Daily Digest

AI, ISO & Cyber News — 9 July 2026

·15 stories

AI coding tools take center stage today — for the wrong reasons: researchers showed six popular assistants can be hijacked through booby-trapped repositories, and separate work demonstrated security-scanning agents running the very code they were meant to catch. Meanwhile Meta opened its coding model to developers, Outseer certified its AI management system against ISO 42001, and the EDPB opened a consultation that could standardize how breach notifications are written across the EU. Each story below is summarized in our own words with a link to the original reporting.

AI

Meta opens Muse Spark 1.1 to developers for AI coding

Meta is opening its models to developers with Muse Spark 1.1, which can plug into AI coding software through the new Meta Model API, The Verge reports. Meta calls the release a step-change from the first-generation Muse Spark model it introduced in April.

Source: The Verge

Anthropic launches 'Claude Wrapped'-style usage recaps

Anthropic announced a reflect feature for its Claude chatbot that lets users see an analysis of their usage, The Verge reports — bringing the Spotify Wrapped-style year-in-review trend, already adopted by apps from YouTube to Uber, to AI.

Source: The Verge

OpenAI overhauls ChatGPT voice mode to interrupt less

OpenAI is overhauling ChatGPT's voice mode with a new model, GPT-Live-1, designed to interrupt users less and to wait when a speaker pauses mid-conversation, The Verge reports. The company says the experience is more like talking to another person.

Source: The Verge

ISO Standards

Outseer certifies its AI management system against ISO/IEC 42001

Fraud-prevention firm Outseer has achieved ISO/IEC 42001 certification, positioning the credential as reinforcing trusted AI in fraud and scam prevention, per Yahoo Finance. ISO 42001 certification signals an independently audited management system for how an organization governs its AI.

Source: Yahoo Finance

Globalgig achieves ISO/IEC 27001 certification

Connectivity provider Globalgig has achieved ISO/IEC 27001 certification, per Yahoo Finance. Certification against the standard indicates an independently audited information security management system.

Source: Yahoo Finance

IT Governance

The case for a 'continuity infrastructure' layer in enterprise architecture

A HackerNoon analysis argues that a continuity infrastructure layer is the missing AI layer in enterprise architecture — a question architecture teams increasingly face as AI systems become load-bearing parts of the enterprise stack.

Source: HackerNoon

Cybersecurity

GhostApproval symlink flaws hit six AI coding assistants

Researchers at Wiz found that symlink flaws in six popular AI coding assistants let a booby-trapped code project quietly take control of a developer's computer, The Hacker News reports. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead.

Source: The Hacker News

'Friendly Fire': security-scanning AI agents tricked into running malicious code

A proof-of-concept published by the AI Now Institute, dubbed Friendly Fire, shows that AI coding agents asked to scan open-source code for security holes can be tricked into running the attacker's code on the analyst's own machine, The Hacker News reports.

Source: The Hacker News

Microsoft patches RoguePlanet privilege-escalation flaw in Defender

Microsoft released security updates for RoguePlanet, a Defender vulnerability tracked as CVE-2026-50656 with a CVSS score of 7.8, nearly a month after details became public, The Hacker News reports. The flaw is a privilege-escalation issue in the Microsoft Malware Protection Engine.

Source: The Hacker News

GodDamn ransomware uses a kernel driver to switch off endpoint defenses

A new ransomware family called GodDamn employs the PoisonX kernel driver to neutralize security software as part of its defense evasion strategy, according to a report from Symantec's Threat Hunter Team covered by The Hacker News.

Source: The Hacker News

Privacy

EDPB consults on a new personal data breach notification template

The European Data Protection Board has opened a public consultation on a new personal data breach notification template, per Hunton Andrews Kurth. A common template would touch one of the most operational corners of GDPR compliance: how organizations notify regulators after a breach.

Source: Hunton Andrews Kurth LLP

Harmonising NIS2 and GDPR incident reporting: content, not process

A Ropes & Gray analysis examines the NIS2 and GDPR reporting templates, describing the EU approach as harmonising the content of incident reports rather than the reporting processes themselves — relevant to any organization that must notify under both regimes.

Source: Ropes & Gray LLP

Meta's Muse Image can use public Instagram photos by default

Meta's new Muse Image model lets people use public Instagram posts and reels to generate AI content, and the capability is enabled by default, The Hacker News reports. Users can also @-mention Instagram accounts in the Meta AI app to bring specific profiles into generated images.

Source: The Hacker News

Quality

DOST-FPRDI comes through its ISO 9001:2015 surveillance audit

The Philippines' DOST-FPRDI performed strongly in its latest ISO 9001:2015 surveillance audit, The Manila Times reports. Surveillance audits are the annual check-ins of the three-year certification cycle, verifying that a quality management system keeps operating between certifications.

Source: The Manila Times

The AI trust gap: no scaling without quality management

A Yahoo Tech piece argues there is no scaling AI without quality management — framing an AI trust gap that organizations must close with the same discipline quality teams apply elsewhere.

Source: Yahoo Tech

Frequently Asked Questions

How can an AI coding assistant be attacked through a repository?

The GhostApproval research shows one route: a malicious project uses symlink tricks so that when the assistant asks permission to edit a harmless-looking file, the write actually lands on a sensitive one. The lesson is to treat repository content as untrusted input to the agent, not just to the human reading it.

What is an ISO 9001 surveillance audit?

It is the annual check-in within the three-year certification cycle. A certification body samples the quality management system — internal audits, corrective actions, management review — to confirm it keeps operating between the initial certification and recertification audits.

Why does the EDPB's breach notification template matter?

Under GDPR, organizations must notify regulators of personal data breaches, typically within 72 hours. A common EU-wide template would standardize what that notification contains, simplifying compliance for organizations operating across multiple member states.

Explore Courses on Udemy

Intermediate

Human-Centered AI (HCAI)

Intermediate

Implement GenAI Governance Step by Step

Intermediate

Risks and Cybersecurity in Generative AI

Intermediate

Securing GenAI Systems

Intermediate

ISO/IEC 42001: Artificial Intelligence Management System

Intermediate

Implement ISO 42001 Step by Step With Templates

Intermediate

OWASP Top 10 for LLM Applications – 2025 Edition

Intermediate

Information Security Incident Management Step by Step

Intermediate

Implement Vulnerability Management Step by Step

Intermediate

Agile Enterprise Architecture

Intermediate

Implement Enterprise Architecture Step by Step

Intermediate

Implement GDPR Step by Step with Templates

Intermediate

ISO 9001:2015 Internal Audit Step by Step

Advanced

ISO 9001:2015 Lead Auditor

Intermediate

Implement NIS2 Step by Step

Intermediate

ISO 27001 Certification Process — A Step-by-Step Guide

Intermediate

ISO 27001:2022 Implementation Step by Step with Templates

Summaries are written by Standarity from publicly reported news; each item links to its original source. Facts belong to the linked publishers. Something off? Let us know.