AI coding tools take center stage today — for the wrong reasons: researchers showed six popular assistants can be hijacked through booby-trapped repositories, and separate work demonstrated security-scanning agents running the very code they were meant to catch. Meanwhile Meta opened its coding model to developers, Outseer certified its AI management system against ISO 42001, and the EDPB opened a consultation that could standardize how breach notifications are written across the EU. Each story below is summarized in our own words with a link to the original reporting.
AI, ISO & Cyber News — 9 July 2026
AI
Meta opens Muse Spark 1.1 to developers for AI coding
Meta is opening its models to developers with Muse Spark 1.1, which can plug into AI coding software through the new Meta Model API, The Verge reports. Meta calls the release a step-change from the first-generation Muse Spark model it introduced in April.
Source: The Verge →Anthropic launches 'Claude Wrapped'-style usage recaps
Anthropic announced a reflect feature for its Claude chatbot that lets users see an analysis of their usage, The Verge reports — bringing the Spotify Wrapped-style year-in-review trend, already adopted by apps from YouTube to Uber, to AI.
Source: The Verge →OpenAI overhauls ChatGPT voice mode to interrupt less
OpenAI is overhauling ChatGPT's voice mode with a new model, GPT-Live-1, designed to interrupt users less and to wait when a speaker pauses mid-conversation, The Verge reports. The company says the experience is more like talking to another person.
Source: The Verge →ISO Standards
Outseer certifies its AI management system against ISO/IEC 42001
Fraud-prevention firm Outseer has achieved ISO/IEC 42001 certification, positioning the credential as reinforcing trusted AI in fraud and scam prevention, per Yahoo Finance. ISO 42001 certification signals an independently audited management system for how an organization governs its AI.
Source: Yahoo Finance →Globalgig achieves ISO/IEC 27001 certification
Connectivity provider Globalgig has achieved ISO/IEC 27001 certification, per Yahoo Finance. Certification against the standard indicates an independently audited information security management system.
Source: Yahoo Finance →IT Governance
The case for a 'continuity infrastructure' layer in enterprise architecture
A HackerNoon analysis argues that a continuity infrastructure layer is the missing AI layer in enterprise architecture — a question architecture teams increasingly face as AI systems become load-bearing parts of the enterprise stack.
Source: HackerNoon →Cybersecurity
GhostApproval symlink flaws hit six AI coding assistants
Researchers at Wiz found that symlink flaws in six popular AI coding assistants let a booby-trapped code project quietly take control of a developer's computer, The Hacker News reports. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead.
Source: The Hacker News →'Friendly Fire': security-scanning AI agents tricked into running malicious code
A proof-of-concept published by the AI Now Institute, dubbed Friendly Fire, shows that AI coding agents asked to scan open-source code for security holes can be tricked into running the attacker's code on the analyst's own machine, The Hacker News reports.
Source: The Hacker News →Microsoft patches RoguePlanet privilege-escalation flaw in Defender
Microsoft released security updates for RoguePlanet, a Defender vulnerability tracked as CVE-2026-50656 with a CVSS score of 7.8, nearly a month after details became public, The Hacker News reports. The flaw is a privilege-escalation issue in the Microsoft Malware Protection Engine.
Source: The Hacker News →GodDamn ransomware uses a kernel driver to switch off endpoint defenses
A new ransomware family called GodDamn employs the PoisonX kernel driver to neutralize security software as part of its defense evasion strategy, according to a report from Symantec's Threat Hunter Team covered by The Hacker News.
Source: The Hacker News →Privacy
EDPB consults on a new personal data breach notification template
The European Data Protection Board has opened a public consultation on a new personal data breach notification template, per Hunton Andrews Kurth. A common template would touch one of the most operational corners of GDPR compliance: how organizations notify regulators after a breach.
Source: Hunton Andrews Kurth LLP →Harmonising NIS2 and GDPR incident reporting: content, not process
A Ropes & Gray analysis examines the NIS2 and GDPR reporting templates, describing the EU approach as harmonising the content of incident reports rather than the reporting processes themselves — relevant to any organization that must notify under both regimes.
Source: Ropes & Gray LLP →Meta's Muse Image can use public Instagram photos by default
Meta's new Muse Image model lets people use public Instagram posts and reels to generate AI content, and the capability is enabled by default, The Hacker News reports. Users can also @-mention Instagram accounts in the Meta AI app to bring specific profiles into generated images.
Source: The Hacker News →Quality
DOST-FPRDI comes through its ISO 9001:2015 surveillance audit
The Philippines' DOST-FPRDI performed strongly in its latest ISO 9001:2015 surveillance audit, The Manila Times reports. Surveillance audits are the annual check-ins of the three-year certification cycle, verifying that a quality management system keeps operating between certifications.
Source: The Manila Times →The AI trust gap: no scaling without quality management
A Yahoo Tech piece argues there is no scaling AI without quality management — framing an AI trust gap that organizations must close with the same discipline quality teams apply elsewhere.
Source: Yahoo Tech →Frequently Asked Questions
How can an AI coding assistant be attacked through a repository?
The GhostApproval research shows one route: a malicious project uses symlink tricks so that when the assistant asks permission to edit a harmless-looking file, the write actually lands on a sensitive one. The lesson is to treat repository content as untrusted input to the agent, not just to the human reading it.
What is an ISO 9001 surveillance audit?
It is the annual check-in within the three-year certification cycle. A certification body samples the quality management system — internal audits, corrective actions, management review — to confirm it keeps operating between the initial certification and recertification audits.
Why does the EDPB's breach notification template matter?
Under GDPR, organizations must notify regulators of personal data breaches, typically within 72 hours. A common EU-wide template would standardize what that notification contains, simplifying compliance for organizations operating across multiple member states.
Explore Courses on Udemy
Summaries are written by Standarity from publicly reported news; each item links to its original source. Facts belong to the linked publishers. Something off? Let us know.