Adobe has issued an emergency security update for a critical zero-day vulnerability in Acrobat Reader, while researchers continue to evaluate the offensive capabilities of new agentic AI models.

Key Points

• Adobe patched CVE-2026-34621, a critical prototype pollution vulnerability in Acrobat Reader that has been exploited in the wild since November 2025.
• The UK’s AI Security Institute tested Anthropic’s Claude Mythos and found it possesses advanced cybersecurity capabilities but cannot reliably execute autonomous attacks on hardened networks.
• GitGuardian reported a 34% increase in exposed secrets on GitHub in 2025, totaling over 28 million leaked credentials.
• NIST announced a shift to a risk-based model for the National Vulnerability Database, prioritizing the enrichment of only the most critical security vulnerabilities.
• Cisco researchers identified "MemoryTrap," a method to compromise Claude Code’s memory, allowing poisoned data to persist across sessions, users, and subagents.

Why it Matters

The rapid evolution of agentic AI and the increasing speed of exploit development are outpacing traditional security patching and governance frameworks. Organizations must now contend with new attack surfaces like poisoned AI memory and credential sprawl, necessitating more robust, automated security controls.