OpenAI announced a new feature that it says will provide additional protection from prompt injection attacks, where malicious chatbot instructions are hidden in webpages and other content sources.

Among other things, Lockdown Mode will disable live web browsing (so you can only access cached content), the retrieval and display of images from the web (you can still generate images), deep research, and agent mode.

The company says that even with Lockdown Mode turned on, ChatGPT could still be vulnerable to prompt injections — which could, for example, “appear in cached web content or in an uploaded file, and could still affect the behavior or accuracy of a response.”

But the goal is to reduce the likelihood that sensitive data gets shared in the process.

“Lockdown Mode is not intended for everyone,” OpenAI says. “It is designed for people and organizations that handle sensitive data and want stricter protection from data exfiltration risks related to prompt injection.”

The company says it’s currently rolling Lockdown Mode out to self-serve ChatGPT Business accounts, as well as eligible personal accounts.

No no no, we are not sad. *slumps in the corner crying*

Microsoft is officially shutting down Collections, one of the more unique productivity features inside the Edge browser, and many users believe the move reflects the company’s growing obsession with AI-first experiences.

According to Microsoft’s support documentation, Collections in Edge is being discontinued beginning June 2026. The feature allowed users to save groups of webpages, images, notes, shopping links, and research material into organized visual boards directly inside the browser. For students, researchers, online shoppers, and multitaskers, Collections became one of Edge’s most practical hidden tools – and one of the few browser features that genuinely stood apart from Chrome and Safari.

Collections first launched as a productivity-focused tool that blended bookmarking, note-taking, and visual organization into a single interface. Unlike traditional bookmarks, users could drag webpages, screenshots, text snippets, and images into categorized boards that synced across devices. It became especially popular for planning trips, organizing research projects, comparing products, and saving inspiration from across the web.

Now, Microsoft appears ready to move on.

Edge is increasingly becoming an AI-first browser

The removal of Collections arrives as Microsoft aggressively transforms Edge into a platform centered around Copilot and generative AI features. Over the past two years, the company has integrated AI-powered assistants into nearly every part of Edge, from sidebar chat tools and webpage summarization to writing assistance and contextual search.

Critics argue that Collections represented a genuinely useful feature focused on human productivity rather than AI automation. Unlike some newer AI additions that users may ignore entirely, Collections solved a simple but common problem: organizing information gathered across the web without relying on third-party apps like Notion, Pinterest, or Pocket.

We at Digital Trends previously described the feature as one of the browser’s best hidden tools, particularly because it offered a more visual and intuitive alternative to cluttered bookmark folders. Users could quickly collect shopping comparisons, project research, recipes, or reading material into organized workspaces without leaving the browser.

Microsoft has not directly stated that AI features are replacing Collections, but the timing has fueled criticism that practical browser tools are increasingly being sacrificed to make room for AI-centric experiences and interface redesigns.

The broader concern extends beyond Edge itself. Across the tech industry, companies are rapidly reshaping products around generative AI, sometimes at the expense of smaller features users genuinely rely on every day.

Edge users may lose one of the browser’s most practical tools

For longtime Edge users, the shutdown represents the loss of one of the browser’s clearest identity features. While Chrome dominates browser market share, Edge often differentiates itself through smaller quality-of-life tools like vertical tabs, sleeping tabs, and Collections.

The removal could particularly frustrate users who built workflows around the feature for productivity, shopping research, or creative organization. Microsoft has not yet introduced a direct replacement that replicates the same visual organizational experience.

At the same time, the decision signals how seriously Microsoft is prioritizing AI integration across Windows and Edge. The company increasingly sees Copilot as the centerpiece of its software ecosystem, and browser development now appears heavily focused on AI-assisted experiences rather than traditional productivity utilities.

For some users, that future may sound exciting. For others, it may feel like another example of useful software features quietly disappearing in favor of AI tools they never asked for.

A security startup’s autonomous AI agent found 21 previously unknown vulnerabilities in FFmpeg, the open-source media library embedded in almost everything that touches video. The startup, depthfirst, says the run cost roughly $1,000 in compute. Some of the bugs had been hiding in the codebase for more than 20 years.

Days later, Google shipped Chrome 149 with patches for 429 security bugs, the most ever in a single browser release. Over 100 are critical or high severity. The two events arrived independently, but they point in the same direction: AI is finding vulnerabilities faster than humans can fix them.

