Cybersecurity's AI Arms Race
· The Fluency Briefing
The Fluency Briefing
Your Guide to What's Happening in AI and Why It Matters to You
Tuesday, May 12, 2026
Three stories dropped on Tuesday that, taken together, reveal the same uncomfortable truth: AI is simultaneously becoming your best defender and your worst vulnerability. OpenAI launched a cybersecurity initiative to patch software flaws faster, while a security researcher warned that AI can weaponize those same patches in under 30 minutes. Meanwhile, chatbots are getting better at not hurting people in crisis conversations - but still can't pick up on the subtle cues that matter most. The pattern?
AI keeps outrunning the guardrails we build for it.
Today in AI:
- Your Next Customer Service Call Is Already an AI - AI voice startup Vapi hit a $500 million valuation after Amazon Ring routed 100% of its inbound calls through Vapi's platform, beating out 40 competitors. The company has now handled over 1 billion calls total. TechCrunch
- The 90-Day Security Window Just Shattered - Security researcher Himanshu Anand argues that AI-powered bug-hunting tools have made the industry-standard 90-day vulnerability disclosure period obsolete. Recent Linux exploits went public just over a week after discovery, with AI turning patches into weapons in about 30 minutes. Tom's Hardware
- OpenAI Plays Both Sides of the Cyber Chess Board - OpenAI launched Daybreak, a cybersecurity initiative pairing its frontier models with Codex Security to help developers find and patch vulnerabilities faster. The timing is notable given how quickly AI is also being used to exploit those same flaws. MarkTechPost
- Chatbots Pass the Easy Test, Flunk the Hard One - A new clinician-led benchmark from Seattle startup Mpathic found that major AI chatbots handle explicit suicide risk reasonably well but miss subtle mental health cues, especially around eating disorders. Claude Sonnet 4.5 scored highest overall. GeekWire
- Mira Murati's Startup Wants AI That Can Interrupt You - Thinking Machines Lab announced "interaction models" that process your input and generate responses simultaneously, achieving 0.40-second response times. It's a research preview for now, but the idea of full-duplex AI conversation is genuinely new. TechCrunch
- AI Spending Is Way Higher Than You Think - Goldman Sachs says headline AI investment figures are understating reality. Beyond the $700 billion in data center capex expected this year, an equivalent amount is going to intangible costs like workflow reorganization - spending that doesn't show up as investment on balance sheets. Semafor
- College Might Need the OnlyFans Model - A New Yorker piece argues that generic, bureaucratic universities are deeply vulnerable to AI disruption. One professor's theory: students will increasingly demand unique, irreplaceable experiences that AI can't replicate, pushing higher education toward creator-economy dynamics. The New Yorker
- Conspiracy Theorists Found a New Favorite Tool - People are building AI-powered interfaces to navigate the 3 million+ Epstein documents released by the DOJ. Some platforms masquerade as neutral research tools but are designed to amplify conspiracy narratives - a phenomenon one scholar calls "platform conspiracism." Fast Company
Today's Takeaway:
Here's the thing about Tuesday's cybersecurity news: OpenAI and a security researcher essentially told the same story from opposite sides of the mirror. OpenAI launched Daybreak to help defenders find and patch vulnerabilities faster using AI. Meanwhile, Himanshu Anand's research, detailed on his blog, shows attackers are already using those same AI capabilities to reverse-engineer patches and create exploits within 30 minutes of disclosure. The old 90-day disclosure window assumed humans on both sides. That assumption is gone. According to Tom's Hardware, recent Linux kernel vulnerabilities went public barely a week after discovery because the white-hat researchers knew AI-assisted attackers would find them anyway.
Through a competitive lens, this is an arms race where offense and defense are using identical weapons. OpenAI's Daybreak initiative, covered by The Verge and MarkTechPost, is the right move, but it reveals something uncomfortable: the company building the tools that could accelerate attacks now has to build the tools that stop them. Anand's practical advice - integrate LLMs into your code deployment and dependency-checking pipelines - isn't aspirational. It's survival. If you're a developer or run a team that ships code, the window between "vulnerability discovered" and "vulnerability exploited" just collapsed from months to minutes. Your patching speed is now your security posture.
💡 Fluency Moment - Building your AI fluency, one term at a time.
"Transfer Learning"
In plain English: When an AI trained on one task reuses that knowledge to quickly master a new task.
Think of it like: A chess champion learning checkers faster than a beginner because the strategy skills already exist.
Why you'll hear about it: AI tools rapidly weaponizing security patches rely on transfer learning to adapt knowledge instantly.
🧰 Your Toolkit
- Your AI Security Checklist: Staying Safe in a World Where AI Moves Fast - [ ] Update your apps and software today - AI tools can now find and exploit weak spots within 30 minutes of a patch being released.
- Turn on automatic updates on your phone and computer so security fixes install without you having to remember.
- Change any password you haven't updated in 6+ months - start with your email, bank, and any AI tools you use regularly.
- Check if your email appears in a data breach by visiting HaveIBeenPwned.com and typing in your email address.
- Turn on two-step login (also called two-factor authentication) for your most important accounts - it's usually in Settings > Security.
- Before clicking any link in an email or text, pause and ask yourself: 'Did I expect this message?' AI can now write very convincing fake messages.
- Ask ChatGPT: 'Explain the latest common online scams in simple terms so I can recognize them' - then share what you learn with family.
Cybersecurity used to move slowly, but AI has changed that - staying one step ahead is now as simple as keeping things updated and staying curious. Small habits done consistently are your best defense.
The Bottom Line
The Pattern: Every major story today - cybersecurity, mental health safety, voice AI, hidden spending - tells the same tale: AI capabilities are accelerating past the frameworks we built to manage them. The 90-day disclosure window, the assumption that chatbots won't encounter people in crisis, the idea that AI spending shows up neatly on a balance sheet - all of these were built for a slower world.
Why It Matters: This isn't abstract. If you run a business, your security assumptions are probably outdated. If you're a parent, the chatbot your teenager talks to handles obvious distress but misses the subtle kind. If you're budgeting for AI, you're almost certainly undercounting what you're actually spending. The gap between what AI can do and what our systems expect it to do is widening, not narrowing.
Your Move: Pick one assumption your business or team is making about AI - security response times, chatbot safety, actual AI costs - and pressure-test it this week. The rulebook you're using was written for last year's capabilities.
What We're Working On
✨ Founding Cohort Special - 60% Off! - Use code MAF20 to join for just $20/month (regularly $50). Get weekly group sessions & workshops, self-paced courses for all levels, access to tools & templates, challenges with peer feedback, and 24/7 support community. → Join Now
✨ Free 30-Minute AI Consultation - Discover how My AI Fluency can help your business unlock the potential of AI. We'll discuss your goals, explore practical AI opportunities for your industry, and outline clear next steps. → Schedule Free Call
✨ How AI-Fluent Are You? - Test your AI fluency with our interactive quiz. See how you stack up and discover what to learn next. → Take the Quiz
💬 Community | 📞 Book a Consultation | 🌐 Website
Fluently yours, The My AI Fluency Team