Weekly Tech Roundup: May 18–25 — Agentic AI Goes Mainstream

🤖 AI

– Google Gemini 3.5 Flash and Omni Launch at I/O 2026 — Google used its I/O 2026 keynote to ship two significant AI releases: Gemini 3.5 Flash, an agent-optimized model that beats the flagship Gemini 3.5 Pro on coding benchmarks while running four times faster and at half the cost, and Gemini Omni, an anything-to-anything model capable of real-time video, audio, and image generation. Together, these releases signal Google’s conviction that the agentic era requires models purpose-built for speed and multimodal reasoning, not just benchmark scores. Why it matters: Practitioners now have a dramatically cheaper and faster model for building AI agents, plus a new multimodal capability that could reshape content creation pipelines.

– Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents — Microsoft released two open-source security testing tools for AI agents: RAMPART (Risk Assessment and Measurement Platform for Agentic Red Teaming), a Pytest-native framework for writing safety and security tests, and Clarity, a companion tool for analyzing agent behavior during development. The tools arrive as enterprises race to deploy AI agents into production environments where traditional security testing methodologies fall short. Why it matters: Security testing for AI agents has been an unsolved problem; these tools give security teams a concrete, testable approach to red-teaming agentic systems before deployment.

– Microsoft Fara1.5 Browser Agents Outperform OpenAI Operator — Microsoft Research released Fara1.5, a family of browser computer-use agents spanning 4B, 9B, and 27B parameter sizes. The largest variant scores 72% on the Online-Mind2Web benchmark, outperforming both OpenAI Operator and Gemini 2.5 Computer Use. The release demonstrates that smaller, specialized models can defeat generalist giants on domain-specific web automation tasks. Why it matters: Teams building browser automation and RPA workflows now have an open alternative to proprietary computer-use agents, with the smallest model running on modest hardware.

🔒 CyberSecurity

– CISA Contractor Leaked AWS GovCloud Keys on GitHub — A contractor for the Cybersecurity and Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to highly privileged AWS GovCloud accounts and internal CISA systems until the past weekend. Security experts described the incident as one of the most egregious government data leaks in recent history, with the repository containing detailed documentation of how CISA builds, tests, and deploys software internally. Why it matters: This incident underscores the catastrophic consequences of poor secrets management in public repositories — even at the agency responsible for national cybersecurity.

– GitHub Internal Repositories Breached via Poisoned VS Code Extension — GitHub confirmed that the breach of approximately 4,000 internal repositories, claimed by threat actor TeamPCP on a cybercrime forum, originated from a compromised employee device running a poisoned version of the Nx Console VS Code extension. The Nx team disclosed that the extension’s developer account was hacked, enabling the attacker to publish a malicious update that stole credentials. Why it matters: This is a textbook supply chain attack targeting the developer toolchain itself — the poisoned extension gave attackers access to GitHub’s own source code, demonstrating that no organization is immune when developer tooling is compromised.

– Microsoft Disrupts Malware-Signing-as-a-Service Operation — Microsoft disrupted a malware-signing-as-a-service (MSaaS) operation run by a threat actor dubbed Fox Tempest, which weaponized the company’s Artifact Signing system to deliver malicious code and conduct ransomware attacks across thousands of machines globally. The operation represents an escalation in the commodification of cybercrime, where attackers sell code-signing services the way legitimate businesses sell SaaS subscriptions. Why it matters: Code signing is a cornerstone of software trust; this takedown reveals how attackers are industrializing trust abuse, and why organizations must verify signatures beyond mere presence.

📡 IoT

– Telia Launches Sovereign IoT Service in Sweden — Telia launched Telia IoT Connect, a sovereign IoT connectivity service where all connectivity and data remain fully managed within Sweden’s borders. The service addresses growing demand from government and critical infrastructure operators who require IoT deployments that comply with national data sovereignty regulations. Why it matters: Data sovereignty is becoming a hard requirement for IoT deployments in regulated sectors; Telia’s offering provides a template for how telecoms can differentiate on sovereignty rather than just price.

– AIoT Transforms Pharma Manufacturing at AUTOMA+ 2026 — The AUTOMA+ 2026 conference showcased how AI-enhanced IoT (AIoT) is moving pharmaceutical manufacturing beyond digital documentation into predictive quality control and real-time process optimization. Regulators and industry bodies are increasingly linking advanced manufacturing capabilities with stronger process control, higher yields, and faster batch releases. Why it matters: Pharma manufacturing, one of the most heavily regulated industrial sectors, is embracing AIoT — signaling that industrial AI has crossed the chasm from pilot programs to compliance-grade production systems.

– Software-Defined Automation: The End of the PLC Monolith — Siemens and other industrial automation leaders are advancing software-defined automation, decoupling control logic from proprietary PLC hardware and running it on virtualized, containerized infrastructure. This shift enables AI-driven optimization to integrate directly with factory control loops rather than sitting in a separate analytics layer. Why it matters: For decades, PLCs were the immutable foundation of industrial automation; software-defined control opens the door to continuous deployment, AI integration, and multi-vendor interoperability on the factory floor.

🔥 The Big Picture

This week’s stories converge on a single theme: the infrastructure that powers technology — whether AI agents, developer toolchains, or factory floors — is undergoing a fundamental re-architecture. Google, Microsoft, and industrial automation leaders are all racing to build the operating system for the agentic era, but the security stories reveal just how fragile that infrastructure remains.

The GitHub and CISA breaches are not isolated incidents. They are symptoms of a systemic problem: the software supply chain has become the primary attack surface, and even the organizations tasked with securing it are vulnerable. When a poisoned VS Code extension can compromise GitHub’s internal repositories, and a single contractor’s public repo can expose a federal cybersecurity agency’s cloud credentials, the old perimeter-based security model is demonstrably obsolete. The Microsoft MSaaS takedown further illustrates that attackers are industrializing trust abuse, selling code-signing services with the efficiency of a SaaS business.

For practitioners, the implications are clear. On the AI front, the window for gaining competitive advantage from agentic AI is narrowing rapidly — models like Gemini 3.5 Flash and tools like RAMPART are lowering both the cost of deployment and the risk of deployment. On the IoT front, sovereign connectivity and software-defined automation are reshaping what’s possible in regulated industries. But across every domain, supply chain security must move from an annual audit checkbox to a continuous, automated discipline. The tools exist. The question is whether organizations deploy them before the next TeamPCP or Fox Tempest finds their blind spot.

📖 Dive Deeper

– The AI Coding Agent Reckoning: Why Benchmarks Are Broken — Context on why raw benchmark scores for coding agents mislead more than they inform. – The Factory Finally Gets a Kernel: Software-Defined Automation — Deep dive into how virtual PLCs and software-defined control are rewriting industrial automation. – Lighthouse Attention: Making Quadratic Attention Practical Again — Research on training-time efficiency improvements that complement the deployment-time speed gains of models like Gemini 3.5 Flash.