Depthfirst’s agent scanned FFmpeg’s roughly 1.5 million lines of C and produced a reproducible proof-of-concept for each of the 21 zero-days. Most are heap or stack overflows in parsers and demuxers, spanning components from the TS demuxer to the VP9 decoder. One stack overflow in the service-description-table code dates to 2003.

Nine already carry CVE identifiers (CVE-2026-39210 through CVE-2026-39218). The rest have been fixed upstream but not yet numbered. Depthfirst has published proof-of-concept code.

FFmpeg is not new to AI-driven bug hunting. Google’s Big Sleep agent reported a run of FFmpeg bugs last year. Anthropic’s Mythos model pulled a 16-year-old H.264 flaw and others out of FFmpeg for about $10,000. Depthfirst claims to have done comparable work at a tenth of the cost.

Chrome 149’s record haul is a different story. Google has not attributed the 429 vulnerabilities to AI. But the company overhauled its bug bounty programme in April after a flood of AI-generated submissions, now asking researchers for concise reproducers instead of the long writeups AI tends to produce.

The worst bug, CVE-2026-10881, scores 9.6 on the CVSS scale. It is an out-of-bounds read and write in the ANGLE graphics engine that lets a crafted page escape Chrome’s sandbox and run code on the host. Google paid $97,000 for the report. Of the 22 critical bugs, 19 were found internally.

The pattern keeps repeating. An autonomous tool recently found an authenticated remote code execution flaw in Redis that had gone unnoticed for over two years. A February study showed an AI agent could reproduce working exploits for more than half of 100 real Linux kernel bugs, beating traditional fuzzing.

The hard problem is shifting. Finding these bugs has become cheap. Triaging the reports, shipping the fixes, and getting them installed has not. Much of that work still falls on volunteers and a thin layer of human triagers now expected to keep pace with machines. Mozilla patched 271 Firefox vulnerabilities found by Mythos in a single pass. The question is no longer whether AI can find the bugs. It is whether anyone can fix them fast enough.

Majority Audio is trying to make modern streaming audio more accessible with its new Link Series, which was previewed at High End in Vienna.

This is a range of compact devices that bring services like Spotify Connect and AirPlay 2 to older hi-fi setups. Pricing starts from just £59.

At the entry point is the Link Mini, a small streamer designed to plug into existing speakers, radios, or hi-fi systems., instantly adding wireless streaming.

The Link Mini supports AirPlay 2, Spotify Connect and TIDAL Connect, along with Wi-Fi 6, Bluetooth LE and Auracast compatibility. Additionally, it comes with both analogue and optical outputs, making it is a straightforward upgrade for legacy hi-fi kit.

Advertisement

The step up from the Mini is the Link View, which has a more visual approach. It introduces a 2.1-inch circular touchscreen paired with a rotary control dial, allowing users to browse playback, view album artwork and switch sources directly on the device.

Advertisement

Above the Link View is the Link Pro, which pushes further into all-in-one territory. Alongside streaming support, it adds DAB/DAB+ radio, internet radio and HDMI ARC. This gives it more flexibility for both music and TV audio setups. A larger 4-inch colour display helps manage playback and navigation. So, it makes the device feel closer to a compact hub than a basic streamer.

At the top of the range is the Link Pro Amp, a £299.95 streaming amplifier designed to drive passive speakers directly. It delivers up to 300W of output via a Texas Instruments Class-D amplifier, combining streaming, amplification and radio features in a single unit.

In addition, connectivity is extensive. It includes HDMI ARC, optical input, USB playback, Ethernet, analogue input and a dedicated subwoofer output.

Advertisement

Overall, the Link Series feels aimed at users who want to modernise their audio setup without moving into high-end pricing. Instead of pushing a full system replacement, Majority is focusing on incremental upgrades to existing kit

Advertisement

The self-replicating Miasma worm has reached Microsoft‘s own GitHub repositories. GitHub disabled 73 repositories across four Microsoft organisations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs, after the worm planted malicious code that harvests developer credentials. It is the most significant escalation yet in an ongoing supply chain attack campaign that has been spreading across the open-source ecosystem for weeks.

The attack exploited previously compromised credentials. Last month, the threat group TeamPCP infected the “durabletask” PyPI package hosted in Microsoft’s Azure organisation to deliver an information stealer. Security researcher Paul McCarty pointed out that the same repository is at the centre of this month’s takedown.

“When the repo at the root of last month’s compromise is the hub of this month’s takedown, that is not a coincidence, that is the same wound reopening,” McCarty said. “Whoever held those credentials in May plausibly never fully lost them.”

