What operators should check this week.
PAI Watch joins the public AI record with known exploited vulnerabilities, vendor changes, model and tool releases, incidents, and evidence-backed operator signals.
The first six checks.
These are not recommendations to panic. They are the records and exploited items most likely to change an operator conversation this week.
FedRAMP workspace functionality degradation
Multiple features in FedRAMP workspaces are experiencing issues: Codex, workspace analytics, conversation search, custom GPT search, ChatGPT user invites, and Compliance Logs Platform download endpoint. Core functionality has been restored but known ongoing issues remain under investigation.
CVE-2026-45659: Microsoft SharePoint Server
Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
Project status change failures in multiple regions
Compute capacity degradation affecting project restart and resize operations across 16 regions since June 30. Error rates are trending down with improved availability for smaller compute sizes. Upgrading to Postgres 17.6.1.121 or higher provides access to additional machine types.
CVE-2026-48558: SimpleHelp SimpleHelp
SimpleHelp Authentication Bypass Vulnerability
CVE-2026-12569: PTC Windchill and FlexPLM
PTC Windchill and FlexPLM Improper Input Validation Vulnerability
CVE-2026-20230: Cisco Unified Communications Manager
Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability
Incidents and outages
Service failures, degraded AI systems, and operational events with a source trail.
FedRAMP workspace functionality degradation
Multiple features in FedRAMP workspaces are experiencing issues: Codex, workspace analytics, conversation search, custom GPT search, ChatGPT user invites, and Compliance Logs Platform download endpoint. Core functionality has been restored but known ongoing issues remain under investigation.
Project status change failures in multiple regions
Compute capacity degradation affecting project restart and resize operations across 16 regions since June 30. Error rates are trending down with improved availability for smaller compute sizes. Upgrading to Postgres 17.6.1.121 or higher provides access to additional machine types.
IDE plugin supply-chain key theft pattern
Malicious IDE plugins exfiltrating API keys highlight a toolchain gap in MSP and enterprise AI security reviews.
Autonomous agent bankruptcy — DN42 operator cost overrun
Forensic record of an autonomous agent deployment that exhausted operator funds when spend governance and circuit breakers were absent.
Network latency and packet loss in India (Delhi, Chennai, Mumbai)
A fire at a third-party data center facility in Delhi caused emergency power shutdown of networking equipment, isolating a Point of Presence and reducing network capacity. Hybrid Connectivity, VPC, and Media CDN customers experienced intermittent latency spikes and packet loss from June 5 to June 26, 2026. Service was restored after capacity augmentation and rerouting.
OpenAI multi-service outage (2026-05-29)
Production AI Institute incident record tracking a multi-service outage affecting OpenAI API consumers on 2026-05-29. See referenced sources for the official status timeline; PSF impact is mapped to provider fallback and observability domains.
OpenAI Multi-Service Outage (ChatGPT, Login, Access)
On 29 May 2026 OpenAI's public status history recorded four separate incidents the same day affecting ChatGPT conversations, login and account creation, ChatGPT access, and business subscription checkout. Teams routing production workloads through a single OpenAI dependency experienced correlated f…
Binnall Law Claude Console Phantom Citations in Federal Court
Federal counsel used Anthropic Claude Console to draft a May 2026 motion that included quotations not found in the cited cases. The firm apologised to the court and committed to citation verification via established legal research platforms.
Known exploited vulnerabilities
CISA KEV items that intersect AI delivery, remote access, managed environments, or operator security.
CVE-2026-45659: Microsoft SharePoint Server
Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
CVE-2026-48558: SimpleHelp SimpleHelp
SimpleHelp Authentication Bypass Vulnerability
CVE-2026-12569: PTC Windchill and FlexPLM
PTC Windchill and FlexPLM Improper Input Validation Vulnerability
CVE-2026-20230: Cisco Unified Communications Manager
Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability
CVE-2025-67038: Lantronix EDS5000
Lantronix EDS5000 Code Injection Vulnerability
CVE-2026-34910: Ubiquiti UniFi OS
Ubiquiti UniFi OS Improper Input Validation Vulnerability
CVE-2026-34909: Ubiquiti UniFi OS
Ubiquiti UniFi OS Path Traversal Vulnerability
CVE-2026-34908: Ubiquiti UniFi OS
Ubiquiti UniFi OS Improper Access Control Vulnerability
Vendor and policy changes
Data-use disclosures, source changes, and policy records that can alter client obligations.
July 2026 Policy Change Watch edition
Monthly AI Data Use Index review: Cursor agent permissions documentation and GitHub Copilot policy pages checked; no material training-use reversals; permissions.json schema now on the public record.
TensorZero repository archived after seed funding
TensorZero archived its public GitHub repository days after announcing seed funding, surfacing vendor-supply-chain risk for teams that pinned production dependencies on the OSS stack.
Adobe Firefly — AI data-use disclosure
No customer-content training. Adobe says Firefly does not train on customer data and that Firefly uses commercially safe datasets such as licensed content and public-domain material.
Canva — AI data-use disclosure
Depends on privacy settings. Canva says privacy settings control whether general usage data and User Content can improve AI-powered features, and that Canva Education User Content is not used for AI training.
ChatGPT — AI data-use disclosure
User-controlled. OpenAI says ChatGPT conversations may be used to improve models unless the user turns off model improvement in Data Controls.
Cursor — AI data-use disclosure
Depends on Privacy Mode. Cursor says code is not used for training when Privacy Mode is enabled; when Privacy Mode is off, Cursor may use stored codebase data, prompts, editor actions, and snippets to improve AI features and train models.
GitHub Copilot — AI data-use disclosure
No training by default. GitHub says that by default it, its affiliates, and third parties do not use individual-subscriber Copilot data, including prompts, suggestions, and code snippets, for AI model training.
Microsoft 365 Copilot — AI data-use disclosure
Not used to train foundation models. Microsoft says files, communications, prompts, responses, and Microsoft Graph data used with Microsoft 365 Copilot are not used to train foundation models.
Models, Lab, and evaluation
Model releases, Lab scorecards, Compass results, and production-readiness assessments.
No source-backed item in this lane.
The lane remains visible so absence is explicit rather than hidden.
Record method and source trail
Records that explain how the public memory layer is being strengthened.
No source-backed item in this lane.
The lane remains visible so absence is explicit rather than hidden.
Turn the watch board into an AI risk brief.
The risk brief is generated from the same records. It preserves the PAI source trail and converts operator signals into questions a team can use in an internal note, client update, board pack, or vendor review.
Tell us what to keep current.
Save a watch for vendors, tools, controls, vulnerabilities, or operating questions. The public record stays open. The saved watch tells us what should become an alert, brief, or evidence workflow for you.