AI Agent Chained Two Old Exploits Into a Web Server Kill Switch

OpenAI's Codex agent independently combined two decade-old HTTP/2 attack techniques into a single exploit that can crash nginx, Apache, IIS, and Envoy from a single home internet connection in under 20 seconds.

Why it matters: The agent didn't discover a zero-day. It read codebases, recognized that two known vulnerabilities compose, and built the combined attack — something apparently no human had done against these four servers despite both techniques being public for ten years. That's the capability jump worth tracking: AI agents surfacing novel risk from documented, public inputs.

The GTM angle: Any rev ops team running self-hosted web services or ingesting webhook traffic from customers should audit their HTTP/2 configs this week. Nginx has a patch (v1.29.8). Apache has a patch. Microsoft IIS and Cloudflare Pingora do not, as of Thursday.

• A single machine on a 100Mbps connection can hold 32GB of Apache or Envoy memory in roughly 20 seconds. The attack is called HTTP/2 Bomb, full technical details drop at Real World AI Security later this month.
• Proof-of-concept scripts are already on GitHub. If you're running HTTP/2 and can't patch immediately, cap max headers per request as a stopgap.

Go deeper: https://www.theregister.com/security/2026/06/04/openais-codex-chains-decade-old-dos-techniques-into-http/2-bomb/5251377

Anthropic Open-Sources Its Autonomous Vulnerability Scanning Harness

Anthropic published its internal reference pipeline for AI-driven vulnerability discovery: a full recon-to-patch harness built on Claude Code, with skills for threat modeling, scanning, triage, and patch generation.

Why it matters: This isn't a blog post about AI security. It's the actual harness Anthropic's security team built, open-sourced with the Claude Code skills attached. You can run it today on your own codebase. The repo includes the sandbox configuration, prompts, and the "day one to week two" ramp plan they used with external security teams.

The GTM angle: RevOps and sales engineering teams running custom code that touches customer data — CRM integrations, outbound tooling, data enrichment pipelines — now have a practical, low-cost path to automated security review before a breach creates a compliance event.

• The harness is configured for C/C++ memory vulnerabilities out of the box. Running /customize in Claude Code adapts it to your language and vuln class. Requires gVisor sandboxing for the autonomous pipeline.
• Claude Security, a hosted version with managed multi-project scanning, is available separately for teams that don't want to self-host.

Go deeper: https://github.com/anthropics/defending-code-reference-harness

Poke Becomes the First AI Agent Approved for Apple Messages for Business

Poke, an AI agent that runs over SMS, is now approved by Apple to operate on the Messages for Business platform — making it the first standalone AI agent on iMessage.

Why it matters: Until now, Messages for Business was locked to brand-owned customer service integrations (airlines, retailers, hotels). Apple opening it to third-party AI agents, even selectively, sets a precedent for what becomes a distribution channel. The approval process took months and required demonstrating live human support capability, clear AI disclosure, and compliance with Apple's UI guidelines.

The GTM angle: The per-user toll model Apple is charging (reportedly lower than Meta's post-EU-regulation WhatsApp fees) tells you how Apple plans to monetize AI agents at scale. If you're building or buying AI-driven customer communication tools, iMessage is now a viable enterprise channel to spec into your roadmap.

• Poke has relayed 100 million messages since its March launch. It currently serves daily planning, calendar, health, smart home, and photo editing via text.
• Apple's WWDC starts Monday. Poke's co-founder says he has no visibility into what Apple plans to announce about agents at the conference.

Go deeper: https://techcrunch.com/2026/06/04/apple-approves-poke-as-the-first-ai-agent-on-its-messages-for-business-platform/

Lovable Signs 5x Cloud Expansion With Google, Gets Deeper Claude Access

Lovable, the Stockholm vibe-coding startup that hit $400M ARR in February with 146 employees, signed a multiyear deal to expand its Google Cloud footprint fivefold and gain expanded access to both Claude and Gemini.

Why it matters: This deal is upstream infrastructure for a tool that more than half of Fortune 500 companies reportedly use. The Anthropic angle is specific: Google invested $10B in Anthropic and promised another $30B contingent on performance targets. Lovable's scaled Claude usage counts toward those targets. The incentive structure is now pointing all three companies toward more Claude throughput.

The GTM angle: Lovable agents will be available through Google Cloud's enterprise marketplace (Gemini Enterprise Agent Gallery), with integrated Wiz security scanning on AI-generated code. For enterprise procurement teams evaluating AI-native dev tools, that's a significantly lower friction buying path than a direct vendor contract.

• The deal plugs Lovable into Wiz — Google's $32B acquisition — for real-time security remediation on human- and agent-generated code.
• Google plans $180-190B in capex this year and is selling $85B in equity to fund it. Deals like this are how the cloud revenue keeps pace.

Go deeper: https://techcrunch.com/2026/06/03/lovable-signs-multi-year-deal-with-google-cloud-to-up-usage-5x-source-says/