What makes this campaign particularly dangerous is how the payload detonates. The attacker planted a 4.3 MB payload runner wired to execute automatically through five developer tools: Claude Code, Gemini CLI, Cursor, VS Code, and the npm test script. A developer only needs to clone an affected repo and open it in an AI coding agent for the malware to run.

Once triggered, the Bun-based worm harvests credentials for AWS, Azure, GCP, Kubernetes, npm, and GitHub. It then uses those stolen tokens to commit itself into any repository the victim can write to, spreading autonomously across the ecosystem.

Among the disabled repositories are critical Azure infrastructure projects: azure-search-openai-demo, durabletask and its .NET, Go, JS, and MSSQL implementations, functions-container-action, llm-fine-tuning, and windows-driver-docs. OpenSourceMalware reported that GitHub contained the attack within 105 seconds, but the scope of affected downstream users remains unclear.

Miasma is a variant of the Mini Shai-Hulud worm that TeamPCP publicly released in mid-May 2026. The original Shai-Hulud appeared in September 2025 as the first self-replicating malware observed in the npm ecosystem. It has since mutated across npm and PyPI, previously compromising 32 Red Hat packages and hitting TanStack, Mistral AI, and UiPath packages.

The worm has also begun skipping the npm registry entirely. SafeDep found it pushing malicious code directly to source repositories, including “icflorescu/mantine-datatable” and four related projects. As of writing, more than 80 public repositories on GitHub carry the Miasma campaign’s naming pattern.

The fundamental problem is not a vulnerability in npm or GitHub. “It exploits the trust model those platforms are built on,” security firm FalconFeeds.io said in its analysis. “The assumption that if a package is signed with a valid key and published by an authenticated maintainer, it is safe.” The worm compromises the key and the maintainer, then acts exactly like a legitimate publisher. From the registry’s perspective, every malicious publish event looks like a routine update.

The targeting of AI coding agents is a notable evolution. Developers increasingly rely on tools like Claude Code and Cursor to work with unfamiliar repositories. A worm that activates when an AI agent opens a project exploits a new behaviour pattern that did not exist a year ago. It is supply chain malware designed for the age of AI-assisted development.

AI and ML

Most orgs remain trapped between flashy demos and real-world deployment, despite 75% saying adoption is racing ahead

Three-quarters of enterprise leaders say they’re adopting agentic AI, but only a small minority have managed to move beyond pilots and into meaningful production deployments, according to Forrester. 

That won’t stop vendors from slapping “agentic” onto every product brochure they can find, but the analyst’s assessment is that most organizations remain stuck somewhere between experimentation and actual business value.

Agentic AI has reached an important milestone in 2026, says Forrester: “long-horizon agents are no longer off on the horizon.” 

In plain English, the bots are no longer clocking on for a five-minute task and calling it a day. Vendors have demonstrated agents capable of operating for days, weeks, or even months, with examples ranging from software development to research workflows.

The trouble starts when those demos collide with the realities of enterprise.

Forrester says companies are expanding their agentic ambitions while largely failing to scale them. Governance remains immature, platform strategies remain fuzzy, and many organizations are struggling to demonstrate a return on investment substantial enough to justify broader deployment.

Forrester’s argument is that companies aren’t struggling because they have too many AI agents, but rather they’re struggling because managing them gets messy fast. What works as a handful of experimental projects can become much harder to control once agents start operating across multiple systems and teams.

Many organizations are building agents in isolation, the report says, without a clear way to track them, manage them, or coordinate how they work together. That may be fine for a pilot, but it becomes more of a problem when dozens of agents are making decisions, calling tools, and passing information around an enterprise environment. 

The report warns that, as projects grow, companies often end up with overlapping systems, duplicated work, and agents behaving in ways that become increasingly difficult to predict.

Forrester is equally skeptical that governance policies alone will solve the problem. The firm notes that more than half of enterprises still experience what it calls “agentic sprawl” despite adopting governance frameworks and formal policies.

Its conclusion is that writing rules down is one thing; enforcing them is another. Companies are increasingly finding that autonomous systems need automated guardrails that can track what agents are doing and restrict what they’re allowed to do in real time.

For now, the industry’s biggest challenge may not be building AI agents. It’s finding useful work for them that survives contact with the enterprise. Or, as Forrester puts it:

“Until companies tie agent autonomy to measurable changes in how work gets done, agentic AI will remain stuck in proof-of-concept purgatory.” ®