AI news roundup June 23 2026, dark navy and teal branded graphic with plus pattern

This week in AI was a study in contrast: open models keep getting cheaper and stronger, while the security bill for the agent era keeps coming due. Here is the roundup that matters for DevOps, security, and platform teams, with why each story should be on your radar and where to read more.

MiniMax M2.5 pushes open models near the frontier

MiniMax released M2.5, an open model posting roughly 80 percent on SWE-Bench Verified and strong agentic tool-use scores, while costing a tiny fraction of the premium closed tier. The company says it now runs about a dollar per hour of continuous inference, and that 30 percent of its own internal tasks are completed autonomously by the model.

Why it matters: The cost curve for agentic workloads just bent again. When a capable coding-and-agent model is this cheap to run continuously, always-on use cases like background test generation, log triage, and code review stop being budget conversations. Open weights also mean you can self-host for sensitive workloads. Source: VentureBeat.

The Orchid Campaign compromises 100,000+ GitHub repos

A highly automated supply-chain attack dubbed the Orchid Campaign has compromised more than 100,000 GitHub repositories this month. Attackers clone legitimate lower-popularity projects and inject heavily obfuscated malware, betting that developers and their AI assistants will pull the poisoned copies.

Why it matters: This is the software supply chain hitting AI-assisted development directly. If your agents or developers clone and execute repos by name, you need provenance checks, pinned dependencies, and scanning in the pipeline. Treat any repo your tooling auto-fetches as untrusted until verified. Source: Cyber Desserts.

Microsoft ships Agent 365 SDK and execution containers

At Build 2026, Microsoft moved its enterprise agent stack to general availability. The Agent 365 SDK adds observability, access controls, and compliance enforcement, while the new Microsoft Execution Containers SDK lets Windows and Agent 365 enforce policy-based guardrails on what an agent is actually allowed to do.

Why it matters: Governance tooling for agents is catching up to the hype. If you are piloting agents in an enterprise, sandboxed execution with policy controls is becoming the table-stakes pattern, not a nice-to-have. Source: Microsoft Security Blog.

Anthropic’s Project Glasswing finds 10,000+ critical bugs

Anthropic reported that its Project Glasswing, an automated vulnerability-hunting effort, surfaced more than 10,000 high or critical severity vulnerabilities across systemically important software in its first month, with scans of 1,000-plus open-source projects flagging thousands more estimated high-risk bugs.

Why it matters: AI is now a serious offensive and defensive security tool at scale. The same capability that finds bugs for defenders is available to attackers, which compresses the window between disclosure and exploitation. Patch velocity and SBOM hygiene matter more than ever. Source: LLM Stats.

Gartner projects agent software spending to hit 206 billion dollars

A new Gartner forecast projects AI agent software spending will reach about 206.5 billion dollars in 2026, up 139 percent from 86.4 billion dollars in 2025. The growth is concentrated in orchestration, governance, and the action layers that let agents safely touch production systems.

Why it matters: Budgets are shifting from model access to the plumbing around agents. For platform teams, that is a signal to invest now in the orchestration and guardrail skills that this spending wave is funding. Source: LLM Stats.

Arcade raises 60 million dollars for a secure agent action layer

Arcade closed a 60 million dollar Series A to build its secure action layer for governing how autonomous agents execute in production. The round underlines a clear theme: the money is moving toward controlling agent behavior, not just generating it.

Why it matters: The market is validating what practitioners already know. The hard part of agentic AI is not the demo, it is safe execution with permissions, audit, and rollback. Expect more tooling in this category, and evaluate it before you give agents write access. Source: Cyber Desserts.

The throughline

Two trends are converging. Capable agents are getting cheap enough to run everywhere, and the security and governance layer is racing to keep up. If you are advancing a career in DevOps or security, the practical move is to get hands-on with both sides: build agent workflows, and learn to lock them down. Our courses and the CompTIA Security+ Cert Coach are built to get you there. We will be back with another roundup soon.