautions, “AI can make mistakes, so double-check responses,” why not just let users decide which sites they trust for themselves, rather than burying source information in footnote links and directing those using its AI service to handle the fact-checking?

AI models can be quite helpful for coding questions. They’re a vast improvement over man pages for looking up esoteric command line flags and options. But they should be kept separate from search. If they must be entrusted with automated browsing, their decisions or recommendations should be subject to user discretion and review.

Search assumes source visibility and invites searchers to consider whether they trust sites enough to visit them. It demands mental engagement and decision-making to move from a list of results to query resolution. That’s a role people should play.

AI presents an answer, one that’s so easy to accept it comes with a reminder to double-check. But it’s an answer without responsibility or liability. It’s not the right answer for the web. ®